New Year Goodies - 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: av5rz84q

Exact2Pass Menu

Question # 4

The PowerBall Lottery has reached a high payout amount and a company has decided to help employee morale by allowing employees to check the number, but doesn’t want to unblock the gambling URL category.

Which two methods will allow the employees to get to the PowerBall Lottery site without the company unlocking the gambling URL category? (Choose two.)

A.

Add all the URLs from the gambling category except powerball.com to the block list and then set the action for the gambling category to allow.

B.

Manually remove powerball.com from the gambling URL category.

C.

Add *.powerball.com to the allow list

D.

Create a custom URL category called PowerBall and add *.powerball.com to the category and set the action to allow.

Full Access
Question # 5

How many zones can an interface be assigned with a Palo Alto Networks firewall?

A.

two

B.

three

C.

four

D.

one

Full Access
Question # 6

Place the steps in the correct packet-processing order of operations.

Full Access
Question # 7

Which two App-ID applications will need to be allowed to use Facebook-chat? (Choose two.)

A.

facebook

B.

facebook-chat

C.

facebook-base

D.

facebook-email

Full Access
Question # 8

How does an administrator schedule an Applications and Threats dynamic update while delaying installation of the update for a certain amount of time?

A.

Disable automatic updates during weekdays

B.

Automatically “download and install” but with the “disable new applications” option used

C.

Automatically “download only” and then install Applications and Threats later, after the administrator approves the update

D.

Configure the option for “Threshold”

Full Access
Question # 9

An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command-and-control (C2) server. Which two security profile components will detect and prevent this threat after the firewall’s signature database has been updated? (Choose two.)

A.

vulnerability protection profile applied to outbound security policies

B.

anti-spyware profile applied to outbound security policies

C.

antivirus profile applied to outbound security policies

D.

URL filtering profile applied to outbound security policies

Full Access
Question # 10

Which two rule types allow the administrator to modify the destination zone? (Choose two )

A.

interzone

B.

intrazone

C.

universal

D.

shadowed

Full Access
Question # 11

Which type security policy rule would match traffic flowing between the inside zone and outside zone within the inside zone and within the outside zone?

A.

global

B.

universal

C.

intrazone

D.

interzone

Full Access
Question # 12

A network has 10 domain controllers, multiple WAN links, and a network infrastructure with bandwidth needed to support mission-critical applications. Given the scenario, which type of User-ID agent is considered a best practice by Palo Alto Networks?

A.

Windows-based agent on a domain controller

B.

Captive Portal

C.

Citrix terminal server with adequate data-plane resources

D.

PAN-OS integrated agent

Full Access
Question # 13

Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)

A.

The web session was unsuccessfully decrypted.

B.

The traffic was denied by security profile.

C.

The traffic was denied by URL filtering.

D.

The web session was decrypted.

Full Access
Question # 14

What does an administrator use to validate whether a session is matching an expected NAT policy?

A.

system log

B.

test command

C.

threat log

D.

config audit

Full Access
Question # 15

In which profile should you configure the DNS Security feature?

A.

URL Filtering Profile

B.

Anti-Spyware Profile

C.

Zone Protection Profile

D.

Antivirus Profile

Full Access
Question # 16

What is a prerequisite before enabling an administrative account which relies on a local firewall user database?

A.

Configure an authentication policy

B.

Configure an authentication sequence

C.

Configure an authentication profile

D.

Isolate the management interface on a dedicated management VLAN

Full Access
Question # 17

Which path in PAN-OS 10.0 displays the list of port-based security policy rules?

A.

Policies> Security> Rule Usage> No App Specified

B.

Policies> Security> Rule Usage> Port only specified

C.

Policies> Security> Rule Usage> Port-based Rules

D.

Policies> Security> Rule Usage> Unused Apps

Full Access
Question # 18

Which three types of authentication services can be used to authenticate user traffic flowing through the firewalls data plane? (Choose three )

A.

TACACS

B.

SAML2

C.

SAML10

D.

Kerberos

E.

TACACS+

Full Access
Question # 19

How are Application Fillers or Application Groups used in firewall policy?

A.

An Application Filter is a static way of grouping applications and can be configured as a nested member of an Application Group

B.

An Application Filter is a dynamic way to group applications and can be configured as a nested member of an Application Group

C.

An Application Group is a dynamic way of grouping applications and can be configured as a nested member of an Application Group

D.

An Application Group is a static way of grouping applications and cannot be configured as a nested member of Application Group

Full Access
Question # 20

Which firewall plane provides configuration, logging, and reporting functions on a separate processor?

A.

control

B.

network processing

C.

data

D.

security processing

Full Access
Question # 21

Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?

A.

DoS protection

B.

URL filtering

C.

packet buffering

D.

anti-spyware

Full Access
Question # 22

Which administrator type provides more granular options to determine what the administrator can view and modify when creating an administrator account?

A.

Root

B.

Dynamic

C.

Role-based

D.

Superuser

Full Access
Question # 23

When HTTPS for management and GlobalProtect are enabled on the same interface, which TCP port is used for management access?

A.

80

B.

8443

C.

4443

D.

443

Full Access
Question # 24

Which link in the web interface enables a security administrator to view the security policy rules that match new application signatures?

A.

Review Apps

B.

Review App Matches

C.

Pre-analyze

D.

Review Policies

Full Access
Question # 25

An administrator would like to silently drop traffic from the internet to a ftp server.

Which Security policy action should the administrator select?

A.

Reset-server

B.

Block

C.

Deny

D.

Drop

Full Access
Question # 26

Which interface type can use virtual routers and routing protocols?

A.

Tap

B.

Layer3

C.

Virtual Wire

D.

Layer2

Full Access
Question # 27

How often does WildFire release dynamic updates?

A.

every 5 minutes

B.

every 15 minutes

C.

every 60 minutes

D.

every 30 minutes

Full Access
Question # 28

Which Palo Alto networks security operating platform service protects cloud-based application such as Dropbox and salesforce by monitoring permissions and shared and scanning files for Sensitive information?

A.

Prisma SaaS

B.

AutoFocus

C.

Panorama

D.

GlobalProtect

Full Access