لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
After pushing a security policy from Panorama to a PA-3020 firwall, the firewall administrator notices that traffic logs from the PA-3020 are not appearing in Panorama’s traffic logs. What could be the problem?
A. A Server Profile has not been configured for logging to this Panorama device
B. Panorama is not licensed to receive logs from this particular firewall
C. The firewall is not licensed for logging to this Panorama device
D. None of the firwwall's policies have been assigned a Log Forwarding profile
عرض الإجابة
اجابة صحيحة: CE
السؤال #2
SAML SLO is supported for which two firewall features? (Choose two.)
A. GlobalProtect Portal
B. CaptivePortal
C. WebUI
D. CLI
عرض الإجابة
اجابة صحيحة: D
السؤال #3
Given the following table. Which configuration change on the firewall would cause it to use 10.66.24.88 as the next hop for the 192.168.93.0/30 network?
A. Configuring the administrative Distance for RIP to be lower than that of OSPF Int
B. Configuring the metric for RIP to be higher than that of OSPF Int
C. Configuring the administrative Distance for RIP to be higher than that of OSPF Ext
D. Configuring the metric for RIP to be lower than that OSPF Ext
عرض الإجابة
اجابة صحيحة: D
السؤال #4
Which Panorama administrator types require the configuration of at least one access domain? (Choose two)
A. Dynamic
B. Custom Panorama Admin
C. Role Based
D. Device Group
E. Template Admin
عرض الإجابة
اجابة صحيحة: B
السؤال #5
A network design change requires an existing firewall to start accessing Palo Alto Updates from a data plane interface address instead of the management interface. Which configuration setting needs to be modified?
A. Service route
B. Default route
C. Management profile
D. Authentication profile
عرض الإجابة
اجابة صحيحة: A
السؤال #6
Which three options are available when creating a security profile? (Choose three)
A. Anti-Malware
B. File Blocking
C. Url Filtering
D. IDS/ISP
E. Threat Prevention
F. Antivirus
عرض الإجابة
اجابة صحيحة: A
السؤال #7
An engineer is planning an SSL decryption implementation Which of the following statements is a best practice for SSL decryption?
A. Obtain an enterprise CA-signed certificate for the Forward Trust certificate
B. Obtain a certificate from a publicly trusted root CA for the Forward Trust certificate
C. Use an enterprise CA-signed certificate for the Forward Untrust certificate
D. Use the same Forward Trust certificate on all firewalls in the network
عرض الإجابة
اجابة صحيحة: B
السؤال #8
A firewall is configured with SSL Forward Proxy decryption and has the following four enterprise certificate authorities (Cas)
A. Enterprise-Trusted-CA; which is verified as Forward Trust Certificate (The CA is also installed in the trusted store of the end-user browser and system )i
B. Enterpnse-Untrusted-CA, which is verified as Forward Untrust Certificateii
C. Enterprise-lntermediate-CAi
D. Enterprise-Root-CA which is verified only as Trusted Root CAAn end-user visits https //www example-website com/ with a server certificate Common Name (CN) www example-website com The firewall does the SSL Forward Proxy decryption for the website and the server certificate is not trusted by the firewallThe end- user's browser will show that the certificate for www example-website com was issued by which of the following?
E. Enterprise-Untrusted-CA which is a self-signed CA
F. Enterprise-Trusted-CA which is a self-signed CA G
عرض الإجابة
اجابة صحيحة: D
السؤال #9
Based on the following image, what is the correct path of root, intermediate, and end-user certificate?
A. Palo Alto Networks > Symantec > VeriSign
B. Symantec > VeriSign > Palo Alto Networks
C. VeriSign > Palo Alto Networks > Symantec
D. VeriSign > Symantec > Palo Alto Networks
عرض الإجابة
اجابة صحيحة: AB
السؤال #10
Which CLI command displays the physical media that are connected to ethernetl/8?
A. > show system state filter-pretty sys
B. > show interface ethernetl/8
C. > show system state filter-pretty sys
D. > show system state filter-pretty sys
عرض الإجابة
اجابة صحيحة: A
السؤال #11
Which two features does PAN-OS? software use to identify applications? (Choose two)
A. port number
B. session number
C. transaction characteristics
D. application layer payload
عرض الإجابة
اجابة صحيحة: C
السؤال #12
A global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck near the User-ID agent server. Which solution in PAN-OS? software would help in this case?
A. Application override
B. Redistribution of user mappings
C. Virtual Wire mode
D. Content inspection
عرض الإجابة
اجابة صحيحة: B
السؤال #13
Which User-ID method maps IP addresses to usernames for users connecting through an 802.1x-enabled wireless network device that has no native integration with PAN-OS? software?
A. XML API
B. Port Mapping
C. Client Probing
D. Server Monitoring
عرض الإجابة
اجابة صحيحة: DE
السؤال #14
What are two common reasons to use a "No Decrypt" action to exclude traffic from SSL decryption? (Choose two.)
A. the website matches a category that is not allowed for most users
B. the website matches a high-risk category
C. the web server requires mutual authentication
D. the website matches a sensitive category
عرض الإجابة
اجابة صحيحة: AC
السؤال #15
In a virtual router, which object contains all potential routes?
A. MIB
B. RIB
C. SIP
D. FIB
عرض الإجابة
اجابة صحيحة: B
السؤال #16
How does Panorama prompt VMWare NSX to quarantine an infected VM?
A. HTTP Server Profile
B. Syslog Server Profile
C. Email Server Profile
D. SNMP Server Profile
عرض الإجابة
اجابة صحيحة: DE
السؤال #17
If the firewall is configured for credential phishing prevention using the “Domain Credential Filter” method, which login will be detected as credential theft?
A. Mapping to the IP address of the logged-in user
B. First four letters of the username matching any valid corporate username
C. Using the same user’s corporate username and password
D. Marching any valid corporate username
عرض الإجابة
اجابة صحيحة: C
السؤال #18
Which feature can be configured on VM-Series firewalls?
A. aggregate interfaces
B. machine learning
C. multiple virtual systems
D. GlobalProtect
عرض الإجابة
اجابة صحيحة: AD
السؤال #19
Which three items are import considerations during SD-WAN configuration planning? (Choose three.)
A. link requirements
B. the name of the ISP
C. IP Addresses
D. branch and hub locations
عرض الإجابة
اجابة صحيحة: AD
السؤال #20
An administrator is considering upgrading the Palo Alto Networks NGFW and central management Panorama version What is considered best practice for this scenario?
A. Perform the Panorama and firewall upgrades simultaneously
B. Upgrade the firewall first wait at least 24 hours and then upgrade the Panorama version
C. Upgrade Panorama to a version at or above the target firewall version
D. Export the device state perform the update, and then import the device state
عرض الإجابة
اجابة صحيحة: C
السؤال #21
What are three valid method of user mapping? (Choose three)
A. Syslog
B. XML API
C. 802
D. WildFire
E. Server Monitoring
عرض الإجابة
اجابة صحيحة: ABC
السؤال #22
Which item enables a firewall administrator to see details about traffic that is currently active through the NGFW?
A. ACC
B. System Logs
C. App Scope
D. Session Browser
عرض الإجابة
اجابة صحيحة: AD
السؤال #23
An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the specific server based on the application, where Host A (10.1.1.100) received HTTP traffic and host B(10.1.1.101) receives SSH traffic. Which two security policy rules will accomplish this configuration? (Choose two)
A. Untrust (Any) to Untrust (10
B. Untrust (Any) to DMZ (1
C. Untrust (Any) to DMZ (1
D. Untrust (Any) to Untrust (10
عرض الإجابة
اجابة صحيحة: B
السؤال #24
When you configure an active/active high availability pair which two links can you use? (Choose two)
A. HA2 backup
B. HA3
C. Console Backup
D. HSCI-C
عرض الإجابة
اجابة صحيحة: A
السؤال #25
A Palo Alto Networks NGFW just submitted a file to WildFire for analysis. Assume a 5-minute window for analysis. The firewall is configured to check for verdicts every 5 minutes. How quickly will the firewall receive back a verdict?
A. More than 15 minutes
B. 5 minutes
C. 10 to 15 minutes
D. 5 to 10 minutes
عرض الإجابة
اجابة صحيحة: D
السؤال #26
In High Availability, which information is transferred via the HA data link?
A. session information
B. heartbeats
C. HA state information
D. User-ID information
عرض الإجابة
اجابة صحيحة: A
السؤال #27
Which operation will impact the performance of the management plane?
A. WildFire Submissions
B. DoS Protection
C. decrypting SSL Sessions
D. Generating a SaaS Application Report
عرض الإجابة
اجابة صحيحة: D
السؤال #28
An administrator has 750 firewalls The administrator's central-management Panorama instance deploys dynamic updates to the firewalls The administrator notices that the dynamic updates from Panorama do not appear on some of the firewalls If Panorama pushes the configuration of a dynamic update schedule to managed firewalls, but the configuration does not appear what is the root cause?
A. Panorama has no connection to Palo Alto Networks update servers
B. Panorama does not have valid licenses to push the dynamic updates
C. No service route is configured on the firewalls to Palo Alto Networks update servers
D. Locally-defined dynamic update settings take precedence over the settings that Panorama pushed
عرض الإجابة
اجابة صحيحة: B
السؤال #29
Below are the steps in the workflow for creating a Best Practice Assessment in a firewall and Panorama configuration Place the steps in order.
A. Mastered
B. Not Mastered
عرض الإجابة
اجابة صحيحة: B
السؤال #30
A client has a sensitive application server in their data center and is particularly concerned about resource exhaustion because of distributed denial-of-service attacks. How can the Palo Alto Networks NGFW be configured to specifically protect this server against resource exhaustion originating from multiple IP addresses (DDoS attack)?
A. Define a custom App-ID to ensure that only legitimate application traffic reaches the server
B. Add a Vulnerability Protection Profile to block the attack
C. Add QoS Profiles to throttle incoming requests
D. Add a DoS Protection Profile with defined session count
عرض الإجابة
اجابة صحيحة: D
السؤال #31
Which two mechanisms help prevent a spilt brain scenario an Active/Passive High Availability (HA) pair? (Choose two)
A. Configure the management interface as HA3 Backup
B. Configure Ethernet 1/1 as HA1 Backup
C. Configure Ethernet 1/1 as HA2 Backup
D. Configure the management interface as HA2 Backup
E. Configure the management interface as HA1 Backup
F. Configure ethernet1/1 as HA3 Backup
عرض الإجابة
اجابة صحيحة: AC
السؤال #32
A critical US-CERT notification is published regarding a newly discovered botnet. The malware is very evasive and is not reliably detected by endpoint antivirus software. Furthermore, SSL is used to tunnel malicious traffic to command-and-control servers on the internet and SSL Forward Proxy Decryption is not enabled. Which component once enabled on a perirneter firewall will allow the identification of existing infected hosts in an environment?
A. Anti-Spyware profiles applied outbound security policies with DNS Query action set to sinkhole
B. File Blocking profiles applied to outbound security policies with action set to alert
C. Vulnerability Protection profiles applied to outbound security policies with action set to block
D. Antivirus profiles applied to outbound security policies with action set to alert
عرض الإجابة
اجابة صحيحة: BD
السؤال #33
Which Captive Portal mode must be configured to support MFA authentication?
A. NTLM
B. Redirect
C. Single Sign-On
D. Transparent
عرض الإجابة
اجابة صحيحة: B
السؤال #34
A company has a pair of Palo Alto Networks firewalls configured as an Acitve/Passive High Availability (HA) pair. What allows the firewall administrator to determine the last date a failover event occurred?
A. From the CLI issue use the show System log
B. Apply the filter subtype eq ha to the System log
C. Apply the filter subtype eq ha to the configuration log
D. Check the status of the High Availability widget on the Dashboard of the GUI
عرض الإجابة
اجابة صحيحة: C
السؤال #35
When configuring the firewall for packet capture, what are the valid stage types?
A. Receive, management , transmit , and drop
B. Receive , firewall, send , and non-syn
C. Receive management , transmit, and non-syn
D. Receive , firewall, transmit, and drop
عرض الإجابة
اجابة صحيحة: B
السؤال #36
An administrator has users accessing network resources through Citrix XenApp 7 x. Which User-ID mapping solution will map multiple users who are using Citrix to connect to the network and access resources?
A. Client Probing
B. Terminal Services agent
C. GlobalProtect
D. Syslog Monitoring
عرض الإجابة
اجابة صحيحة: C
السؤال #37
Which two are valid ACC GlobalProtect Activity tab widgets? (Choose two)
A. Successful GlobalProtect Connection Activity
B. Successful GlobalProtect Deployed Activity
C. GlobalProtect Quarantine Activity
D. GlobalProtect Deployment Activity
عرض الإجابة
اجابة صحيحة: D
السؤال #38
An administrator needs to troubleshoot a User-ID deployment The administrator believes that there is an issue related to LDAP authentication The administrator wants to create a packet capture on the management plane Which CLI command should the administrator use to obtain the packet capture for validating the configuration^
A. > ftp export mgmt-pcap from mgmt
B. > scp export mgmt-pcap from mgmt
C. > scp export pcap-mgmt from pcap
D. > scp export pcap from pcap to (usernameQhost:path)
عرض الإجابة
اجابة صحيحة: A
السؤال #39
An administrator needs to upgrade an NGFW to the most current version of PAN-OS? software. The following is occurring: ?Firewall has Internet connectivity through e1/1. ?Default security rules and security rules allowing all SSL and web-browsing traffic to and from any zone. ?Service route is configured, sourcing update traffic from e1/1. ?A communication error appears in the System logs when updates are performed. ?Download does not complete. What must be configured to enable the firewall to download the c
A. DNS settings for the firewall to use for resolution
B. scheduler for timed downloads of PAN-OS software
C. static route pointing application PaloAlto-updates to the update servers
D. Security policy rule allowing PaloAlto-updates as the application
عرض الإجابة
اجابة صحيحة: D
السؤال #40
Given the following snippet of a WildFire submission log. did the end-user get access to the requested information and why or why not?
A. Ye
B. because the action is set to "allow ''
C. No because WildFire categorized a file with the verdict "malicious"
D. Yes because the action is set to "alert"
E. No because WildFire classified the seventy as "high
عرض الإجابة
اجابة صحيحة: D
السؤال #41
A network design calls for a "router on a stick" implementation with a PA-5060 performing inter-VLAN routing All VLAN-tagged traffic will be forwarded to the PA-5060 through a single dot1q trunk interface Which interface type and configuration setting will support this design?
A. Trunk interface type with specified tag
B. Layer 3 interface type with specified tag
C. Layer 2 interface type with a VLAN assigned
D. Layer 3 subinterface type with specified tag
عرض الإجابة
اجابة صحيحة: B
السؤال #42
Panorama provides which two SD_WAN functions? (Choose two.)
A. data plane
B. physical network links
C. network monitoring
D. control plane
عرض الإجابة
اجابة صحيحة: C
السؤال #43
If a template stack is assigned to a device and the stack includes three templates with overlapping settings, which settings are published to the device when the template stack is pushed?
A. The settings assigned to the template that is on top of the stack
B. The administrator will be promoted to choose the settings for that chosen firewall
C. All the settings configured in all templates
D. Depending on the firewall location, Panorama decides with settings to send
عرض الإجابة
اجابة صحيحة: D
السؤال #44
A host attached to Ethernet 1/4 cannot ping the default gateway. The widget on the dashboard shows Ethernet 1/1 and Ethernet 1/4 to be green. The IP address of Ethernet 1/1 is 192.168.1.7 and the IP address of Ethernet 1/4 is 10.1.1.7. The default gateway is attached to Ethernet 1/1. A default route is properly configured. What can be the cause of this problem?
A. No Zone has been configured on Ethernet 1/4
B. Interface Ethernet 1/1 is in Virtual Wire Mode
C. DNS has not been properly configured on the firewall
D. DNS has not been properly configured on the host
عرض الإجابة
اجابة صحيحة: D
السؤال #45
An administrator has been asked to create 100 virtual firewalls in a local, on-premise lab environment (not in “the cloud”). Bootstrapping is the most expedient way to perform this task. Which option describes deployment of a bootstrap package in an on-premise virtual environment?
A. Use config-drive on a USB stick
B. Use an S3 bucket with an ISO
C. Create and attach a virtual hard disk (VHD)
D. Use a virtual CD-ROM with an ISO
عرض الإجابة
اجابة صحيحة: CD
السؤال #46
Before you upgrade a Palo Alto Networks NGFW what must you do?
A. Make sure that the PAN-OS support contract is valid for at least another year
B. Export a device state of the firewall
C. Make sure that the firewall is running a version of antivirus software and a version of WildFire that support the licensed subscriptions
D. Make sure that the firewall is running a supported version of the app + threat update
عرض الإجابة
اجابة صحيحة: D
السؤال #47
An administrator is configuring an IPSec VPN to a Cisco ASA at the administrator's home and experiencing issues completing the connection. the following is the output from the command: What could be the cause of this problem?
A. The dead peer detection settings do not match between the Palo Alto Networks Firewall and the ASA
B. The Proxy IDs on the Palo Alto Networks Firewall do not match the setting on the ASA
C. The public IP addresses do not match for both the Palo Alto Networks Firewall and the ASA
D. The shared secrets do not match between the Palo Alto Networks Firewall and the ASA
عرض الإجابة
اجابة صحيحة: D
السؤال #48
A network administrator uses Panorama to push security polices to managed firewalls at branch offices. Which policy type should be configured on Panorama if the administrators at the branch office sites to override these products?
A. Pre Rules
B. Post Rules
C. Explicit Rules
D. Implicit Rules
عرض الإجابة
اجابة صحيحة: B
السؤال #49
What are three valid qualifiers for a Decryption Policy Rule match? (Choose three )
A. Destination Zone
B. App-ID
C. Custom URL Category
D. User-ID
E. Source Interface
عرض الإجابة
اجابة صحيحة: B
السؤال #50
An internal system is not functioning The firewall administrator has determined that the incorrect egress interface is being used After looking at the configuration, the administrator believes that the firewall is not using a static route What are two reasons why the firewall might not use a static route"? (Choose two.)
A. no install on the route
B. duplicate static route
C. path monitoring on the static route
D. disabling of the static route
عرض الإجابة
اجابة صحيحة: A
السؤال #51
Exhibit: What will be the egress interface if the traffic’s ingress interface is ethernet1/6 sourcing from 192.168.111.3 and to the destination 10.46.41.113 during the time shown in the image?
A. ethernet1/7
B. ethernet1/5
C. ethernet1/6
D. ethernet1/3
عرض الإجابة
اجابة صحيحة: C
السؤال #52
Which PAN-OS? policy must you configure to force a user to provide additional credentials before he is allowed to access an internal application that contains highly-sensitive business data?
A. Security policy
B. Decryption policy
C. Authentication policy
D. Application Override policy
عرض الإجابة
اجابة صحيحة: D
السؤال #53
Which rule type controls end user SSL traffic to external websites?
A. SSL Outbound Proxyless Inspection
B. SSL Forward Proxy
C. SSL Inbound Inspection
D. SSH Proxy
عرض الإجابة
اجابة صحيحة: B
السؤال #54
In which two types of deployment is active/active HA configuration supported? (Choose two.)
A. TAP mode
B. Layer 2 mode
C. Virtual Wire mode
D. Layer 3 mode
عرض الإجابة
اجابة صحيحة: CD

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.