Palo Alto Firewalls

A strength of the Palo Alto Networks firewall is:

Select True or false. The CN-Series firewalls deliver the same capabilities as the PA-Series and VM-Series firewalls.

Select True or False. Traffic protection from external locations where the egress point is the perimeter is commonly referred to as “North-South” traffic.

The first important task of building a Zero Trust Architecture is to identify __________________.

What is the method used to create a Zero Trust policy that answers the 'who, what, when, where, why and how' definition?

Which object cannot be segmented using virtual systems on a firewall?

Which Palo Alto Networks Cortex technology prevents malware, blocks exploits, and analyzes suspicious patterns through behavioral threat protection?

Which Palo Alto Networks Next Generation VM Series Model requires a minimum of 16 GB of memory and 60 GB of dedicated disk drive capacity?

Which Palo Alto Networks Prisma technology provides continuous security monitoring, compliance validation, and cloud storage security capabilities across multi-cloud environments? In addition, you can simplify security operations through effective threat protections enhanced with comprehensive cloud context.

Which Palo Alto Networks product for securing the enterprise extends the enterprise perimeter to remote offices and mobile users?

Which series of a firewall is a high-performance physical appliance solution?

Which series of Palo Alto Networks Next Generation Firewall offers two modes, Secure Mode, and Express Mode?

Which Strata product provides centralized firewall management and logging?

What are the two attributes of the dedicated out-of-band network management port in Palo Alto Networks firewalls? (Choose two.)

Select True or False. To register a hardware firewall you will need the firewall's serial number..

Select True or False. Service routes can be used to configure an in-band port to access external services.

In the web interface, what is signified when a text box is highlighted in red?

Which two planes are found in the Palo Alto Networks single-pass platform architecture? (Choose two.)

Which object cannot be segmented using virtual systems on a firewall?

Which series of a firewall is a high-performance physical appliance solution?

Select True or False. The CN-series firewalls deliver the same capabilities as the PA-series and VM-series firewalls.

Which two statements are true regarding the candidate configuration? (Choose two.)

Select True or False. The running configuration consists of configuration changes in progress but not active on the firewall.

When committing changes to a firewall, what is the result of clicking the Preview Changes link?

Select True or False. The Export operations transfer configurations as XML-formatted files from the firewall..

For guidance on continuing to deploy the security platform features to address your network security needs, review the PAN-OS Administrator's Guide section titled

Select True or false. Service routes can be used to configure an in-band port to access external services.

Which command will reset a next generation firewall to its factory default settings if you know the admin account password?

Which type of firewall license or subscription provides a graphical analysis of firewall traffic logs and identifies potential risks to your network by using threat intelligence from a portal?

When committing changes to a firewall, what is the result of clicking the Preview Changes link?

When making changes to configuration settings on the PAN-OS firewall, which of the following options lists the individual changes for which you are committing changes:

Which Next Generation FW configuration type has settings active on the firewall?

Which statement is true regarding the Palo Alto Networks Firewall candidate configuration?

When creating a custom admin role, which four types of privileges can be defined? (Choose four.)

Global user authentication is supported by which three authentication services? (Choose three.)

Select True or False. Server profiles define connections that the firewall can make to external servers.

Select True or False. Certificate-based authentication replaces all other forms of either local or external authentication..

Global user authentication is not supported by which authentication service?

Select True or False. Server Profiles define connections that the firewall can make to external servers.

When creating a custom admin role, which type of privileges can not be defined?

When creating PAN-OS firewall administrator accounts, which configuration step is required for Non-Local Administrators, but not for Local Administrators?

When resetting the PAN-OS firewall to factory defaults, you can save all configuration settings and logs by performing the following:

Which built-in administrator role allows all rights except for the creation of administrative accounts and virtual systems?

Which of the following is NOT a PAN-OS Firewall Administrator Dynamic Role?

Which two items are supported routing protocols on a virtual router? (Choose two.)

Which three interface types are valid on Palo Alto Networks firewall? (Choose three.)

Which two firewall interface types can be added to a Layer3-type security zone? (Choose two.)

True or false? A Layer 3 interface can be configured as a dual stack with both IPv4 and IPv6 addresses.

Select True or False. All of the interfaces on a Next Generation firewall must be the same interface type.

Select True or False. In a Next Generation firewall, every interface in use must be assigned to a zone in order to process traffic.

Which feature can be configured with an IPv6 address?

Which type of interface will allow the firewall to be inserted into an existing topology without requiring any reallocation of network addresses or redesign on the network topology?

Which two items are required to match criteria in a Palo Alto Networks Security policy rule? (Choose two.)

Which type of Security policy rule is the default rule type?

Select True or false. Logging on intrazone-default and interzone-default Security policy rules is enabled by default.

Which of the following are NOT traffic attributes or criteria that can be defined in a Security policy rule?

Select True or False. Security policy rules on the Next Generation firewall specify a source and a destination interface.

Traffic going to a public IP address is being translated by a Next Generation firewall to an internal server private IP address. Which IP address should the security policy use as the destination IP in order to allow traffic to the server?

Which NGFW security policy rule applies to all matching traffic within the specified source zones?

Which type of Security policy rule is the default rule type?

In the Palo Alto Networks Application Command Center (ACC), which filter allows you to limit the display to the details you care about right now and to exclude the unrelated information from the current display?

Select the answer that best completes this sentence. Source NAT commonly is used for _________ users to access the ________ internet.

Which one of the following statements is true about NAT rules?

What feature on the Next Generation firewall can be used to identify, in real time, the applications taking up the most bandwidth?

What are the three pre-defined tabs in the Next Generation firewall Application Command Center (ACC)?

When using config audit to compare configuration files on a Next Generation firewall, what does the yellow indication reveal?

In the Palo Alto Networks Firewall WebUI, which type of report can be compiled into a single emailed PDF?

What feature on the Next Generation firewall will set the security policy to allow the application on the standard ports associated with the application?

When an Applications and Threats content update is performed, which is the earliest point where you can review the impact of new application signatures on existing policies?

Which three methods does App-ID use to identify network traffic? Choose the 3 correct choices.

Which URL filtering security profile action logs the category to the URL filtering log?

Which is the correct URL matching order on a Palo Alto Networks Next Generation Firewall?

According to best practices, which two URL filtering categories should be blocked in most URL Filtering Profiles? (Choose two.)

What is the recommended maximum default size of PE - executable - files forwarded from the Next Generation firewall to Wildfire?

Which CLI command is used to verify successful file uploads to WildFire?

Which User-ID component and mapping method is recommended for web clients that do not use the domain server?

Which port does the Palo Alto Networks Windows-based User-ID agent use by default?

Which two statements are true regarding User-ID and firewall configuration?

Which statement is true regarding User-ID and Security policy rules?

Which item is NOT a valid choice when the Source User field is configured in a Security policy rule?

Which three statements are true regarding Safe Search Enforcement? (Choose three.)

What component of the Next Generation Firewall will protect from port scans?

A Zone Protection Profile is applied to which item?

What is the default setting for "Action" in a decryption policy rule?

Which two types of activities does SSL/TLS decryption on the firewall help to block?

In the Palo Alto Networks Application Command Center (ACC), which filter allows you to limit the display to the details you care about right now and to exclude the unrelated information from the current display?

Which two firewall features display information using widgets?

True or false? SNMP GET requests to a firewall return operational statistics, and SNMP SET requests update the firewall configuration.