لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Which two rule types allow the administrator to modify the destination zone? (Choose two.)
A. educe load on the management plane by highlighting combinable security rules
B. igrate other firewall vendors' security rules to Palo Alto Networks configuration
C. liminate ג€Log at Session Startג€ security rules
D. onvert port-based security rules to application-based security rules
عرض الإجابة
اجابة صحيحة: AD
السؤال #2
When creating a custom URL category object, which is a valid type?
A. omain match
B. ost names
C. ildcard
D. ategory match
عرض الإجابة
اجابة صحيحة: D
السؤال #3
Which two statements are true for the DNS Security service introduced in PAN-OS version 9.0? (Choose two.)
A. reate an anti-spyware profile and enable DNS Sinkhole feature
B. reate an antivirus profile and enable its DNS Sinkhole feature
C. reate a URL filtering profile and block the DNS Sinkhole URL category
D. reate a Data Filtering Profiles and enable its DNS Sinkhole feature
عرض الإجابة
اجابة صحيحة: AB
السؤال #4
Which protocol is used to map usernames to user groups when User-ID is configured?
A. ACACS+
B. AML
C. DAP
D. ADIUS
عرض الإجابة
اجابة صحيحة: C
السؤال #5
The Palo Alto Networks NGFW was configured with a single virtual router named VR-1.What changes are required on VR-1 to route traffic between two interfaces on the NGFW?
A. ntivirus
B. nti-spyware
C. RL-filtering
D. ulnerability protection
عرض الإجابة
اجابة صحيحة: B
السؤال #6
Which solution is a viable option to capture user identification when Active Directory is not in use?
A. loud identity Engine
B. irectory Sync Service
C. roup mapping
D. uthentication Portal
عرض الإجابة
اجابة صحيحة: A
السؤال #7
An administrator would like to override the default deny action for a given application, and instead would like to block the traffic and send the ICMP code `communication with the destination is administratively prohibited`.Which security policy action causes this?
A. rop
B. rop, send ICMP Unreachable
C. eset both
D. eset server
عرض الإجابة
اجابة صحيحة: B
السؤال #8
DRAG DROP (Drag and Drop is not supported)Place the steps in the correct packet-processing order of operations.Select and Place:
A. ee Explanation section for answer
عرض الإجابة
اجابة صحيحة: A
السؤال #9
When HTTPS for management and GlobalProtect are enabled on the same interface, which TCP port is used for management access?
A. 0
B. 443
C. 443
D. 43
عرض الإجابة
اجابة صحيحة: C
السؤال #10
Based on the security policy rules shown, ssh will be allowed on which port?
A. 0
B. 3
C. 2
D. 3
عرض الإجابة
اجابة صحيحة: C
السؤال #11
Given the topology, which zone type should zone A and zone B to be configured with?
A. ayer3
B. thernet
C. ayer2
D. irtual Wire
عرض الإجابة
اجابة صحيحة: A
السؤال #12
Which type of address object is `10.5.1.1/0.127.248.2`?
A. P netmask
B. P subnet
C. P wildcard mask
D. P range
عرض الإجابة
اجابة صحيحة: C
السؤال #13
Access to which feature requires the PAN-OS Filtering license?
A. AN-DB database
B. NS Security
C. ustom URL categories
D. RL external dynamic lists
عرض الإجابة
اجابة صحيحة: A
السؤال #14
How often does WildFire release dynamic updates?
A. very 5 minutes
B. very 15 minutes
C. very 60 minutes
D. very 30 minutes
عرض الإجابة
اجابة صحيحة: A
السؤال #15
Based on the graphic, which statement accurately describes the output shown in the Server Monitoring panel?
A. he User-ID agent is connected to a domain controller labeled lab-client
B. he host lab-client has been found by the User-ID agent
C. he host lab-client has been found by a domain controller
D. he User-ID agent is connected to the firewall labeled lab-client
عرض الإجابة
اجابة صحيحة: A
السؤال #16
In a Security policy, what is the quickest way to reset all policy rule hit counters to zero?
A. ighlight each rule and use the Reset Rule Hit Counter > Selected Rules
B. eboot the firewall
C. se the Reset Rule Hit Counter > All Rules option
D. se the CLI enter the command reset rules all
عرض الإجابة
اجابة صحيحة: C
السؤال #17
According to best practices, how frequently should WildFire updates he made to perimeter firewalls?
A. very 10 minutes
B. very minute
C. very 5 minutes
D. n real time
عرض الإجابة
اجابة صحيحة: D
السؤال #18
03. Config logs display entries for which kind of firewall changes?
A. onfigurati
B. ysteml
C. ebu
D. ese
عرض الإجابة
اجابة صحيحة: A
السؤال #19
Access to which feature requires a URL Filtering license?
A. AN-DB database
B. xternal dynamic lists
C. NS Security
D. ustom URL categories
عرض الإجابة
اجابة صحيحة: A
السؤال #20
Choose the option that correctly completes this statement. A Security Profile can block or allow traffic ____________.
A. n either the data place or the management plane
B. fter it is matched by a security policy rule that allows traffic
C. efore it is matched to a Security policy rule
D. fter it is matched by a security policy rule that allows or blocks traffic
عرض الإجابة
اجابة صحيحة: D
السؤال #21
Which path is used to save and load a configuration with a Palo Alto Networks firewall?
A. Device>Setup>Services
B. Device>Setup>Management
C. Device>Setup>Operations
D. Device>Setup>Interfaces
عرض الإجابة
اجابة صحيحة: C
السؤال #22
08. The External zone type is used to pass traffic between which type of objects?
A.
B.
C. 0
D. 0
عرض الإجابة
اجابة صحيحة: D
السؤال #23
Which statement is true regarding a Best Practice Assessment?
A. he BPA tool can be run only on firewalls
B. t provides a percentage of adoption for each assessment area
C. he assessment, guided by an experienced sales engineer, helps determine the areas of greatest risk where you should focus prevention activities
D. t provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture
عرض الإجابة
اجابة صحيحة: B
السؤال #24
What is the purpose of the automated commit recovery feature?
A. t reverts the Panorama configuration
B. t causes HA synchronization to occur automatically between the HA peers after a push from Panorama
C. t reverts the firewall configuration if the firewall recognizes a loss of connectivity to Panorama after the change
D. t generates a config log after the Panorama configuration successfully reverts to the last running configuration
عرض الإجابة
اجابة صحيحة: C
السؤال #25
Which license must an Administrator acquire prior to downloading Antivirus Updates for use with the firewall?
A. hreat Prevention
B. ildFire
C. ntivirus
D. RL Filtering
عرض الإجابة
اجابة صحيحة: A
السؤال #26
DRAG DROP (Drag and Drop is not supported)Arrange the correct order that the URL classifications are processed within the system.Select and Place:
A. ee Explanation section for answer
عرض الإجابة
اجابة صحيحة: A
السؤال #27
Which path in PAN-OS 9.0 displays the list of port-based security policy rules?
A. Policies> Security> Rule Usage> No App Specified
B. Policies> Security> Rule Usage> Port only specified
C. Policies> Security> Rule Usage> Port-based Rules
D. Policies> Security> Rule Usage> Unused Apps
عرض الإجابة
اجابة صحيحة: C
السؤال #28
A company moved its old port-based firewall to a new Palo Alto Networks NGFW 60 days ago. Which utility should the company use to identify out-of-date or unused rules on the firewall?
A. ule Usage Filter > No App Specified
B. ule Usage Filter >Hit Count > Unused in 30 days
C. ule Usage Filter > Unused Apps
D. ule Usage Filter > Hit Count > Unused in 90 days
عرض الإجابة
اجابة صحيحة: D
السؤال #29
Which statement is true regarding a Heatmap report?
A. hen guided by authorized sales engineer, it helps determine the areas of greatest security risk
B. t runs only on firewalls
C. t provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture
D. t provides a percentage of adoption for each assessment area
عرض الإجابة
اجابة صحيحة: D
السؤال #30
Assume a custom URL Category Object of `NO-FILES` has been created to identify a specific website.How can file uploading/downloading be restricted for the website while permitting general browsing access to that website?
A. reate a Security policy with a URL Filtering profile that references the site access setting of block to NO-FILES
B. reate a Security policy that references NO-FILES as a URL Category qualifier with an appropriate File Blocking profile
C. reate a Security policy with a URL Filtering profile that references the site access setting of continue to NO-FILES
D. reate a Security policy that references NO-FILES as a URL Category qualifier with an appropriate Data Filtering profile
عرض الإجابة
اجابة صحيحة: B
السؤال #31
Which two configuration settings shown are not the default? (Choose two.)
A. ignature Matching
B. etwork Processing
C. ecurity Processing
D. ata Interfaces
عرض الإجابة
اجابة صحيحة: BC
السؤال #32
Which Security Profile mitigates attacks based on packet count?
A. one protection profile
B. RL filtering profile
C. ntivirus profile
D. ulnerability profile
عرض الإجابة
اجابة صحيحة: A
السؤال #33
You have been tasked to configure access to a new web server located in the DMZ.Based on the diagram what configuration changes are required in the NGFW virtual router to route traffic from the 10.1.1.0/24 network to 192.168.1.0/24?
A. dd a route with the destination of 192
B. dd a route with the destination of 192
C. dd a route with the destination of 192
D. dd a route with the destination of 192
عرض الإجابة
اجابة صحيحة: C
السؤال #34
Which update option is not available to administrators?
A. ew Spyware Notifications
B. ew URLs
C. ew Application Signatures
D. ew Malicious Domains
E. ew Antivirus Signatures
عرض الإجابة
اجابة صحيحة: B
السؤال #35
Which license is required to use the Palo Alto Networks built-in IP address EDLs?
A. NS Security
B. hreat Prevention
C. ildFire
D. D-Wan
عرض الإجابة
اجابة صحيحة: B
السؤال #36
Four configuration choices are listed, and each could be used to block access to a specific URL. If you configured each choice to block the same URL then which choice would be the last to block access to the URL?
A. EDL in URL Filtering Profile
B. Custom URL category in URL Filtering Profile
C. Custom URL category in Security policy rule
D. PAN-DB URL category in URL Filtering Profile
عرض الإجابة
اجابة صحيحة: C
السؤال #37
Which type of firewall configuration contains in-progress configuration changes?
A. ackup
B. andidate
C. unning
D. ommitted
عرض الإجابة
اجابة صحيحة: B
السؤال #38
Which two features can be used to tag a username so that it is included in a dynamic user group? (Choose two.)
A. irtual router
B. dmin Role profile
C. NS proxy
D. ervice route
عرض الإجابة
اجابة صحيحة: BD
السؤال #39
Which User-ID agent would be appropriate in a network with multiple WAN links, limited network bandwidth, and limited firewall management plane resources?
A. yslog
B. ADIUS
C. ID redistribution
D. FF headers
عرض الإجابة
اجابة صحيحة: A
السؤال #40
An administrator is troubleshooting an issue with traffic that matches the intrazone-default rule, which is set to default configuration.What should the administrator do?
A. hange the logging action on the rule
B. eview the System Log
C. efresh the Traffic Log
D. une your Traffic Log filter to include the dates
عرض الإجابة
اجابة صحيحة: A
السؤال #41
DRAG DROP (Drag and Drop is not supported)Place the following steps in the packet processing order of operations from first to last.Select and Place:
A. ee Explanation section for answer
عرض الإجابة
اجابة صحيحة: A
السؤال #42
What must you configure to enable the firewall to access multiple Authentication Profiles to authenticate a non-local account?
A. uthentication sequence
B. DAP server profile
C. uthentication server list
D. uthentication list profile
عرض الإجابة
اجابة صحيحة: A
السؤال #43
When creating a Source NAT policy, which entry in the Translated Packet tab will display the options Dynamic IP and Port, Dynamic, Static IP, and None?
A. ranslation Type
B. nterface
C. ddress Type
D. P Address
عرض الإجابة
اجابة صحيحة: A
السؤال #44
Which Palo Alto Networks service protects cloud-based applications such as Dropbox and Salesforce by monitoring permissions and shares and scanning files for sensitive information?
A. risma SaaS
B. utoFocus
C. anorama
D. lobalProtect
عرض الإجابة
اجابة صحيحة: A
السؤال #45
Which Security Profile can provide protection against ICMP floods, based on individual combinations of a packet's source and destination IP addresses?
A. oS protection
B. RL filtering
C. acket buffering
D. nti-spyware
عرض الإجابة
اجابة صحيحة: A
السؤال #46
Which action results in the firewall blocking network traffic without notifying the sender?
A. rop
B. eny
C. eset Server
D. eset Client
عرض الإجابة
اجابة صحيحة: A
السؤال #47
Starting with PAN-OS version 9.1, which new type of object is supported for use within the User field of a Security policy rule?
A. emote username
B. ynamic user group
C. tatic user group
D. ocal username
عرض الإجابة
اجابة صحيحة: B
السؤال #48
Which two statements are correct about App-ID content updates? (Choose two.)
A. indows session monitoring
B. assive server monitoring using the Windows-based agent
C. aptive Portal
D. assive server monitoring using a PAN-OS integrated User-ID agent
عرض الإجابة
اجابة صحيحة: CD
السؤال #49
Given the image, which two options are true about the Security policy rules. (Choose two.)
A. lobal
B. ntrazone
C. nterzone
D. niversal
عرض الإجابة
اجابة صحيحة: AD
السؤال #50
Which type of administrative role must you assign to a firewall administrator account, if the account must include a custom set of firewall permissions?
A. ole-based
B. ulti-Factor Authentication
C. ynamic
D. AML
عرض الإجابة
اجابة صحيحة: A
السؤال #51
Which data flow direction is protected in a zero-trust firewall deployment that is not protected in a perimeter-only firewall deployment?
A. orth-south
B. nbound
C. utbound
D. ast-west
عرض الإجابة
اجابة صحيحة: D
السؤال #52
Which interface type uses virtual routers and routing protocols?
A. ap
B. ayer3
C. irtual Wire
D. ayer2
عرض الإجابة
اجابة صحيحة: B
السؤال #53
Which information is included in device state other than the local configuration?
A. ncommitted changes
B. udit logs to provide information of administrative account changes
C. ystem logs to provide information of PAN-OS changes
D. evice group and template settings pushed from Panorama
عرض الإجابة
اجابة صحيحة: D
السؤال #54
An administrator needs to create a Security policy rule that matches DNS traffic within the LAN zone, and also needs to match DNS traffic within the DMZ zone.The administrator does not want to allow traffic between the DMZ and LAN zones.Which Security policy rule type should they use?
A. nterzone
B. ntrazone
C. efault
D. niversal
عرض الإجابة
اجابة صحيحة: D
السؤال #55
Which path in PAN-OS 9.0 displays the list of port-based security policy rules?
A. olicies> Security> Rule Usage> No App Specified
B. olicies> Security> Rule Usage> Port only specified
C. olicies> Security> Rule Usage> Port-based Rules
D. olicies> Security> Rule Usage> Unused Apps
عرض الإجابة
اجابة صحيحة: A
السؤال #56
Which Palo Alto Networks component provides consolidated policy creation?
A. olicy Optimizer
B. risma SaaS
C. lobalProtect
D. anorama
عرض الإجابة
اجابة صحيحة: D
السؤال #57
Given the topology, which zone type should you configure for firewall interface E1/1?
A. Tap
B. Tunnel
C. Virtual Wire
D. Layer3
عرض الإجابة
اجابة صحيحة: A
السؤال #58
Which operations are allowed when working with App-ID application tags?
A. redefined tags may be deleted
B. redefined tags may be augmented by custom tags
C. redefined tags may be modified
D. redefined tags may be updated by WildFire dynamic updates
عرض الإجابة
اجابة صحيحة: B
السؤال #59
Which two statements are correct regarding multiple static default routes when they are configured as shown in the image? (Choose two.)
A. ecurity policy rule
B. CC global fitter
C. AT address pool
D. xternal dynamic list
عرض الإجابة
اجابة صحيحة: AD
السؤال #60
Which interface type uses virtual routers and routing protocols?
A. Tap
B. Layer3
C. Virtual Wire
D. Layer2
عرض الإجابة
اجابة صحيحة: B
السؤال #61
Which interface does not require a MAC or IP address?
A. irtual Wire
B. ayer3
C. ayer2
D. oopback
عرض الإجابة
اجابة صحيحة: A
السؤال #62
Which type of Security policy rule would match traffic flowing between the Inside zone and Outside zone, within the Inside zone, and within the Outside zone?
A. lobalProtect
B. utoFocus
C. perture
D. anorama
عرض الإجابة
اجابة صحيحة: D
السؤال #63
Which tab would an administrator click to create an address object?
A. bjects
B. onitor
C. evice
D. olicies
عرض الإجابة
اجابة صحيحة: A
السؤال #64
To use Active Directory to authenticate administrators, which server profile is required in the authentication profile?
A. omain controller
B. ACACS+
C. DAP
D. ADIUS
عرض الإجابة
اجابة صحيحة: C
السؤال #65
Which URL Filtering Profile action does not generate a log entry when a user attempts to access a URL?
A. verride
B. llow
C. lock
D. ontinue
عرض الإجابة
اجابة صحيحة: B
السؤال #66
Which type of profile must be applied to the Security policy rule to protect against buffer overflows, illegal code execution, and other attempts to exploit system flaws?
A. RL filtering
B. ulnerability protection
C. ile blocking
D. nti-spyware
عرض الإجابة
اجابة صحيحة: B
السؤال #67
Which action related to App-ID updates will enable a security administrator to view the existing security policy rule that matches new application signatures?
A. eview Policies
B. eview Apps
C. re-analyze
D. eview App Matches
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.