لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Which three settings are defined within the Templates object of Panorama? (Choose three.)
A. Setup
B. Virtual Routers
C. Interfaces
D. Security
E. Application Override
عرض الإجابة
اجابة صحيحة: B
السؤال #2
Which two settings can be configured only locally on the firewall and not pushed from a Panorama template or template stack? (Choose two)
A. HA1 IP Address
B. Network Interface Type
C. Master Key
D. Zone Protection Profile
عرض الإجابة
اجابة صحيحة: B
السؤال #3
During the packet flow process, which two processes are performed in application identification? (Choose two.)
A. pattern based application identification
B. application changed from content inspection
C. session application identified
D. application override policy match
عرض الإجابة
اجابة صحيحة: A
السؤال #4
Click the Exhibit button below, A firewall has three PBF rules and a default route with a next hop of 172.20.10.1 that is configured in the default VR. A user named Will has a PC with a 192.168.10.10 IP address. He makes an HTTPS connection to 172.16.10.20. Which is the next hop IP address for the HTTPS traffic from Will's PC?
A. 172
B. 172
C. 172
D. 172
عرض الإجابة
اجابة صحيحة: D
السؤال #5
Which GlobalProtect Client connect method requires the distribution and use of machine certificates?
A. User-logon (Always on)
B. At-boot
C. On-demand
D. Pre-logon
عرض الإجابة
اجابة صحيحة: A
السؤال #6
Updates to dynamic user group membership are automatic therefore using dynamic user groups instead of static group objects allows you to:
A. respond to changes in user behavior or potential threats using manual policy changes
B. respond to changes in user behavior or potential threats without automatic policy changes
C. respond to changes in user behavior and confirmed threats with manual policy changes
D. respond to changes in user behavior or potential threats without manual policy changes
عرض الإجابة
اجابة صحيحة: A
السؤال #7
Which is not a valid reason for receiving a decrypt-cert-validation error?
A. Unsupported HSM
B. Unknown certificate status
C. Client authentication
D. Untrusted issuer
عرض الإجابة
اجابة صحيحة: B
السؤال #8
To connect the Palo Alto Networks firewall to AutoFocus, which setting must be enabled?
A. Device>Setup>Services>AutoFocus
B. Device> Setup>Management >AutoFocus
C. AutoFocus is enabled by default on the Palo Alto Networks NGFW
D. Device>Setup>WildFire>AutoFocus
E. Device>Setup> Management> Logging and Reporting Settings
عرض الإجابة
اجابة صحيحة: D
السؤال #9
A network security engineer has been asked to analyze Wildfire activity. However, the Wildfire Submissions item is not visible form the Monitor tab. What could cause this condition?
A. The firewall does not have an active WildFire subscription
B. The engineer's account does not have permission to view WildFire Submissions
C. A policy is blocking WildFire Submission traffic
D. Though WildFire is working, there are currently no WildFire Submissions log entries
عرض الإجابة
اجابة صحيحة: D
السؤال #10
Which two events trigger the operation of automatic commit recovery? (Choose two.)
A. when an aggregate Ethernet interface component fails
B. when Panorama pushes a configuration
C. when a firewall HA pair fails over
D. when a firewall performs a local commit
عرض الإجابة
اجابة صحيحة: ABDF
السؤال #11
VPN traffic intended for an administrator’s Palo Alto Networks NGFW is being maliciously intercepted and retransmitted by the interceptor. When creating a VPN tunnel, which protection profile can be enabled to prevent this malicious behavior?
A. Zone Protection
B. Replay
C. Web Application
D. DoS Protection
عرض الإجابة
اجابة صحيحة: D
السؤال #12
A company has a web server behind a Palo Alto Networks next-generation firewall that it wants to make accessible to the public at 1.1.1.1. The company has decided to configure a destination NAT Policy rule. Given the following zone information: ?DMZ zone: DMZ-L3 ?Public zone: Untrust-L3 ?Guest zone: Guest-L3 ?Web server zone: Trust-L3 ?Public IP address (Untrust-L3): 1.1.1.1 ?Private IP address (Trust-L3): 192.168.1.50 What should be configured as the destination zone on the Original Packet tab of NAT Polic
A. Untrust-L3
B. DMZ-L3
C. Guest-L3
D. Trust-L3
عرض الإجابة
اجابة صحيحة: C
السؤال #13
A distributed log collection deployment has dedicated log Collectors. A developer needs a device to send logs to Panorama instead of sending logs to the Collector Group. What should be done first?
A. Remove the cable from the management interface, reload the log Collector and then re-connect that cable
B. Contact Palo Alto Networks Support team to enter kernel mode commands to allow adjustments
C. remove the device from the Collector Group
D. Revert to a previous configuration
عرض الإجابة
اجابة صحيحة: BC
السؤال #14
People are having intermittent quality issues during a live meeting via web application.
A. Use QoS profile to define QoS Classes
B. Use QoS Classes to define QoS Profile
C. Use QoS Profile to define QoS Classes and a QoS Policy
D. Use QoS Classes to define QoS Profile and a QoS Policy
عرض الإجابة
اجابة صحيحة: BD
السؤال #15
Which administrative authentication method supports authorization by an external service?
A. Certificates
B. LDAP
C. RADIUS
D. SSH keys
عرض الإجابة
اجابة صحيحة: D
السؤال #16
Which three authentication factors does PAN-OS? software support for MFA (Choose three.)
A. Push
B. Pull
C. Okta Adaptive
D. Voice
E. SMS
عرض الإجابة
اجابة صحيحة: C
السؤال #17
Which Security policy rule will allow an admin to block facebook chat but allow Facebook in general?
A. Deny application facebook-chat before allowing application facebook
B. Deny application facebook on top
C. Allow application facebook on top
D. Allow application facebook before denying application facebook-chat
عرض الإجابة
اجابة صحيحة: A
السؤال #18
How are IPV6 DNS queries configured to user interface ethernet1/3?
A. Network > Virtual Router > DNS Interface
B. Objects > CustomerObjects > DNS
C. Network > Interface Mgrnt
D. Device > Setup > Services > Service Route Configuration
عرض الإجابة
اجابة صحيحة: BE
السؤال #19
Click the Exhibit button An administrator has noticed a large increase in bittorrent activity. The administrator wants to determine where the traffic is going on the company. What would be the administrator's next step?
A. Right-Click on the bittorrent link and select Value from the context menu
B. Create a global filter for bittorrent traffic and then view Traffic logs
C. Create local filter for bittorrent traffic and then view Traffic logs
D. Click on the bittorrent application link to view network activity
عرض الإجابة
اجابة صحيحة: AC
السؤال #20
What must be used in Security Policy Rule that contain addresses where NAT policy applies?
A. Pre-NAT addresse and Pre-NAT zones
B. Post-NAT addresse and Post-Nat zones
C. Pre-NAT addresse and Post-Nat zones
D. Post-Nat addresses and Pre-NAT zones
عرض الإجابة
اجابة صحيحة: BDE
السؤال #21
An administrator encountered problems with inbound decryption. Which option should the administrator investigate as part of triage?
A. Security policy rule allowing SSL to the target server
B. Firewall connectivity to a CRL
C. Root certificate imported into the firewall with “Trust” enabled
D. Importation of a certificate from an HSM
عرض الإجابة
اجابة صحيحة: B
السؤال #22
A network security engineer needs to configure a virtual router using IPv6 addresses. Which two routing options support these addresses? (Choose two)
A. BGP not sure
B. OSPFv3
C. RIP
D. Static Route
عرض الإجابة
اجابة صحيحة: A
السؤال #23
Which CLI command can be used to export the tcpdump capture?
A. scp export tcpdump from mgmt
B. scp extract mgmt-pcap from mgmt
C. scp export mgmt-pcap from mgmt
D. download mgmt
عرض الإجابة
اجابة صحيحة: D
السؤال #24
Which two interface types can be used when configuring GlobalProtect Portal?(Choose two)
A. Virtual Wire
B. Loopback
C. Layer 3
D. Tunnel
عرض الإجابة
اجابة صحيحة: A
السؤال #25
How can a candidate or running configuration be copied to a host external from Panorama?
A. Commit a running configuration
B. Save a configuration snapshot
C. Save a candidate configuration
D. Export a named configuration snapshot
عرض الإجابة
اجابة صحيحة: AC
السؤال #26
A customer wants to combine multiple Ethernet interfaces into a single virtual interface using link aggregation. Which two formats are correct for naming aggregate interfaces? (Choose two.)
A. ae
B. aggregate
C. ae
D. aggregate
عرض الإجابة
اجابة صحيحة: C
السؤال #27
To protect your firewall and network from single source denial of service (DoS) attacks that can overwhelm its packet buffer and cause legitimate traffic to drop, you can configure.
A. BGP (Border Gateway Protocol)
B. PBP (Packet Buffer Protection)
C. PGP (Packet Gateway Protocol)
D. PBP (Protocol Based Protection)
عرض الإجابة
اجابة صحيحة: ADE
السؤال #28
Which method will dynamically register tags on the Palo Alto Networks NGFW?
A. Restful API or the VMWare API on the firewall or on the User-ID agent or the read-only domain controller (RODC)
B. Restful API or the VMware API on the firewall or on the User-ID agent
C. XML-API or the VMware API on the firewall or on the User-ID agent or the CLI
D. XML API or the VM Monitoring agent on the NGFW or on the User-ID agent
عرض الإجابة
اجابة صحيحة: CD
السؤال #29
Which CLI command displays the current management plan memory utilization?
A. > show system info
B. > show system resources
C. > debug management-server show
D. > show running resource-monitor
عرض الإجابة
اجابة صحيحة: B
السؤال #30
Which virtual router feature determines if a specific destination IP address is reachable?
A. Heartbeat Monitoring
B. Failover
C. Path Monitoring
D. Ping-Path
عرض الإجابة
اجابة صحيحة: D
السؤال #31
On the NGFW. how can you generate and block a private key from export and thus harden your security posture and prevent rogue administrators or other bad actors from misusing keys?
A. * 1
B. * 1 Select Device > Certificates * 2 Select Certificate Profile* 3 Generate the certificate* 4 Select Block Private Key Export
C. * 1 Select Device > Certificates * 2 Select Certificate Profile
D. * 1 Select Device > Certificate Management > Certificates > Device > Certificates * 2 Generate the certificate* 3 Select Block Private Key Export* 4 Click Genet ale to generate the new certificate
عرض الإجابة
اجابة صحيحة: C
السؤال #32
A session in the Traffic log is reporting the application as “incomplete.” What does “incomplete” mean?
A. The three-way TCP handshake was observed, but the application could not be identified
B. The three-way TCP handshake did not complete
C. The traffic is coming across UDP, and the application could not be identified
D. Data was received but was instantly discarded because of a Deny policy was applied before App-ID could be applied
عرض الإجابة
اجابة صحيحة: A
السؤال #33
Which Security Policy Rule configuration option disables antivirus and anti-spyware scanning of server-to-client flows only?
A. Disable Server Response Inspection
B. Apply an Application Override
C. Disable HIP Profile
D. Add server IP Security Policy exception
عرض الإجابة
اجابة صحيحة: ABF
السؤال #34
Which option would an administrator choose to define the certificate and protocol that Panorama and its managed devices use for SSL/TLS services?
A. Configure a Decryption Profile and select SSL/TLS services
B. Set up SSL/TLS under Polices > Service/URL Category>Service
C. Set up Security policy rule to allow SSL communication
D. Configure an SSL/TLS Profile
عرض الإجابة
اجابة صحيحة: C
السؤال #35
Which two virtualization platforms officially support the deployment of Palo Alto Networks VM-Series firewalls? (Choose two.)
A. Red Hat Enterprise Virtualization (RHEV)
B. Kernel Virtualization Module (KVM)
C. Boot Strap Virtualization Module (BSVM)
D. Microsoft Hyper-V
عرض الإجابة
اجابة صحيحة: C
السؤال #36
An administrator has been asked to configure a Palo Alto Networks NGFW to provide protection against external hosts attempting to exploit a flaw in an operating system on an internal system. Which Security Profile type will prevent this attack?
A. Vulnerability Protection
B. Anti-Spyware
C. URL Filtering
D. Antivirus
عرض الإجابة
اجابة صحيحة: D
السؤال #37
A company hosts a publicly accessible web server behind a Palo Alto Networks next-generation firewall with the following configuration information: * Users outside the company are in the "Untrust-L3" zone. * The web server physically resides in the "Trust-L3" zone. * Web server public IP address: 23.54.6.10 * Web server private IP address: 192.168.1.10 Which two items must the NAT policy contain to allow users in the Untrust-L3 zone to access the web server? (Choose two.)
A. Destination IPof 23
B. UntrustL3 for both Source and Destination Zone
C. Destination IP of 192
D. UntrustL3 for Source Zone and Trust-L3 for Destination Zone
عرض الإجابة
اجابة صحيحة: ABC
السؤال #38
How does an administrator schedule an Applications and Threats dynamic update while delaying installation of the update for a certain amount of time?
A. Configure the option for “Threshold”
B. Disable automatic updates during weekdays
C. Automatically “download only” and then install Applications and Threats later, after the administratorapproves the update
D. Automatically “download and install” but with the “disable new applications” option used
عرض الإجابة
اجابة صحيحة: C
السؤال #39
When is the content inspection performed in the packet flow process?
A. after the application has been identified
B. before session lookup
C. before the packet forwarding process
D. after the SSL Proxy re-encrypts the packet
عرض الإجابة
اجابة صحيحة: A
السؤال #40
A network security engineer has a requirement to allow an external server to access an internal web server. The internal web server must also initiate connections with the external server. What can be done to simplify the NAT policy?
A. Configure ECMP to handle matching NAT traffic
B. Configure a NAT Policy rule with Dynamic IP and Port
C. Create a new Source NAT Policy rule that matches the existing traffic and enable the Bi-directional option
D. Create a new Destination NAT Policy rule that matches the existing traffic and enable the Bi-directional option
عرض الإجابة
اجابة صحيحة: B
السؤال #41
Which is the maximum number of samples that can be submitted to WildFire per day, based on wildfire subscription?
A. 15,000
B. 10,000
C. 75,00
D. 5,000
عرض الإجابة
اجابة صحيحة: AD
السؤال #42
How can an administrator configure the NGFW to automatically quarantine a device using GlobalProtect?
A. by adding the device's Host ID to a quarantine list and configure GlobalProtect to prevent users fromconnecting to the GlobalProtect gateway from a quarantined device
B. by using secunty policies, log forwarding profiles, and log settings
C. by exporting the list of quarantined devices to a pdf or csv file by selecting PDF/CSV at the bottom of the Device Quarantine page and leveraging the approbate XSOAR playbook
D. There is no native auto-quarantine feature so a custom script would need to be leveraged
عرض الإجابة
اجابة صحيحة: A
السؤال #43
Which Device Group option is assigned by default in Panorama whenever a new device group is created to manage a Firewall?
A. Master
B. Universal
C. Shared
D. Global
عرض الإجابة
اجابة صحيحة: D

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.