Which of the following represents HTTP traffic events that can be used to identify potential Botnets?
A. Traffic from users that browse to IP addresses instead of fully-qualified domain names, downloading W32.Welchia.Worm from a Windows share, traffic to domains that have been registered in the last 30 days, downloading executable files from unknown URL's
B. Traffic from users that browse to IP addresses instead of fully-qualified domain names, traffic to domains that have been registered in the last 60 days, downloading executable files from unknown URL's
C. Traffic from users that browse to IP addresses instead of fully-qualified domain names, traffic to domains that have been registered in the last 60 days, downloading executable files from unknown URL's, IRC-based Command and Control traffic
D. Traffic from users that browse to IP addresses instead of fully-qualified domain names, traffic to domains that have been registered in the last 30 days.
Which of the following are accurate statements describing the HA3 link in an Active-Active HA deployment?
A. HA3 is used for session synchronization
B. The HA3 link is used to transfer Layer 7 information
C. HA3 is used to handle asymmetric routing
D. HA3 is the control link
A "Continue" action can be configured on the following Security Profiles:
A. URL Filtering, File Blocking, and Data Filtering
B. URL Filteringn
C. URL Filtering and Antivirus
D. URL Filtering and File Blocking
When configuring a Decryption Policy rule, which option allows a firewall administrator to control SSHv2 tunneling in policies by specifying the SSHtunnel AppID?
A. SSH Proxy
B. SSL Forward Proxy
C. SSL Inbound Inspection
D. SSL Reverse Proxy
To allow the PAN device to resolve internal and external DNS host names for reporting and for security policies, an administrator can do the following:
A. Create a DNS Proxy Object with a default DNS Server for external resolution and a DNS server for internal domain. Then, in the device settings, point to this proxy object for DNS resolution.
B. In the device settings define internal hosts via a static list.
C. In the device settings set the Primary DNS server to an external server and the secondary to an internal server.
D. Create a DNS Proxy Object with a default DNS Server for external resolution and a DNS server for internal domain. Then, in the device settings, select the proxy object as the Primary DNS and create a custom security rule which references that object for
Which two file types can be sent to WildFire for analysis if a firewall has only a standard subscription service? (Choosetwo.)
A. .jar
B. .exe
C. .dll
D. .pdf
Which type of content update does NOT have to be scheduled for download on the firewall?
A. dynamic update threat signatures
B. dynamic update antivirus signatures
C. WildFire antivirus signatures
D. PAN-DB updates
The "Drive-By Download" protection feature, under File Blocking profiles in Content-ID, provides:
A. Increased speed on downloads of file types that are explicitly enabled.
B. The ability to use Authentication Profiles, in order to protect against unwanted downloads.
C. Password-protected access to specific file downloads for authorized users.
D. Protection against unwanted downloads by showing the user a response page indicating that a file is going to be downloaded.
What happens at the point of Threat Prevention license expiration?
A. Threat Prevention no longer updated; existing database still effective
B. Threat Prevention is no longer used; applicable traffic is allowed
C. Threat Prevention no longer used; applicable traffic is blocked
D. Threat Prevention no longer used; traffic is allowed or blocked by configuration per Security Rule
Which fields can be altered in the default Vulnerability Protection Profile?
A. Category
B. Severity
C. None
