لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
Which Public Key infrastructure component is used to authenticate users for GlobalProtect when the Connect Method is set to pre-logon?
A. Certificate revocation list
B. Trusted root certificate
C. Machine certificate
D. Online Certificate Status Protocol
عرض الإجابة
اجابة صحيحة: ABDF
السؤال #2
During SSL decryption which three factors affect resource consumption1? (Choose three )
A. TLS protocol version
B. transaction size
C. key exchange algorithm
D. applications that use non-standard ports
E. certificate issuer
عرض الإجابة
اجابة صحيحة: D
السؤال #3
Which User-ID mapping method should be used in a high-security environment where all IP address-to-user mappings should always be explicitly known?
A. PAN-OS integrated User-ID agent
B. LDAP Server Profile configuration
C. GlobalProtect
D. Windows-based User-ID agent
عرض الإجابة
اجابة صحيحة: D
السؤال #4
What does SSL decryption require to establish a firewall as a trusted third party and to establish trust between a client and server to secure an SSL/TLS connection?
A. link state
B. stateful firewall connection
C. certificates
D. profiles
عرض الإجابة
اجابة صحيحة: A
السؤال #5
An administrator has configured a QoS policy rule and a QoS profile that limits the maximum allowable bandwidth for the YouTube application. However , YouTube is consuming more than the maximum bandwidth allotment configured. Which configuration step needs to be configured to enable QoS?
A. Enable QoS Data Filtering Profile
B. Enable QoS monitor
C. Enable Qos interface
D. Enable Qos in the interface Management Profile
عرض الإجابة
اجابة صحيحة: D
السؤال #6
A web server is hosted in the DMZ, and the server is configured to listen for incoming connections only on TCP port 8080. A Security policy rule allowing access from the Trust zone to the DMZ zone need to be configured to enable we browsing access to the server. Which application and service need to be configured to allow only cleartext web-browsing traffic to thins server on tcp/8080.
A. application: web-browsing; service: application-default
B. application: web-browsing; service: service-https
C. application: ssl; service: any
D. application: web-browsing; service: (custom with destination TCP port 8080)
عرض الإجابة
اجابة صحيحة: C
السؤال #7
Which feature can provide NGFWs with User-ID mapping information?
A. GlobalProtect
B. Web Captcha
C. Native 802
D. Native 802
عرض الإجابة
اجابة صحيحة: C
السؤال #8
Match each type of DoS attack to an example of that type of attack
A. Mastered
B. Not Mastered
عرض الإجابة
اجابة صحيحة: CD
السؤال #9
Which CLI command is used to simulate traffic going through the firewall and determine which Security policy rule, NAT translation, static route, or PBF rule will be triggered by the traffic?
A. check
B. find
C. test
D. sim
عرض الإجابة
اجابة صحيحة: B
السؤال #10
Which three split tunnel methods are supported by a globalProtect gateway? (Choose three.)
A. video streaming application
B. Client Application Process
C. Destination Domain
D. Source Domain
E. Destination user/group
F. URL Category
عرض الإجابة
اجابة صحيحة: B
السؤال #11
SD-WAN is designed to support which two network topology types? (Choose two.)
A. ring
B. point-to-point
C. hub-and-spoke
D. full-mesh
عرض الإجابة
اجابة صحيحة: DE
السؤال #12
Which three statements accurately describe Decryption Mirror? (Choose three.)
A. Decryption Mirror requires a tap interface on the firewall
B. Decryption, storage, inspection and use of SSL traffic are regulated in certain countries
C. Only management consent is required to use the Decryption Mirror feature
D. You should consult with your corporate counsel before activating and using Decryption Mirror in a production environment
E. Use of Decryption Mirror might enable malicious users with administrative access to the firewall to harvest sensitive information that is submitted via an encrypted channel
عرض الإجابة
اجابة صحيحة: A
السؤال #13
Which feature prevents the submission of corporate login information into website forms?
A. Data filtering
B. User-ID
C. File blocking
D. Credential phishing prevention
عرض الإجابة
اجابة صحيحة: C
السؤال #14
Starting with PAN-OS version 9.1, Global logging information is now recoded in which firewall log?
A. Authentication
B. Globalprotect
C. Configuration
D. System
عرض الإجابة
اجابة صحيحة: BD
السؤال #15
Place the steps in the WildFire process workflow in their correct order.
A. Mastered
B. Not Mastered
عرض الإجابة
اجابة صحيحة: D
السؤال #16
When you configure a Layer 3 interface what is one mandatory step?
A. Configure Security profiles, which need to be attached to each Layer 3 interface
B. Configure Interface Management profiles which need to be attached to each Layer 3 interface
C. Configure virtual routers to route the traffic for each Layer 3 interface
D. Configure service routes to route the traffic for each Layer 3 interface
عرض الإجابة
اجابة صحيحة: A
السؤال #17
An engineer must configure a new SSL decryption deployment Which profile or certificate is required before any traffic that matches an SSL decryption rule is decrypted?
A. There must be a certificate with both the Forward Trust option and Forward Untrust option selected
B. A Decryption profile must be attached to the Decryption policy that the traffic matches
C. A Decryption profile must be attached to the Security policy that the traffic matches
D. There must be a certificate with only the Forward Trust option selected
عرض الإجابة
اجابة صحيحة: A
السؤال #18
ESTION NO: 94 If an administrator wants to decrypt SMTP traffic and possesses the server’s certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to inspect traffic to the server?
A. TLS Bidirectional Inspection
B. SSL Inbound Inspection
C. SSH Forward Proxy
D. SMTP Inbound Decryption
عرض الإجابة
اجابة صحيحة: A
السؤال #19
Which four NGFW multi-factor authentication factors are supported by PAN-OS? (Choose four.)
A. Short message service
B. Push
C. User logon
D. Voice
E. SSH key
F. One-Time Password
عرض الإجابة
اجابة صحيحة: BD
السؤال #20
A company needs to preconfigure firewalls to be sent to remote sites with the least amount of reconfiguration. Once deployed, each firewall must establish secure tunnels back to multiple regional data centers to include the future regional data centers. Which VPN configuration would adapt to changes when deployed to the future site?
A. Preconfigured GlobalProtect satellite
B. Preconfigured GlobalProtect client
C. Preconfigured IPsec tunnels
D. Preconfigured PPTP Tunnels
عرض الإجابة
اجابة صحيحة: A
السؤال #21
An administrator creates a custom application containing Layer 7 signatures. The latest application and threat dynamic update is downloaded to the same NGFW. The update contains an application that matches the same traffic signatures as the custom application. Which application should be used to identify traffic traversing the NGFW?
A. Custom application
B. System logs show an application error and neither signature is used
C. Downloaded application
D. Custom and downloaded application signature files are merged and both are used
عرض الإجابة
اجابة صحيحة: CD
السؤال #22
An administrator cannot see any of the Traffic logs from the Palo Alto Networks NGFW on Panorama. The configuration problem seems to be on the firewall side. Where is the best place on the Palo Alto Networks NGFW to check whether the configuration is correct? A) B) C) D)
A. Option A
B. Option B
C. Option C
D. Option D
عرض الإجابة
اجابة صحيحة: C
السؤال #23
Only two Trust to Untrust allow rules have been created in the Security policy Rule1 allows google-base Rule2 allows youtube-base The youtube-base App-ID depends on google-base to function. The google-base App-ID implicitly uses SSL and web-browsing. When user try to accesss https://www.youtube.com in a web browser, they get an error indecating that the server cannot be found. Which action will allow youtube.com display in the browser correctly?
A. Add SSL App-ID to Rule1
B. Create an additional Trust to Untrust Rule, add the web-browsing, and SSL App-ID's to it
C. Add the DNS App-ID to Rule2
D. Add the Web-browsing App-ID to Rule2
عرض الإجابة
اجابة صحيحة: BE
السؤال #24
Which User-ID method maps IP address to usernames for users connecting through a web proxy that has already authenticated the user?
A. Client Probing
B. Port mapping
C. Server monitoring
D. Syslog listening
عرض الإجابة
اجابة صحيحة: A
السؤال #25
An administrator accidentally closed the commit window/screen before the commit was finished. Which two options could the administrator use to verify the progress or success of that commit task? (Choose two.)
A. Configuration Logs
B. System Logs
C. Task Manager
D. Traffic Logs
عرض الإجابة
اجابة صحيحة: D
السؤال #26
Which Panorama objects restrict administrative access to specific device-groups?
A. templates
B. admin roles
C. access domains
D. authentication profiles
عرض الإجابة
اجابة صحيحة: C
السؤال #27
Which certificates can be used as a Forwarded Trust certificate?
A. Certificate from Default Trust Certificate Authorities
B. Domain Sub-CA
C. Forward_Trust
D. Domain-Root-Cert
عرض الإجابة
اجابة صحيحة: AC
السؤال #28
A firewall should be advertising the static route 10 2 0 0/24 into OSPF The configuration on the neighbor is correct but the route is not in the neighbor's routing tWabhliech two configurations should you check on the firewall'? (Choose two )
A. Within the redistribution profile ensure that Redist is selected
B. In the redistribution profile check that the source type is set to "ospf"
C. In the OSFP configuration ensure that the correct redistribution profile is selected in the OSPF Export Rules section
D. Ensure that the OSPF neighbor state is "2-Way"
عرض الإجابة
اجابة صحيحة: A
السؤال #29
Use the image below If the firewall has the displayed link monitoring configuration what will cause a failover?
A. ethernet1/3 and ethernet1/6 going down
B. etheme!1/3 going down
C. ethernet1/6 going down
D. ethernet1/3 or ethernet1/6 going down
عرض الإجابة
اجابة صحيحة: ACD
السؤال #30
An Administrator is configuring an IPSec VPN toa Cisco ASA at the administrator's home and experiencing issues completing the connection. The following is th output from the command: less mp-log ikemgr.log: What could be the cause of this problem?
A. The public IP addresse do not match for both the Palo Alto Networks Firewall and the ASA
B. The Proxy IDs on the Palo Alto Networks Firewall do not match the settings on the ASA
C. The shared secerts do not match between the Palo Alto firewall and the ASA
D. The deed peer detection settings do not match between the Palo Alto Networks Firewall and the ASA
عرض الإجابة
اجابة صحيحة: D
السؤال #31
Which Palo Alto Networks VM-Series firewall is valid?
A. VM-25
B. VM-800
C. VM-50
D. VM-400
عرض الإجابة
اجابة صحيحة: BC
السؤال #32
The following objects and policies are defined in a device group hierarchy A) B) C) Address Objects -Shared Address 1 -Branch Address2 Policies -Shared Polic1 l -Branch Policyl D) Address Objects -Shared Addressl -Shared Address2 -Branch Addressl Policies -Shared Policyl -Shared Policy2 -Branch Policyl
A. Option A
B. Option B
C. Option C
D. Option D
عرض الإجابة
اجابة صحيحة: ABC
السؤال #33
Given the following configuration, which route is used for destination 10.10.0.4?
A. Route 4
B. Route 3
C. Route 1
D. Route 3
عرض الإجابة
اجابة صحيحة: AC
السؤال #34
Which two actions are required to make Microsoft Active Directory users appear in a firewall traffic log? (Choose two.)
A. Run the User-ID Agent using an Active Directory account that has "event log viewer" permissions
B. Enable User-ID on the zone object for the destination zone
C. Run the User-ID Agent using an Active Directory account that has "domain administrator" permissions
D. Enable User-ID on the zone object for the source zone
E. Configure a RADIUS server profile to point to a domain controller
عرض الإجابة
اجابة صحيحة: D
السؤال #35
What are two characteristic types that can be defined for a variable? (Choose two )
A. zone
B. FQDN
C. path group
D. IP netmask
عرض الإجابة
اجابة صحيحة: A
السؤال #36
The firewall is not downloading IP addresses from MineMeld. Based, on the image, what most likely is wrong?
A. A Certificate Profile that contains the client certificate needs to be selected
B. The source address supports only files hosted with an ftp://
C. External Dynamic Lists do not support SSL connections
D. A Certificate Profile that contains the CA certificate needs to be selected
عرض الإجابة
اجابة صحيحة: C
السؤال #37
Which certificate can be used as the Forward Trust certificate?
A. Domain Sub-CA
B. Domain-Root-Cert
C. Certificate from Default Trusted Certificate Authorities
D. Forward-Trust
عرض الإجابة
اجابة صحيحة: A
السؤال #38
An administrator needs to implement an NGFW between their DMZ and Core network. EIGRP Routing between the two environments is required. Which interface type would support this business requirement?
A. Virtual Wire interfaces to permit EIGRP routing to remain between the Core and DMZ
B. Layer 3 or Aggregate Ethernet interfaces, but configuring EIGRP on subinterfaces only
C. Tunnel interfaces to terminate EIGRP routing on an IPsec tunnel (with the GlobalProtect License to support LSVPN and EIGRPprotocols)
D. Layer 3 interfaces, but configuring EIGRP on the attached virtual router
عرض الإجابة
اجابة صحيحة: C
السؤال #39
The company's Panorama server (IP 10.10.10.5) is not able to manage a firewall that was recently deployed. The firewall's dedicated management port is being used to connect to the management network. Which two commands may be used to troubleshoot this issue from the CLI of the new firewall? (Choose two)
A. test panoramas-connect 10
B. show panoramas-status
C. show arp all I match 10
D. topdump filter "host 10
E. debug dataplane packet-diag set capture on
عرض الإجابة
اجابة صحيحة: D
السؤال #40
An administrator is defining protection settings on the Palo Alto Networks NGFW to guard against resource exhaustion. When platform utilization is considered, which steps must the administrator take to configure and apply packet buffer protection?
A. Enable and configure the Packet Buffer protection thresholds
B. Enable and then configure Packet Buffer thresholdsEnable Interface Buffer protection
C. Create and Apply Zone Protection Profiles in all ingress zones
D. Configure and apply Zone Protection Profiles for all egress zones
E. Enable per-vsys Session Threshold alerts and triggers for Packet Buffer Limits
عرض الإجابة
اجابة صحيحة: B
السؤال #41
Which event will happen if an administrator uses an Application Override Policy?
A. Threat-ID processing time is decreased
B. The Palo Alto Networks NGFW stops App-ID processing at Layer 4
C. The application name assigned to the traffic by the security rule is written to the Traffic log
D. App-ID processing time is increased
عرض الإجابة
اجابة صحيحة: B
السؤال #42
An administrator creates an SSL decryption rule decrypting traffic on all ports. The administrator also creates a Security policy rule allowing only the applications DNS, SSL, and web-browsing. The administrator generates three encrypted BitTorrent connections and checks the Traffic logs. There are three entries. The first entry shows traffic dropped as application Unknown. The next two entries show traffic allowed as application SSL. Which action will stop the second and subsequent encrypted BitTorrent con
A. Create a decryption rule matching the encrypted BitTorrent traffic with action “No-Decrypt,” and place the rule at the top of the Decryption policy
B. Create a Security policy rule that matches application “encrypted BitTorrent” and place the rule at the top of the Security policy
C. Disable the exclude cache option for the firewall
D. Create a Decryption Profile to block traffic using unsupported cyphers, and attach the profile to the decryption rule
عرض الإجابة
اجابة صحيحة: A
السؤال #43
A network Administrator needs to view the default action for a specific spyware signature. The administrator follows the tabs and menus through Objects> Security Profiles> Anti-Spyware and select default profile. What should be done next?
A. Click the simple-critical rule and then click the Action drop-down list
B. Click the Exceptions tab and then click show all signatures
C. View the default actions displayed in the Action column
D. Click the Rules tab and then look for rules with "default" in the Action column
عرض الإجابة
اجابة صحيحة: C
السؤال #44
To more easily reuse templates and template slacks , you can create term plate variables in place of firewall-specific and appliance-specific IP literals in your configurations Which one is the correct configuration?
A. @Panorama
B. #Pancrama
C. &Panorama
D. $Panorama
عرض الإجابة
اجابة صحيحة: D
السؤال #45
As a best practice, which URL category should you target first for SSL decryption*?
A. Online Storage and Backup
B. High Risk
C. Health and Medicine
D. Financial Services
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: