Which feature can provide NGFWs with User-ID mapping information?
A. Web Captcha
B. Native 802.1q authentication
C. GlobalProtect
D. Native 802.1x authentication
Which method does an administrator use to integrate all non-native MFA platforms in PAN-OS? software?
A. Okta
B. DUO
C. RADIUS
D. PingID
An administrator creates an SSL decryption rule decrypting traffic on all ports. The administrator also creates a Security policy rule allowing only the applications DNS, SSL, and web-browsing. The administrator generates three encrypted
BitTorrent connections and checks the Traffic logs. There are three entries. The first entry shows traffic dropped as application Unknown. The next two entries show traffic allowed as application SSL.
Which action will stop the second and subsequent encrypted BitTorrent connections from being allowed as SSL?
A. Create a decryption rule matching the encrypted BitTorrent traffic with action "No-Decrypt," and place the rule at the top of the Decryption policy.
B. Create a Security policy rule that matches application "encrypted BitTorrent" and place the rule at the top of the Security policy.
C. Disable the exclude cache option for the firewall.
D. Create a Decryption Profile to block traffic using unsupported cyphers, and attach the profile to the decryption rule.
A customer wants to set up a site-to-site VPN using tunnel interfaces. Which two formats are correct for naming tunnel interfaces? (Choose two.)
A. Vpn-tunnel.1024
B. vpn-tunne.1
C. tunnel 1025
D. tunnel. 1
An administrator needs to upgrade an NGFW to the most current version of PAN-OS?software. The following is occurring:
irewall has Internet connectivity through e1/1.
efault security rules and security rules allowing all SSL and web-browsing traffic to and from any zone.
ervice route is configured, sourcing update traffic from e1/1. communication error appears in the System logs when updates are performed.
ownload does not complete.
What must be configured to enable the firewall to download the current version of PAN-OS software?
A. DNS settings for the firewall to use for resolution
B. scheduler for timed downloads of PAN-OS software
C. static route pointing application PaloAlto-updates to the update servers
D. Security policy rule allowing PaloAlto-updates as the application
Which two statements are correct for the out-of-box configuration for Palo Alto Networks NGFWs? (Choose two)
A. The devices are pre-configured with a virtual wire pair out the first two interfaces.
B. The devices are licensed and ready for deployment.
C. The management interface has an IP address of 192.168.1.1 and allows SSH and HTTPS connections.
D. A default bidirectional rule is configured that allows Untrust zone traffic to go to the Trust zone.
E. The interface are pingable.
A critical US-CERT notification is published regarding a newly discovered botnet. The malware is very evasive and is not reliably detected by endpoint antivirus software. Furthermore, SSL is used to tunnel malicious traffic to command-andcontrol servers on the internet and SSL Forward Proxy Decryption is not enabled.
Which component once enabled on a perirneter firewall will allow the identification of existing infected hosts in an environment?
A. Anti-Spyware profiles applied outbound security policies with DNS Query action set to sinkhole
B. File Blocking profiles applied to outbound security policies with action set to alert
C. Vulnerability Protection profiles applied to outbound security policies with action set to block
D. Antivirus profiles applied to outbound security policies with action set to alert
Which Palo Alto Networks VM-Series firewall is supported for VMware NSX?
A. VM-100
B. VM-200
C. VM-1000-HV
D. VM-300
Which three options does the WF-500 appliance support for local analysis? (Choose three)
A. E-mail links
B. APK files
C. jar files
D. PNG files
E. Portable Executable (PE) files
A network design calls for a "router on a stick" implementation with a PA-5060 performing inter- VLAN routing All VLAN-tagged traffic will be forwarded to the PA-5060 through a single dot1q trunk interface Which interface type and configuration setting will support this design?
A. Trunk interface type with specified tag
B. Layer 3 interface type with specified tag
C. Layer 2 interface type with a VLAN assigned
D. Layer 3 subinterface type with specified tag
