my study set
True or false? A Security Profile attached to a Security policy rule is evaluated only if the Security policy rule matches traffic and the rule action is set to "allow."
True
True or false? A URL Filtering license is not required to define and use custom URL categories.
True
Which anti-spyware feature enables an administrator to quickly identify a potentially infected host on the network? a. data filtering log entry b. CVE Number c. DNS SInkhole d. continue response pag
c. DNS SInkhole
A "continue" action can be configured on the following security profiles in the Next Generation firewall: a. URL Filtering b. URL Filtering, File Blocking, and Data Filtering c. URL Filtering and Antivirus d. URL Filtering and File Blocking
d. URL Filtering and File Blocking
True or False. If a file type is matched in the File Blocking Profile and WildFire Analysis Profile, and if the File Blocking Profile action is set to "block," then the file is not forwarded to WildFire.
true
True or false? If App-ID cannot identify the traffic, Content-ID cannot inspect the traffic for malware
true
True or false? When migration is done from the firewall of another vendor to a Palo Alto Networks firewall, a best practice is to always migrate the existing Security policy.
true
Network traffic matches an "allow" rule in the Security policy, but the attached File Blocking Profile is configured with a "block" action. To which two locations will the traffic be logged? Choose the 2 correct choices. If you choose an incorrect choice your question score will be deducted. a. Traffic Log b. Data Filtering Log c. Threat Log d. Alarms Log
a. Traffic Log b. Data Filtering Log
According to best practices, which two URL filtering categories should be blocked in most URL Filtering Profiles? Choose the 2 correct choices. If you choose an incorrect choice your question score will be deducted. Select one or more: a. high-risk b. medium-risk c. new-registered-domain d. adult
a. high-risk b. new-registered-domain
Which URL Filtering Profile action will result in a user being interactively prompted for a password? a. override b. alert c. allow d. continue
a. override
When creating an application filter, which of the following is true? a. They are called dynamic because they will automatically include new applications from an application signature update if the new application's type is included in the filter b. Excessive bandwidth may be used as a filter match criteria c. They are called dynamic because they automatically adapt to new IP addresses d. They are used by malware
a. They are called dynamic because they will automatically include new applications from an application signature update if the new application's type is included in the filter
A "continue" action can be configured on the following security profiles in the Next Generation firewall: a. URL Filtering and File Blocking b. URL Filtering and Antivirus c. URL Filtering d. URL Filtering, File Blocking, and Data Filtering
a. URL Filtering and File Blocking
Which Palo Alto Networks Next Generation Firewall URL Category Action sends a response page to the user's browser that prompts the user for the administrator-defined override password, and logs the action to the URL Filtering log? a. override b. alert c. continue d. block
a. override
What feature on the Next Generation firewall will set the security policy to allow the application on the standard ports associated with the application? a. Application-implicit b. Application-default c. Application-custom d. Application-dependent
b Application-default
How would App-ID label TCP traffic when the three-way handshake completes, but not enough data is sent to identify an application? a. not-applicable b. insufficient-data c. unknown-tcp d. incomplete
b insufficient-data
Which file type can a firewall send to WildFire when the firewall does not have a WildFire subscription? Select one: a. JAR b. EXE c. PDF d. APK
b. EXE
A Zone Protection Profile is applied to which item? Egress Ports b. Ingress Ports c. Address Groups d. Security Policy Rules
b. Ingress Ports
Which WildFire verdict might indicate obtrusive behavior but not a security threat? Select one: a. benign b. grayware c. malware d. phishing
b. grayware
How would App-ID label TCP traffic when the three-way handshake completes, but not enough data is sent to identify an application? a. unknown-tcp b. insufficient-data c. incomplete d. not-applicable
b. insufficient-data
Which URL Filtering Profile action will result in a user being interactively prompted for a password? a. continue b. override c. allow d. alert
b. override
What is the recommended maximum default size of PE - executable - files forwarded from the Next Generation firewall to Wildfire? Select one: a. Configurable up to 2 megabytes b. 16 megabytes c. Always 2 megabytes d. Configurable up to 10 megabytes
b. 16 megabytes
Which Next Generation Firewall URL filter setting is used to prevent users who use the Google, Yahoo, Bing, Yandex, or YouTube search engines from viewing search results unless their browser is configured with the strict safe search option. a. User Credential Detection b. Safe Search Enforcement c. HTTP Header Logging d. Log Container Page Only
b. Safe Search Enforcement
What component of the Next Generation Firewall will protect from port scans? a. Anti-Virus Protection b. Zone protection c. DOS Protection d. Vulnerability protection
b. Zone protection
Which CLI command is used to verify successful file uploads to WildFire? Select one: a. debug wildfire upload-log b. debug wildfire upload-log show c. debug wildfire download-log show d. debug wildfire upload-threat show
b. debug wildfire upload-log show
Which profile type is designed to protect against reconnaissance attacks such as host sweeps and port scans? a. DOS Protection b. Anti-Spyware c. Zone Protection d. Data Filtering
c. Zone Protection
When an Applications and Threats content update is performed, which is the earliest point where you can review the impact of new application signatures on existing policies? a. after install b. after clicking Check Now c. after download d. after commit
c. after download
Assume you have a WildFire subscription. Which file state or condition would trigger a Wildfire file analysis? Select one: a. executable file signed by trusted signer b. file size limit exceeded c. file located in a JAR or RAR archive d. file already has WildFire hash
c. file located in a JAR or RAR archive
Which WildFire verdict might indicate obtrusive behavior but not a security threat? Select one: a. benign b. malware c. grayware d. phishing
c. grayware
What action will show whether a downloaded PDF file from a user has been blocked by a security profile on the Next Generation firewall? a. Filter the traffic logs for all traffic from the user that resulted in a deny action b. Filter the session browser for all sessions from a user with the application adobe c. Filter the data filtering logs for the user's traffic and the name of the PDF file d. Filter the system log for failed download messages
c. Filter the data filtering logs for the user's traffic and the name of the PDF file
Which Palo Alto Networks Next Generation Firewall URL Category Action sends a response page to the user's browser that prompts the user for the administrator-defined override password, and logs the action to the URL Filtering log? a. alert b. block c. override d. continue
c. override
A Zone Protection Profile is applied to which item? a. Address Groups b. Egress Ports c. Security Policy Rules d. Ingress Ports
d. Ingress Ports
Which statement is not true regarding Safe Search Enforcement? Select one: a. Safe search is a web server setting b. Safe search is a best effort setting c. Safe search is a web browser setting d. Safe search works only in conjunction with credential submission websites
d. Safe search works only in conjunction with credential submission websites
Which WildFire verdict might indicate obtrusive behavior but not a security threat? Select one: a. phishing b. malware c. benign d. grayware
d. grayware
In a Next Generation firewall, how many packet does it take to identify the application in a TCP exchange? a. One b. Three c. Two d. Four or five
d. four or five
Select True or False. On the Next Generation firewall, application groups are always automatically updated when new applications are added to the App-ID database
false
True or false? When a malicious file or link is detected in an email, WildFire can update antivirus signatures in the PAN-DB database. Select one: True False
False
