The Security Operations Center (SOC) has noticed that a user has large amounts of data going to and coming from an external encrypted website. The SOC would like to identify the data being sent to and received from this website.
Which Secure Sockets Layer (SSL) decryption method supported by Palo Alto Networks would allow the SOC to see this data?
A. Forward Proxy
B. Web Proxy
C. Certificate Proxy
D. Inbound Proxy
An administrator wants to deploy a pair of firewalls in an active/active high availability (HA) architecture.
Which two deployment types are supported in this circumstance? (Choose two.) Select 2 Correct Responses
A. Layer 3
B. TAP mode
C. Virtual Wire
D. Layer 2
Which traffic will be blocked when application-default service is set on a Security policy?
A. SSH traffic on TCP/22
B. HTTPS traffic on TCP/443
C. HTTP traffic on TCP/81
D. DNS traffic on UDP/53
When deploying an Eval Next-Generation Firewall (NGFW) within a customer environment for the purpose of generating a Security Lifecycle Review (SLR) report, creation of which interface will not impact production traffic?
A. Layer 3 interface
B. SLR interface
C. virtual wire interface
D. TAP interface
What is a technical benefit of User-ID in relation to policy control?
A. It matches traffic against policy to check whether it is allowed on the network.
B. It allows all users to designate view-only access to itinerant personnel.
C. It improves safe enablement of applications traversing the network.
D. It encrypts all private keys and passwords in the configuration.
Which subscription should be activated when a predefined, known malicious IP address is updated?
A. WildFire
B. Cortex Data Lake
C. Threat Prevention
D. URL Filtering
What are three unique benefits of the Palo Alto Networks Content-ID? (Choose three.) Select 3 Correct Responses
A. micro-segmenting network traffic based on the unique identification number of the content
B. increasing latency as new threat prevention features are enabled
C. detecting and preventing known and unknown threats in a single pass
D. enforcing policy control over unapproved web surfing
E. proactively identifying and defending against unknown, new, or custom malware and exploits
The ability of a Next-Generation Firewall (NGFW) to logically group physical and virtual interfaces and then control traffic based on that grouping is known aswhat?
A. LLDP profiles
B. security zones
C. DHCP groups
D. security profile groups
Which deployment method is used to integrate a firewall to be inline in an existing network but does not support additional routing or switching?
A. virtual wire
B. TAP mode
C. Layer 3
D. Layer 2
Which Palo Alto Networks product offers a centrally managed firewall update process?
A. SD_WAN
B. Prisma SaaS
C. Panorama
D. WildFire