Which two options prevent the firewall from capturing traffic passing through it? (Choose two.)

In an HA failover scenario , what occurs when sessions match by a SSL Forward Proxy Decryption policy?

A company has configured GlobalProtect to allow their users to work from home. A decrease in performance for remote workers has been reported during peak-use hours. Which two steps are likely to mitigate the issue? (Choose two.)

An administrator needs to identify which NAT policy is being used for internet traffic. From the GUI of the firewall, how can the administrator identify which NAT policy is in use for a traffic flow?

A company requires the firewall to block expired certificates issued by internet-hosted websites. The company plans to implement decryption in the future, but it does not perform SSL Forward Proxy decryption at this time. Without the use of SSL Forward Proxy decryption, how is the firewall still able to identify and block expired certificates issued by internet-hosted websites?

An administrator is configuring a Panorama device group. Which two objects are configurable? (Choose two.)

An organization is interested in migrating from their existing web proxy architecture to the Web Proxy feature of their PAN-OS 11.0 firewalls. Currently, HTTP and SSL requests contain the destination IP address of the web server and the client browser is redirected to the proxy. Which PAN-OS proxy method should be configured to maintain this type of traffic flow?

Which three scenarios will trigger a Panorama config backup of a managed firewall? (Choose three.)

Where is Palo Alto Networks Device Telemetry data stored on a firewall with a device certificate installed?

Which type of zone will allow different virtual systems to communicate with each other?