لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
Which two configuration settings shown are not the default? (Choose two.)
A. ignature Matching
B. etwork Processing
C. ecurity Processing
D. ata Interfaces
عرض الإجابة
اجابة صحيحة: BC
السؤال #2
Which URL Filtering profile action would you set to allow users the option to access a site only if they provide a URL admin password?
A. uthorization
B. ontinue
C. uthentication
D. verride
عرض الإجابة
اجابة صحيحة: D
السؤال #3
DRAG DROP (Drag and Drop is not supported)Match the Palo Alto Networks Security Operating Platform architecture to its description.Select and Place:
A. ee Explanation section for answer
عرض الإجابة
اجابة صحيحة: A
السؤال #4
Which five Zero Trust concepts does a Palo Alto Networks firewall apply to achieve an integrated approach to prevent threats? (Choose five.)
A. perture
B. utoFocus
C. anorama
D. lobalProtect
عرض الإجابة
اجابة صحيحة: ACDEF
السؤال #5
Which dataplane layer of the graphic shown provides pattern protection for spyware and vulnerability exploits on a Palo Alto Networks Firewall?
A. ategory, Subcategory, Technology, and Characteristic
B. ategory, Subcategory, Technology, Risk, and Characteristic
C. ame, Category, Technology, Risk, and Characteristic
D. ategory, Subcategory, Risk, Standard Ports, and Technology
عرض الإجابة
اجابة صحيحة: A
السؤال #6
An internal host needs to connect through the firewall using source NAT to servers of the internet.Which policy is required to enable source NAT on the firewall?
A. NAT policy with internal zone and internet zone specified
B. post-NAT policy with external source and any destination address
C. NAT policy with no internal or internet zone selected
D. pre-NAT policy with external source and any destination address
عرض الإجابة
اجابة صحيحة: A
السؤال #7
What do you configure if you want to set up a group of objects based on their ports alone?
A. ddress groups
B. ustom objects
C. pplication groups
D. ervice groups
عرض الإجابة
اجابة صحيحة: D
السؤال #8
Based on the Security policy rules shown, SSH will be allowed on which port?
A. he default port
B. nly ephemeral ports
C. ny port
D. ame port as ssl and snmpv3
عرض الإجابة
اجابة صحيحة: A
السؤال #9
Which component provides network security for mobile endpoints by inspecting traffic routed through gateways?
A. risma SaaS
B. lobalProtect
C. utoFocus
D. anorama
عرض الإجابة
اجابة صحيحة: B
السؤال #10
Which interface type is part of a Layer 3 zone with a Palo Alto Networks firewall?
A. anagement
B. igh Availability
C. ggregate
D. ggregation
عرض الإجابة
اجابة صحيحة: C
السؤال #11
When is the content inspection performed in the packet flow process?
A. fter the application has been identified
B. fter the SSL Proxy re-encrypts the packet
C. efore the packet forwarding process
D. efore session lookup
عرض الإجابة
اجابة صحيحة: A
السؤال #12
A coworker found a USB labeled "confidential in the parking lot. They inserted the drive and it infected their corporate laptop with unknown malware The malware caused the laptop to begin infiltrating corporate data.Which Security Profile feature could have been used to detect the malware on the laptop?
A. NS Sinkhole
B. ildFire Analysis
C. ntivirus
D. oS Protection
عرض الإجابة
اجابة صحيحة: A
السؤال #13
What is an advantage for using application tags?
A. fter clicking Check Now in the Dynamic Update window
B. fter committing the firewall configuration
C. fter installing the update
D. fter downloading the update
عرض الإجابة
اجابة صحيحة: B
السؤال #14
What are three valid information sources that can be used when tagging users to dynamic user groups? (Choose three.)
A. IP profile
B. RL category
C. pplication group
D. pplication filter
عرض الإجابة
اجابة صحيحة: CDE
السؤال #15
Given the topology, which zone type should zone A and zone B to be configured with?
A. ayer3
B. ap
C. ayer2
D. irtual Wire
عرض الإجابة
اجابة صحيحة: A
السؤال #16
If using group mapping with Active Directory Universal Groups, what must you do when configuring the User ID?
A. onfigure a Primary Employee ID number for user-based Security policies
B. reate a RADIUS Server profile to connect to the domain controllers using LDAPS on port 636 or 389
C. reate an LDAP Server profile to connect to the root domain of the Global Catalog server on port 3268 or 3269 for SSL
D. onfigure a frequency schedule to clear group mapping cache
عرض الإجابة
اجابة صحيحة: C
السؤال #17
Based on the shown security policy, which Security policy rule would match all FTP traffic from the inside zone to the outside zone?
A. nterzone-default
B. nternal-inside-dmz
C. nside-portal
D. gress-outside
عرض الإجابة
اجابة صحيحة: D
السؤال #18
Which three configuration settings are required on a Palo Alto Network firewall management interface? (Choose three.)
A. hey are helpful during the creation of new zones
B. hey help content updates automate policy updates
C. hey help with the creation of interfaces
D. hey help with the design of IP address allocations in DHCP
عرض الإجابة
اجابة صحيحة: BCE
السؤال #19
An administrator would like to silently drop traffic from the internet to a ftp server.Which Security policy action should the administrator select?
A. rop
B. eny
C. lock
D. eset-server
عرض الإجابة
اجابة صحيحة: A
السؤال #20
Which attribute can a dynamic address group use as a filtering condition to determine its membership?
A. ubnet mask
B. ag
C. P address
D. ildcard mask
عرض الإجابة
اجابة صحيحة: B
السؤال #21
Given the Cyber-Attack Lifecycle diagram, identify the stage in which the attacker can run malicious code against a targeted machine.
A. xploitation
B. nstallation
C. econnaissance
D. ct on Objective
عرض الإجابة
اجابة صحيحة: A
السؤال #22
An address object of type IP Wildcard Mask can be referenced in which part of the configuration?
A. nti-Spyware Profile
B. ata Filtering Profile
C. ntivirus Profile
D. ulnerability Protection Profile
عرض الإجابة
اجابة صحيحة: C
السؤال #23
A server-admin in the USERS-zone requires SSH-access to all possible servers in all current and future Public Cloud environments. All other required connections have already been enabled between the USERS- and the OUTSIDE-zone. What configuration-changes should the Firewall-admin make?
A. reate a custom-service-object called SERVICE-SSH for destination-port-TCP-22
B. reate a security-rule that allows traffic from zone USERS to OUTSIDE to allow traffic from any source IP-address to any destination IP-address for application SSH
C. n addition to option a, a custom-service-object called SERVICE-SSH-RETURN that contains source-port-TCP-22 should be created
D. n addition to option c, an additional rule from zone OUTSIDE to USERS for application SSH from any source-IP-address to any destination-IP-address is required to allow the return-traffic from the SSH-servers to reach the server-admin
عرض الإجابة
اجابة صحيحة: B
السؤال #24
Which security policy rule would be needed to match traffic that passes between the Outside zone and Inside zone, but does not match traffic that passes within the zones?
A. ntrazone
B. nterzone
C. niversal
D. lobal
عرض الإجابة
اجابة صحيحة: B
السؤال #25
A Security Profile can block or allow traffic at which point?
A. n either the data plane or the management plane
B. fter it is matched to a Security policy rule that allows or blocks traffic
C. fter it is matched to a Security policy rule that allows traffic
D. efore it is matched to a Security policy rule
عرض الإجابة
اجابة صحيحة: C
السؤال #26
Which two firewall components enable you to configure SYN flood protection thresholds? (Choose two.)
A. elect the interzone-default rule and click Override; on the Actions tab, select Log at Session End and click OK
B. elect the interzone-default rule and edit the rule; on the Actions tab, select Log at Session End and click OK
C. elect the interzone-default rule and edit the rule; on the Actions tab, select Log at Session Start and click OK
D. his rule has traffic logging enabled by default; no further action is required
عرض الإجابة
اجابة صحيحة: BC
السؤال #27
You notice that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would you need to monitor and block to mitigate the malicious activity?
A. ranch office traffic
B. orth-south traffic
C. erimeter traffic
D. ast-west traffic
عرض الإجابة
اجابة صحيحة: D
السؤال #28
Which statement is true regarding a Best Practice Assessment?
A. t runs only on firewalls
B. t shows how current configuration compares to Palo Alto Networks recommendations
C. hen guided by an authorized sales engineer, it helps determine the areas of greatest risk where you should focus prevention activities
D. t provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture
عرض الإجابة
اجابة صحيحة: B
السؤال #29
02. What are three methods of mapping usernames to IP addresses?
A. erverMonitori
B. rap
C. inemeld
D. ysl
عرض الإجابة
اجابة صحيحة: ADF
السؤال #30
Which plane on a Palo Alto Networks Firewall provides configuration, logging, and reporting functions on a separate processor?
A. ll traffic matching the SuperApp_chat, and SuperApp_download is denied because it no longer matches the SuperApp-base application
B. o impact because the apps were automatically downloaded and installed
C. o impact because the firewall automatically adds the rules to the App-ID interface
D. ll traffic matching the SuperApp_base, SuperApp_chat, and SuperApp_download is denied until the security administrator approves the applications
عرض الإجابة
اجابة صحيحة: A
السؤال #31
Which administrator type utilizes predefined roles for a local administrator account?
A. uperuser
B. ole-based
C. ynamic
D. evice administrator
عرض الإجابة
اجابة صحيحة: C
السؤال #32
You receive notification about new malware that infects hosts through malicious files transferred by FTP.Which Security profile detects and protects your internal networks from this threat after you update your firewall's threat signature database?
A. RL Filtering profile applied to inbound Security policy rules
B. ata Filtering profile applied to outbound Security policy rules
C. ntivirus profile applied to inbound Security policy rules
D. ulnerability Protection profile applied to outbound Security policy rules
عرض الإجابة
اجابة صحيحة: C
السؤال #33
What can be achieved by selecting a policy target prior to pushing policy rules from Panorama? *
A. ou can specify the location as pre- or post-rules to push policy rules
B. ou can specify the firewalls in a device group to which to push policy rules
C. oing so provides audit information prior to making changes for selected policy rules
D. oing so limits the templates that receive the policy rules
عرض الإجابة
اجابة صحيحة: A
السؤال #34
Which feature would be useful for preventing traffic from hosting providers that place few restrictions on content whose services are frequently used by attackers to distribute illegal or unethical material?
A. alo Alto Networks C&G IP Addresses
B. alo Alto Networks High Risk IP Addresses
C. alo Alto Networks Known Malicious IP Addresses
D. alo Alto Networks Bulletproof IP Addresses
عرض الإجابة
اجابة صحيحة: D
السؤال #35
Which statement is true about Panorama managed devices?
A. anorama automatically removes local configuration locks after a commit from Panorama
B. ocal configuration locks prohibit Security policy changes for a Panorama managed device
C. ecurity policy rules configured on local firewalls always take precedence
D. ocal configuration locks can be manually unlocked from Panorama
عرض الإجابة
اجابة صحيحة: A
السؤال #36
According to the best practices for mission critical devices, what is the recommended interval for antivirus updates?
A. y minute
B. ourly
C. aily
D. eekly
عرض الإجابة
اجابة صحيحة: C
السؤال #37
Starting with PAN-OS version 9.1, application dependency information is now reported in which two locations? (Choose two.)
A. reate a custom ג€URL Categoryג€ object with notifications enabled
B. ublish monitoring data for Security policy deny logs
C. nsure that the ג€site accessג€ setting for all URL sites is set to ג€alertג€
D. nable ג€Response Pagesג€ on the interface providing Internet access
عرض الإجابة
اجابة صحيحة: AC
السؤال #38
An administrator is investigating a log entry for a session that is allowed and has the end reason of aged-out.Which two fields could help in determining if this is normal? (Choose two.)
A. evert to running configuration
B. oad named configuration snapshot
C. evert to last saved configuration
D. mport named config snapshot
عرض الإجابة
اجابة صحيحة: BD
السؤال #39
What do Dynamic User Groups help you to do?
A. reate a policy that provides auto-remediation for anomalous user behavior and malicious activity
B. reate a dynamic list of firewall administrators
C. reate a QoS policy that provides auto-remediation for anomalous user behavior and malicious activity
D. reate a policy that provides auto-sizing for anomalous user behavior and malicious activity
عرض الإجابة
اجابة صحيحة: A
السؤال #40
Assume that traffic matches a Security policy rule but the attached Security Profiles is configured to block matching traffic.Which statement accurately describes how the firewall will apply an action to matching traffic?
A. f it is a block rule, then Security Profile action is applied last
B. f it is an allow rule, then the Security policy rule is applied last
C. f it is a block rule, then the Security policy rule action is applied last
D. f it is an allowed rule, then the Security Profile action is applied last
عرض الإجابة
اجابة صحيحة: D
السؤال #41
Which component is a building block in a Security policy rule?
A. ecryption profile
B. estination interface
C. imeout (min)
D. pplication
عرض الإجابة
اجابة صحيحة: D
السؤال #42
How are Application Filters or Application Groups used in firewall policy?
A. n Application Group is a static way of grouping applications and cannot be configured as a nested member of Application Group
B. n Application Group is a dynamic way of grouping applications and can be configured as a nested member of an Application Group
C. n Application Filter is a dynamic way to group applications and can be configured as a nested member of an Application Group
D. n Application Filter is a static way of grouping applications and can be configured as a nested member of an Application Group
عرض الإجابة
اجابة صحيحة: C
السؤال #43
Which interface type is used to monitor traffic and cannot be used to perform traffic shaping?
A. ayer 2
B. ap
C. ayer 3
D. irtual Wire
عرض الإجابة
اجابة صحيحة: B
السؤال #44
A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified byApp-ID as SuperApp_base.On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days.Based on the information, how is the SuperApp traffic affected after the 30 days have passed?
A. wo
B. hree
C. our
D. ne
عرض الإجابة
اجابة صحيحة: C
السؤال #45
Which three types of authentication services can be used to authenticate user traffic flowing through the firewall's data plane? (Choose three.)
A. pplication filters
B. ervice groups
C. hared service objects
D. pplication groups
عرض الإجابة
اجابة صحيحة: ABD
السؤال #46
Which object would an administrator create to block access to all high-risk applications?
A. IP profile
B. ulnerability Protection profile
C. pplication group
D. pplication filter
عرض الإجابة
اجابة صحيحة: D
السؤال #47
Which two components are utilized within the Single-Pass Parallel Processing architecture on a Palo Alto Networks Firewall? (Choose two.)
A. Layer-ID
B. User-ID
C. QoS-ID
D. App-ID
عرض الإجابة
اجابة صحيحة: BD
السؤال #48
Which two security profile types can be attached to a security policy? (Choose two.)
A. reate an anti-spyware profile and enable DNS Sinkhole
B. reate an antivirus profile and enable DNS Sinkhole
C. reate a URL filtering profile and block the DNS Sinkhole category
D. reate a security policy and enable DNS Sinkhole
عرض الإجابة
اجابة صحيحة: AD
السؤال #49
A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified byApp-ID as SuperApp_base.On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days.Based on the information, how is the SuperApp traffic affected after the 30 days have passed?
A. ll traffic matching the SuperApp_chat, and SuperApp_download is denied because it no longer matches the SuperApp-base application
B. o impact because the apps were automatically downloaded and installed
C. o impact because the firewall automatically adds the rules to the App-ID interface
D. ll traffic matching the SuperApp_base, SuperApp_chat, and SuperApp_download is denied until the security administrator approves the applications
عرض الإجابة
اجابة صحيحة: A
السؤال #50
Which URL Filtering Profile action does not generate a log entry when a user attempts to access a URL?
A. Override
B. Allow
C. Block
D. Continue
عرض الإجابة
اجابة صحيحة: B
السؤال #51
An internal host needs to connect through the firewall using source NAT to servers of the internet.Which policy is required to enable source NAT on the firewall?
A. AT policy with internal zone and internet zone specified
B. ost-NAT policy with external source and any destination address
C. AT policy with no internal or internet zone selected
D. re-NAT policy with external source and any destination address
عرض الإجابة
اجابة صحيحة: A
السؤال #52
Which file is used to save the running configuration with a Palo Alto Networks firewall?
A. unning-config
B. un-config
C. unning-configuration
D. un-configuration
عرض الإجابة
اجابة صحيحة: A
السؤال #53
Which dynamic update type includes updated anti-spyware signatures?
A. AN-DB
B. pplications and Threats
C. lobalProtect Data File
D. ntivirus
عرض الإجابة
اجابة صحيحة: B
السؤال #54
You receive notification about a new malware that infects hosts. An infection results in the infected host attempting to contact a command-and-control server.Which Security Profile detects and prevents this threat from establishing a command-and-control connection?
A. ulnerability Protection Profile applied to outbound Security policy rules
B. nti-Spyware Profile applied to outbound security policies
C. ntivirus Profile applied to outbound Security policy rules
D. ata Filtering Profile applied to outbound Security policy rules
عرض الإجابة
اجابة صحيحة: B
السؤال #55
Which administrator type provides more granular options to determine what the administrator can view and modify when creating an administrator account?
A. oot
B. ynamic
C. ole-based
D. uperuser
عرض الإجابة
اجابة صحيحة: C
السؤال #56
You receive notification about new malware that is being used to attack hosts. The malware exploits a software bug in common application.Which Security Profile detects and blocks access to this threat after you update the firewall's threat signature database?
A. ata Filtering Profile applied to outbound Security policy rules
B. ntivirus Profile applied to outbound Security policy rules
C. ata Filtering Profile applied to inbound Security policy rules
D. ulnerability Protection Profile applied to inbound Security policy rules
عرض الإجابة
اجابة صحيحة: D
السؤال #57
Based on the screenshot presented, which column contains the link that when clicked, opens a window to display all applications matched to the policy rule?
A. pps Allowed
B. ervice
C. ame
D. pps Seen
عرض الإجابة
اجابة صحيحة: D
السؤال #58
How do you reset the hit count on a Security policy rule?
A. elect a Security policy rule, and then select Hit Count > Reset
B. eboot the data-plane
C. irst disable and then re-enable the rule
D. ype the CLI command reset hitcount
عرض الإجابة
اجابة صحيحة: A
السؤال #59
What allows a security administrator to preview the Security policy rules that match new application signatures?
A. olicy Optimizer--New App Viewer
B. ynamic Updates--Review App
C. eview Release Notes
D. ynamic Updates--Review Policies
عرض الإجابة
اجابة صحيحة: D
السؤال #60
Your company has 10 Active Directory domain controllers spread across multiple WAN links. All users authenticate to Active Directory. Each link has substantial network bandwidth to support all mission-critical applications. The firewall's management plane is highly utilized.Given the scenario, which type of User-ID agent is considered a best practice by Palo Alto Networks?
A. indows-based agent on a domain controller
B. aptive Portal
C. itrix terminal server agent with adequate data-plane resources
D. AN-OS integrated agent
عرض الإجابة
اجابة صحيحة: A
السؤال #61
Which interface type is part of a Layer 3 zone with a Palo Alto Networks firewall?
A. Management
B. High Availability
C. Aggregate
D. Aggregation
عرض الإجابة
اجابة صحيحة: C
السؤال #62
An administrator is reviewing another administrator's Security policy log settings.Which log setting configuration is consistent with best practices for normal traffic?
A. og at Session Start and Log at Session End both enabled
B. og at Session Start enabled, Log at Session End disabled
C. og at Session Start disabled, Log at Session End enabled
D. og at Session Start and Log at Session End both disabled
عرض الإجابة
اجابة صحيحة: C
السؤال #63
What must be configured before setting up Credential Phishing Prevention?
A. hreat Prevention
B. nti Phishing Block Page
C. ser-ID
D. nti Phishing profiles
عرض الإجابة
اجابة صحيحة: C
السؤال #64
An administrator would like to use App-ID's deny action for an application and would like that action updated with dynamic updates as new content becomes available.Which security policy action causes this?
A. eset server
B. eset both
C. eny
D. rop
عرض الإجابة
اجابة صحيحة: C
السؤال #65
Which type of security policy rule will match traffic that flows between the Outside zone and inside zone, but would not match traffic that flows within the zones?
A. lobal
B. ntrazone
C. nterzone
D. niversal
عرض الإجابة
اجابة صحيحة: C
السؤال #66
Which stage of the cyber attack lifecycle makes it important to provide ongoing education to users on spear phishing links, unknown emails, and risky websites?
A. econnaissance
B. elivery
C. nstallation
D. xploitation
عرض الإجابة
اجابة صحيحة: A
السؤال #67
Actions can be set for which two items in a URL filtering security profile? (Choose two.)
A. pdated application content might change how Security policy rules are enforced
B. fter an application content update, new applications must be manually classified prior to use
C. xisting security policy rules are not affected by application content updates
D. fter an application content update, new applications are automatically identified and classified
عرض الإجابة
اجابة صحيحة: AD
السؤال #68
Which Security profile can you apply to protect against malware such as worms and Trojans?
A. ntivirus
B. ata filtering
C. ulnerability protection
D. nti-spyware
عرض الإجابة
اجابة صحيحة: A
السؤال #69
04. A Heatmap provides an adoption rate for which three features?
A. ildFire
B. rap
C. ileBlocki
D. ser-ID
عرض الإجابة
اجابة صحيحة: ACD
السؤال #70
How does an administrator schedule an Applications and Threats dynamic update while delaying installation of the update for a certain amount of time?
A. isable automatic updates during weekdays
B. utomatically ג€download and installג€ but with the ג€disable new applicationsג€ option used
C. utomatically ג€download onlyג€ and then install Applications and Threats later, after the administrator approves the update
D. onfigure the option for ג€Thresholdג€
عرض الإجابة
اجابة صحيحة: D
السؤال #71
An administrator wishes to follow best practices for logging traffic that traverses the firewall.Which log setting is correct?
A. nable Log at Session Start
B. isable all logging
C. nable Log at both Session Start and End
D. nable Log at Session End
عرض الإجابة
اجابة صحيحة: D

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: