Weekend Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

VPN traffic intended for an administrator's Palo Alto Networks NGfW is being maliciously intercepted and retransmitted by the interceptor. When Creating a VPN tunnel, which protection profile cm be enabled to prevent this malicious behavior?

A.

zone Protection

B.

Web Application

C.

DoS Protection

D.

Replay

Full Access
Question # 5

A Security policy rule is configured with a Vulnerability Protection Profile and an action of Deny".

Which action will this configuration cause on the matched traffic?

A.

The configuration is invalid it will cause the firewall to Skip thisSecurity policy rule A warning will be displayed during a command.

B.

The configuration is valid It will cause the firewall to deny the matched sessions. Any configured Security Profiles have no effect if the Security policy rule action is set to "Deny"

The configuration will allow the matched session unless a vulnerability signature is detected. The "Deny" action will supersede the per. defined, severity defined actions defined in the associated Vulnerability Protection Profile.

C.

The configuration is invalid. The Profile Settings section will be- grayed out when the action is set to "Deny"

Full Access
Question # 6

Winch three steps will reduce the CPU utilization on the management plane? (Choose three. ) Disable logging at session start in Security policies.

A.

Disable predefined reports.

B.

Reduce the traffic being decrypted by the firewall.

C.

Disable SNMP on the management interface.

D.

Application override of SSL application.

Full Access
Question # 7

A speed/duplex negotiation mismatch is between the Palo Alto Networks management port and the switch it connect.

How would an administrator configure the interface to IGbps?

A.

set deviceconfig system speed-duplex 10Gbps-full-duplex

B.

set deviceconfig interface speed-duplex 1Gbs--full-duplex

C.

set deviceconfig interface speed-duplex 1Gbs--half-duplex

D.

set deviceconfig system speed-duplex 1Gbs--half-duplex.

Full Access
Question # 8

During the packet flow process, which two processes are performed in application identification? (Choose two.)

A.

Applicationchanged from content inspection

B.

session application identified

C.

pattern based application identification

D.

application override policy match

Full Access
Question # 9

Which method will dynamically register tags on the Palo Alto Networks NGFW?

A.

Restful API or the VMware API on the firewall or on theUser.-D agent or the ready -only domain controller

B.

XML API or the VMware API on the firewall on the User-ID agent or the CLI

C.

Restful API or the VMware API on the firewall or on the User-ID Agent

D.

XML- API or lite VM Monitoring agent on the NGFW oron the User- ID agent

Full Access
Question # 10

An administrator is using Panorama and multiple Palo Alto NetworksNGFWs. After upgrading all devices to the latest PAN-OS® software, the administrator enables logs forwarding from the firewalls to panorama Pre-existing logs from the firewall are not appearing in Panorama.

Which action would enables the firewalls to sendtheir preexisting logs to Panorama?

A.

A CLI command will forward the pre-existing logs to Panorama.

B.

Use the import option to pull logs panorama.

C.

Use the ACC to consolidate pre-existing logs.

D.

The- log database will need to be exported from thefirewall and manually imported into Panorama.

Full Access
Question # 11

Which PAN-OS® policy must you configure to force a user to provide additional credential before he is allowed to access an internal application that contains highly sensitive business data?

A.

Authentication policy

B.

Decryption policy

C.

Security policy

D.

Application Override policy

Full Access