لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Given the topology, which zone type should you configure for firewall interface E1/1?
A. ap
B. unnel
C. irtual Wire
D. ayer3
عرض الإجابة
اجابة صحيحة: A
السؤال #2
The PowerBall Lottery has reached an unusually high value this week. Your company has decided to raise morale by allowing employees to access the PowerBall Lottery website (www.powerball.com) for just this week. However, the company does not want employees to access any other websites also listed in the URL filtering `gambling` category.Which method allows the employees to access the PowerBall Lottery website but without unblocking access to the `gambling` URL category?
A. dd just the URL www
B. anually remove powerball
C. dd *
D. reate a custom URL category, add *
عرض الإجابة
اجابة صحيحة: A
السؤال #3
Which built-in IP address EDL would be useful for preventing traffic from IP addresses that are verified as unsafe based on WildFire analysis, Unit 42 research, and data gathered from telemetry?
A. alo Alto Networks High-Risk IP Addresses
B. alo Alto Networks Known Malicious IP Addresses
C. alo Alto Networks C&C IP Addresses
D. alo Alto Networks Bulletproof IP Addresses
عرض الإجابة
اجابة صحيحة: B
السؤال #4
Which two App-ID applications will you need to allow in your Security policy to use facebook-chat? (Choose two.)
A. indows-based agent deployed on the internal network
B. AN-OS integrated agent deployed on the internal network
C. itrix terminal server deployed on the internal network
D. indows-based agent deployed on each of the WAN Links
عرض الإجابة
اجابة صحيحة: BC
السؤال #5
Which two components are utilized within the Single-Pass Parallel Processing architecture on a Palo Alto Networks Firewall? (Choose two.)
A. evice>Setup>Services
B. evice>Setup>Management
C. evice>Setup>Operations
D. evice>Setup>Interfaces
عرض الإجابة
اجابة صحيحة: BD
السؤال #6
How frequently can WildFire updates be made available to firewalls?
A. very 15 minutes
B. very 30 minutes
C. very 60 minutes
D. very 5 minutes
عرض الإجابة
اجابة صحيحة: D
السؤال #7
An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the administrator need to monitor and block to mitigate the malicious activity?
A. ranch office traffic
B. orth-south traffic
C. erimeter traffic
D. ast-west traffic
عرض الإجابة
اجابة صحيحة: D
السؤال #8
How many zones can an interface be assigned with a Palo Alto Networks firewall?
A. wo
B. hree
C. our
D. ne
عرض الإجابة
اجابة صحيحة: D
السؤال #9
What does an administrator use to validate whether a session is matching an expected NAT policy?
A. ystem log
B. est command
C. hreat log
D. onfig audit
عرض الإجابة
اجابة صحيحة: B
السؤال #10
Four configuration choices are listed, and each could be used to block access to a specific URL. If you configured each choice to block the same URL then which choice would be the last to block access to the URL?
A. DL in URL Filtering Profile
B. ustom URL category in URL Filtering Profile
C. ustom URL category in Security policy rule
D. AN-DB URL category in URL Filtering Profile
عرض الإجابة
اجابة صحيحة: D
السؤال #11
All users from the internal zone must be allowed only Telnet access to a server in the DMZ zone.Complete the two empty fields in the Security policy rules that permits only this type of access.Source Zone: Internal -Destination Zone: DMZ Zone -Application: _________?Service: ____________?Action: allow -(Choose two.)
A. nti-Spyware Profile
B. one Protection Profile
C. ntivirus Profile
D. RL Filtering Profile
عرض الإجابة
اجابة صحيحة: AC
السؤال #12
How many zones can an interface be assigned with a Palo Alto Networks firewall?
A. nable Security Log
B. erver Log Monitor Frequency (sec)
C. nable Session
D. nable Probing
عرض الإجابة
اجابة صحيحة: D
السؤال #13
Your company occupies one floor in a single building. You have two Active Directory domain controllers on a single network. The firewall's management plane is only slightly utilized.Which User-ID agent is sufficient in your network?
A. indows-based agent deployed on each domain controller
B. AN-OS integrated agent deployed on the firewall
C. itrix terminal server agent deployed on the network
D. indows-based agent deployed on the internal network a domain member
عرض الإجابة
اجابة صحيحة: B
السؤال #14
The compliance officer requests that all evasive applications need to be blocked on all perimeter firewalls out to the internet. The firewall is configured with two zones:1. trust for internal networks2. untrust to the internetBased on the capabilities of the Palo Alto Networks NGFW, what are two ways to configure a security policy using App-ID to comply with this request? (Choose two.)
A. t was blocked by the Vulnerability Protection profile action
B. t was blocked by the Security policy action
C. t was blocked by the Anti-Virus Security profile action
D. t was blocked by the Anti-Spyware Profile action
عرض الإجابة
اجابة صحيحة: AD
السؤال #15
Selecting the option to revert firewall changes will replace what settings?
A. he candidate configuration with settings from the running configuration
B. ynamic update scheduler settings
C. he running configuration with settings from the candidate configuration
D. he device state with settings from another configuration
عرض الإجابة
اجابة صحيحة: D
السؤال #16
06. In path monitoring, what is used to monitor remote network devices?
A. i
B. SL
C. TTP
D. TTPS
عرض الإجابة
اجابة صحيحة: A
السؤال #17
Given the topology, which interface type should you configure for firewall interface E1/1?
A. ayer 2
B. irtual wire
C. ap
D. irror port
عرض الإجابة
اجابة صحيحة: C
السؤال #18
When an ethernet interface is configured with an IPv4 address, which type of zone is it a member of?
A. ayer 3
B. irtual Wire
C. ap
D. unnel
عرض الإجابة
اجابة صحيحة: A
السؤال #19
05. The data plane provides which two data processing features of the firewall?
A. ignaturematchi
B. eporti
C. etworkprocessi
D. oggi
عرض الإجابة
اجابة صحيحة: AC
السؤال #20
Which rule type is appropriate for matching traffic both within and between the source and destination zones?
A. nterzone
B. hadowed
C. ntrazone
D. niversal
عرض الإجابة
اجابة صحيحة: A
السؤال #21
An administrator is troubleshooting traffic that should match the interzone-default rule. However, the administrator doesn't see this traffic in the traffic logs on the firewall. The interzone-default was never changed from its default configuration.Why doesn't the administrator see the traffic?
A. he interzone-default policy is disabled by default
B. raffic is being denied on the interzone-default policy
C. ogging on the interzone-default policy is disabled
D. he Log Forwarding profile is not configured on the policy
عرض الإجابة
اجابة صحيحة: C
السؤال #22
An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command- and-control (C2) server.Which two security profile components will detect and prevent this threat after the firewall's signature database has been updated? (Choose two.)
A. elivery
B. econnaissance
C. ommand and Control
D. xploitation
عرض الإجابة
اجابة صحيحة: BC
السؤال #23
In the example security policy shown, which two websites would be blocked? (Choose two.)
A. lobalProtect
B. anorama
C. risma SaaS
D. utoFocus
عرض الإجابة
اجابة صحيحة: AB
السؤال #24
Which action related to App-ID updates will enable a security administrator to view the existing security policy rule that matches new application signatures?
A. Review Policies
B. Review Apps
C. Pre-analyze
D. Review App Matches
عرض الإجابة
اجابة صحيحة: A
السؤال #25
How do you reset the hit count on a Security policy rule?
A. Select a Security policy rule, and then select Hit Count > Reset
B. Reboot the data-plane
C. First disable and then re-enable the rule
D. Type the CLI command reset hitcount
عرض الإجابة
اجابة صحيحة: A
السؤال #26
07. How often are new and modified threat signatures and modified applications signatures published?
A. ayer2interface
B. ayer3interface
C. irtualroute
D. irtualsystem
عرض الإجابة
اجابة صحيحة: A
السؤال #27
Which Security profile would you apply to identify infected hosts on the protected network using DNS traffic?
A. RL filtering
B. ulnerability protection
C. nti-spyware
D. ntivirus
عرض الإجابة
اجابة صحيحة: C
السؤال #28
An administrator would like to determine the default deny action for the application dns-over-https.Which action would yield the information?
A. iew the application details in beacon
B. heck the action for the Security policy matching that traffic
C. heck the action for the decoder in the antivirus profile
D. iew the application details in Objects > Applications
عرض الإجابة
اجابة صحيحة: B
السؤال #29
Based on the screenshot, what is the purpose of the Included Groups?
A. hey are groups that are imported from RADIUS authentication servers
B. hey are the only groups visible based on the firewall's credentials
C. hey contain only the users you allow to manage the firewall
D. hey are used to map users to groups
عرض الإجابة
اجابة صحيحة: D
السؤال #30
Which Security Profile mitigates attacks based on packet count?
A. zone protection profile
B. URL filtering profile
C. antivirus profile
D. vulnerability profile
عرض الإجابة
اجابة صحيحة: A
السؤال #31
Which plane on a Palo Alto Networks Firewall provides configuration, logging, and reporting functions on a separate processor?
A. anagement
B. etwork processing
C. ata
D. ecurity processing
عرض الإجابة
اجابة صحيحة: A
السؤال #32
An administrator wants to create a No-NAT rule to exempt a flow from the default NAT rule.What is the best way to do this?
A. reate a static NAT rule translating to the destination interface
B. reate a static NAT rule with an application override
C. reate a Security policy rule to allow the traffic
D. reate a new NAT rule with the correct parameters and leave the translation type as None
عرض الإجابة
اجابة صحيحة: D
السؤال #33
Which option shows the attributes that are selectable when setting up application filters?
A. lock List
B. ustom URL Categories
C. AN-DB URL Categories
D. llow List
عرض الإجابة
اجابة صحيحة: B
السؤال #34
How is an address object of type IP range correctly defined?
A. 92
B. 92
C. 92
D. 92
عرض الإجابة
اجابة صحيحة: A
السؤال #35
DRAG DROP (Drag and Drop is not supported)Match each feature to the DoS Protection Policy or the DoS Protection Profile.Select and Place:
A. ee Explanation section for answer
عرض الإجابة
اجابة صحيحة: A
السؤال #36
During the App-ID update process, what should you click on to confirm whether an existing policy rule is affected by an App-ID update?
A. heck now
B. eview policies
C. est policy match
D. ownload
عرض الإجابة
اجابة صحيحة: B
السؤال #37
An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact and command-and-control (C2) server.Which security profile components will detect and prevent this threat after the firewall's signature database has been updated?
A. ntivirus profile applied to outbound security policies
B. ata filtering profile applied to inbound security policies
C. ata filtering profile applied to outbound security policies
D. ulnerability profile applied to inbound security policies
عرض الإجابة
اجابة صحيحة: A
السؤال #38
What is the minimum frequency for which you can configure the firewall to check for new WildFire antivirus signatures?
A. very 30 minutes
B. very 5 minutes
C. very 24 hours
D. very 1 minute
عرض الإجابة
اجابة صحيحة: D
السؤال #39
For the firewall to use Active Directory to authenticate users, which Server Profile is required in the Authentication Profile?
A. ACACS+
B. ADIUS
C. DAP
D. AML
عرض الإجابة
اجابة صحيحة: C
السؤال #40
What is the main function of the Test Policy Match function?
A. nsure that policy rules are not shadowing other policy rules
B. onfirm that rules meet or exceed the Best Practice Assessment recommendations
C. onfirm that policy rules in the configuration are allowing donning the correct traffic
D. erify that policy rules from Expedition are valid
عرض الإجابة
اجابة صحيحة: D
السؤال #41
Based on the graphic, what is the purpose of the SSL/TLS Service profile configuration option?
A. t defines the SSL/TLS encryption strength used to protect the management interface
B. t defines the CA certificate used to verify the client's browser
C. t defines the certificate to send to the client's browser from the management interface
D. t defines the firewall's global SSL/TLS timeout values
عرض الإجابة
اجابة صحيحة: C
السؤال #42
Which security policy match condition would an administrator use to block traffic to IP addresses on the Palo Alto Networks Bulletproof IP Addresses list?
A. ource address
B. estination address
C. ource zone
D. estination zone
عرض الإجابة
اجابة صحيحة: A
السؤال #43
What is the main function of Policy Optimizer?
A. llows ג€anyג€ users to access servers in the DMZ zone
B. llows users to access IT applications on all ports
C. llow users in group ג€itג€ to access IT applications
D. llow users in group ג€DMZג€ to access IT applications
عرض الإجابة
اجابة صحيحة: D
السؤال #44
DRAG DROP (Drag and Drop is not supported)Match the Cyber-Attack Lifecycle stage to its correct description.Select and Place:
A. ee Explanation section for answer
عرض الإجابة
اجابة صحيحة: A
السؤال #45
Which link in the web interface enables a security administrator to view the Security policy rules that match new application signatures?
A. eview App Matches
B. eview Apps
C. re-analyze
D. eview Policies
عرض الإجابة
اجابة صحيحة: D
السؤال #46
An administrator would like to create a URL Filtering log entry when users browse to any gambling website.What combination of Security policy and Security profile actions is correct?
A. ecurity policy = deny, Gambling category in URL profile = block
B. ecurity policy = drop, Gambling category in URL profile = allow
C. ecurity policy = allow, Gambling category in URL profile = alert
D. ecurity policy = allow, Gambling category in URL profile = allow
عرض الإجابة
اجابة صحيحة: C
السؤال #47
Which action would an administrator take to ensure that a service object will be available only to the selected device group?
A. nsure that disable override is selected
B. ncheck the shared option
C. nsure that disable override is cleared
D. reate the service object in the specific template
عرض الإجابة
اجابة صحيحة: B
السؤال #48
Which administrative management services can be configured to access a management interface?
A. TTPS, HTTP, CLI, API
B. TTPS, SSH, telnet, SNMP
C. SH, telnet, HTTP, HTTPS
D. TTP, CLI, SNMP, HTTPS
عرض الإجابة
اجابة صحيحة: C
السؤال #49
What must be considered with regards to content updates deployed from Panorama?
A. ontent update schedulers need to be configured separately per device group
B. anorama can only install up to five content versions of the same type for potential rollback scenarios
C. PAN-OS upgrade resets all scheduler configurations for content updates
D. anorama can only download one content update at a time for content updates of the same type
عرض الإجابة
اجابة صحيحة: D
السؤال #50
DRAG DROP (Drag and Drop is not supported)Match the network device with the correct User-ID technology.Select and Place:
A. ee Explanation section for answer
عرض الإجابة
اجابة صحيحة: A
السؤال #51
Which User-ID mapping method should be used for an environment with users that do not authenticate to Active Directory?
A. reate an Application Filter and name it Office Programs, then filter it on the business-systems category, office-programs subcategory
B. reate an Application Group and add business-systems to it
C. reate an Application Filter and name it Office Programs, then filter it on the business-systems category
D. reate an Application Group and add Office 365, Evernote, Google Docs, and Libre Office
عرض الإجابة
اجابة صحيحة: C
السؤال #52
Which Security Profile can provide protection against ICMP floods, based on individual combinations of a packet's source and destination IP addresses?
A. DoS protection
B. URL filtering
C. packet buffering
D. anti-spyware
عرض الإجابة
اجابة صحيحة: A
السؤال #53
Employees are shown an application block page when they try to access YouTube. Which security policy is blocking the YouTube application?
A. ntrazone-default
B. eny Google
C. llowed-security services
D. nterzone-default
عرض الإجابة
اجابة صحيحة: D
السؤال #54
What action will inform end users when their access to Internet content is being restricted?
A. efore deploying content updates, always check content release version compatibility
B. ontent updates for firewall A/P HA pairs can only be pushed to the active firewall
C. ontent updates for firewall A/A HA pairs need a defined master device
D. fter deploying content updates, perform a commit and push to Panorama
عرض الإجابة
اجابة صحيحة: D
السؤال #55
Which statement is true regarding a Prevention Posture Assessment?
A. he Security Policy Adoption Heatmap component filters the information by device groups, serial numbers, zones, areas of architecture, and other categories
B. t provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture
C. t provides a percentage of adoption for each assessment area
D. t performs over 200 security checks on Panorama/firewall for the assessment
عرض الإجابة
اجابة صحيحة: B
السؤال #56
During the packet flow process, which two processes are performed in application identification? (Choose two.)
A. ntrust (any) to DMZ (10
B. ntrust (any) to Untrust (1
C. ntrust (any) to Untrust (10
D. ntrust (any) to DMZ (1
عرض الإجابة
اجابة صحيحة: AB
السؤال #57
Which definition describes the guiding principle of the zero-trust architecture?
A. rust, but verify
B. lways connect and verify
C. ever trust, never connect
D. ever trust, always verify
عرض الإجابة
اجابة صحيحة: D
السؤال #58
At which stage of the Cyber-Attack Lifecycle would the attacker attach an infected PDF file to an email?
A. -3-4-1
B. -4-3-2
C. -1-2-4
D. -3-2-4
عرض الإجابة
اجابة صحيحة: D
السؤال #59
Which DNS Query action is recommended for traffic that is allowed by Security policy and matches Palo Alto Networks Content DNS Signatures?
A. lock
B. inkhole
C. llow
D. lert
عرض الإجابة
اجابة صحيحة: B
السؤال #60
Based on the screenshot, what is the purpose of the group in User labelled `it`?
A. rop
B. eny
C. o notification
D. eset Client
عرض الإجابة
اجابة صحيحة: C
السؤال #61
01. What are two predefined Anti­Spyware profiles?
A. efaul
B. tandard
C. ecure
D. tric
عرض الإجابة
اجابة صحيحة: AD
السؤال #62
An administrator needs to add capability to perform real time signature lookups to block or sinkhole all known malware domains.Which type of single, unified engine will get this result?
A. ontent ID
B. pp-ID
C. ecurity Processing Engine
D. ser-ID
عرض الإجابة
اجابة صحيحة: C
السؤال #63
Which type of administrator account cannot be used to authenticate user traffic flowing through the firewall's data plane?
A. erberos user
B. AML user
C. ocal database user
D. ocal user
عرض الإجابة
اجابة صحيحة: D
السؤال #64
The CFO found a USB drive in the parking lot and decide to plug it into their corporate laptop. The USB drive had malware on it that loaded onto their computer and then contacted a known command and control (CnC) server, which ordered the infected machine to begin Exfiltrating data from the laptop.Which security profile feature could have been used to prevent the communication with the CnC server?
A. ctive Directory monitoring
B. indows session monitoring
C. indows client probing
D. omain controller monitoring
عرض الإجابة
اجابة صحيحة: A
السؤال #65
Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping.What is the quickest way to reset the hit counter to zero in all the security policy rules?
A. t the CLI enter the command reset rules and press Enter
B. ighlight a rule and use the Reset Rule Hit Counter > Selected Rules for each rule
C. eboot the firewall
D. se the Reset Rule Hit Counter > All Rules option
عرض الإجابة
اجابة صحيحة: D
السؤال #66
Which Security policy match condition would an administrator use to block traffic from IP addresses on the Palo Alto Networks EDL of Known Malicious IPAddresses list?
A. estination address
B. ource address
C. estination zone
D. ource zone
عرض الإجابة
اجابة صحيحة: D
السؤال #67
An administrator would like to see the traffic that matches the interzone-default rule in the traffic logs.What is the correct process to enable this logging?
A. dd static routes to route between the two interfaces
B. dd interfaces to the virtual router
C. dd zones attached to interfaces to the virtual router
D. nable the redistribution profile to redistribute connected routes
عرض الإجابة
اجابة صحيحة: B
السؤال #68
Identify the correct order to configure the PAN-OS integrated USER-ID agent.3. add the service account to monitor the server(s)2. define the address of the servers to be monitored on the firewall4. commit the configuration, and verify agent connection status1. create a service account on the Domain Controller with sufficient permissions to execute the User- ID agent
A. estination IP: 192
B. pplication = "Telnet"
C. og Forwarding
D. SER-ID = "Allow users in Trusted"
عرض الإجابة
اجابة صحيحة: D
السؤال #69
Which statement best describes a common use of Policy Optimizer?
A. olicy Optimizer can be used on a schedule to automatically create a disabled Layer 7 App ID Security policy for every Layer 4 policy that exist
B. olicy Optimizer can display which Security policies have not been used in the last 90 days
C. olicy Optimizer on aVM-50 firewall can display which Layer 7 App-ID Security policies have unused applications
D. olicy Optimizer can add or change a Log Forwarding profile for each Security policy selected
عرض الإجابة
اجابة صحيحة: D
السؤال #70
An administrator has configured a Security policy where the matching condition includes a single application, and the action is drop.If the application's default deny action is reset-both, what action does the firewall take?
A. t silently drops the traffic
B. t silently drops the traffic and sends an ICMP unreachable code
C. t sends a TCP reset to the server-side device
D. t sends a TCP reset to the client-side and server-side devices
عرض الإجابة
اجابة صحيحة: D
السؤال #71
Which security policy rule would be needed to match traffic that passes between the Outside zone and Inside zone, but does not match traffic that passes within the zones?
A. intrazone
B. interzone
C. universal
D. global
عرض الإجابة
اجابة صحيحة: B
السؤال #72
Which dataplane layer of the graphic shown provides pattern protection for spyware and vulnerability exploits on a Palo Alto Networks Firewall?
A. ategory, Subcategory, Technology, and Characteristic
B. ategory, Subcategory, Technology, Risk, and Characteristic
C. ame, Category, Technology, Risk, and Characteristic
D. ategory, Subcategory, Risk, Standard Ports, and Technology
عرض الإجابة
اجابة صحيحة: A
السؤال #73
DRAG DROP (Drag and Drop is not supported)Order the steps needed to create a new security zone with a Palo Alto Networks firewall.Select and Place:
A. ee Explanation section for answer
عرض الإجابة
اجابة صحيحة: A
السؤال #74
Which option is part of the content inspection process?
A. acket forwarding process
B. Psec tunnel encryption
C. SL Proxy re-encrypt
D. acket egress process
عرض الإجابة
اجابة صحيحة: C

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.