An engines must configure the Decryption Broker feature. To which router must the engineer assign the decryption forwarding interfaces that are used m the Decryption Broker security Chain?
A. a virtual router that has no additional interfaces for passing data-plane traffic and no other configured routes than those used in for the security chain
B. the virtual router that routes the traffic that the Decryption Broker security chain inspects
C. a virtual router that is configured with at least one dynamic routing protocol and has at least one entry in the RIB
D. the default virtual router (If there is no default virtual router the engineer must create one during setup)
During the process of developing a decryption strategy and evaluating which websites are required for corporate users to access, several sites have been identified that cannot be decrypted due to technical reasons. In this case, the technical reason is unsupported ciphers. Traffic to these sites will therefore be blocked if decrypted.
How should the engineer proceed?
A. Allow the firewall to block the sites to improve the security posture
B. Add the sites to the SSL Decryption Exclusion list to exempt them from decryption
C. Install the unsupported cipher into the firewall to allow the sites to be decrypted
D. Create a Security policy to allow access to those sites
An engineer troubleshooting a VPN issue needs to manually initiate a VPN tunnel from the CLI. Which CLI command can the engineer use?
A. test vpn flow
B. test vpn Ike--sa
C. test vpn tunnel
D. test vpn gateway
In an HA failover scenario what happens with sessions decrypted by a SSL Forward Proxy Decryption policy?
A. The existing session is transferred to the active firewall.
B. The firewall drops the session.
C. The session is sent to fastpath.
D. The firewall allows the session but does not decrypt the session.
An engineer is deploying VoIP and needs to ensure that voice traffic is treated with the highest priority on the network. Which QoS priority should be assigned to such an application?
A. Medium
B. Low
C. High
D. Real-time
An administrator wants to enable Palo Alto Networks cloud services for Device Telemetry and IoT. Which type of certificate must be installed?
A. External CA certificate
B. Server certificate
C. Device certificate
D. Self-signed root CA certificate
An engineer is monitoring an active/active high availability (HA) firewall pair. Which HA firewall state describes the firewall that is currently processing traffic?
A. Passive
B. Initial
C. Active
D. Active-primary
A network administrator is trying to prevent domain username and password submissions to phishing sites on some allowed URL categories Which set of steps does the administrator need to take in the URL Filtering profile to prevent credential phishing on the firewall?
A. Choose the URL categories on Site Access column and set action to block Click the User credential Detection tab and select IP User Mapping Commit
B. Choose the URL categories in the User Credential Submission column and set action to block Select the User credential Detection tab and select use IP User Mapping Commit
C. Choose the URL categories in the User Credential Submission column and set action to block Select the URL filtering settings and enable Domain Credential Filter Commit
D. Choose the URL categories in the User Credential Submission column and set action to block Select the User credential Detection tab and select Use Domain Credential Filter Commit
Which GlobalProtect Client connect method requires the distribution and use of machine certificates?
A. User-logon (Always on)
B. At-boot
C. On-demand
D. Pre-logon
Which virtual router feature determines if a specific destination IP address is reachable?
A. Heartbeat Monitoring
B. Failover
C. Path Monitoring
D. Ping-Path
