An administrator wants to create a NAT policy to allow multiple source IP addresses to be translated to the same public IP address. What is the most appropriate NAT policy to achieve this?
A. Dynamic IP and Port
B. Dynamic IP
C. Static IP
D. Destination
Complete the statement. A security profile can block or allow traffic____________
A. on unknown-tcp or unknown-udp traffic
B. after it is matched by a security policy that allows traffic
C. before it is matched by a security policy
D. after it is matched by a security policy that allows or blocks traffic
Which file is used to save the running configuration with a Palo Alto Networks firewall?
A. running-config.xml
B. run-config.xml
C. running-configuration.xml
D. run-configuratin.xml
What are the two main reasons a custom application is created? (Choose two.)
A. To change the default categorization of an application
B. To visually group similar applications
C. To correctly identify an internal application in the traffic log
D. To reduce unidentified traffic on a network
Which built-in IP address EDL would be useful for preventing traffic from IP addresses that are verified as unsafe based on WildFire analysis Unit 42 research and data gathered from telemetry?
A. Palo Alto Networks CandC IP Addresses
B. Palo Alto Networks Bulletproof IP Addresses
C. Palo Alto Networks High-Risk IP Addresses
D. Palo Alto Networks Known Malicious IP Addresses
What action will inform end users when their access to Internet content is being restricted?
A. Create a custom 'URL Category' object with notifications enabled.
B. Publish monitoring data for Security policy deny logs.
C. Ensure that the 'site access" setting for all URL sites is set to 'alert'.
D. Enable 'Response Pages' on the interface providing Internet access.
A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_base.
On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days.
Based on the information, how is the SuperApp traffic affected after the 30 days have passed?
A. All traffic matching the SuperApp_chat, and SuperApp_download is denied because it no longer matches the SuperApp-base application
B. No impact because the apps were automatically downloaded and installed
C. No impact because the firewall automatically adds the rules to the App-ID interface
D. All traffic matching the SuperApp_base, SuperApp_chat, and SuperApp_download is denied until the security administrator approves the applications
Which three interface deployment methods can be used to block traffic flowing through the Palo Alto Networks firewall? (Choose three.)
A. Layer 2
B. Virtual Wire
C. Tap
D. Layer 3
E. HA
Which type of profile must be applied to the Security policy rule to protect against buffer overflows illegal code execution and other attempts to exploit system flaws?
A. anti-spyware
B. URL filtering
C. vulnerability protection
D. file blocking
To enable DNS sinkholing, which two addresses should be reserved? (Choose two.)
A. MAC
B. IPv6
C. Email
D. IPv4
