Pcnsa

Network Activity tab displays an overview of traffic and user activity on your network including? (choose three.) Top applications in use Hosts Resolving Malicious Domains Top users who generate traffic Most used security rules against which traffic matches occur Applications Using Non Standard Ports

-Top applications in use -Top users who generate traffic -Most used security rules against which traffic matches occur

The GlobalProtect client software is available in which two formats? (Choose two.) .msi .pkg .exe .rar

.msi .pkg

When the firewall detects that a session has been broken as a result of the process of decryption, the session information is cached and the next session is not decrypted from that host to the same website. There is no further attempt to decrypt the website for __________ after the first occurrence? 5 minutes 24 hours 30 minutes 12 hours

12 hours

During the first _____________ days of the migration process, the firewall should log enough traffic and application data to allow you to move through Phase 1 of the migration process? 7 days 15 days 10 days 30 days

30 days

On the next generation firewall, which is the standard UDP port for the transport of Syslog traffic? 443 514 8080 6514

514

In HA configuration how long will the firewall wait before it will become ACTIVE if there is no peer to start the negotiation? 60-seconds 5-minutes 200 milliseconds 30-seconds

60-seconds

On the next generation firewall, which is the default port for the transport of Syslog traffic? 8080 6514 514 443

6514

On the next generation firewall, which is the standard SSL port for the transport of Syslog traffic? 6514 514 8080 443

6514

A Virtual Wire object is capable of blocking or allowing traffic based on? MAC Physical address 802.1Q VLAN tag values IPv4 logical addresses IPv6 logical addresses

802.1Q VLAN tag values

In Active/Passive HA deployment what is synchronized through Data Link (HA2)? (select three.) Licenses ARP tables Forward tables Sessions

ARP tables Forward tables Sessions

What action allows file transfer, and generates a log entry in the Data Filter Log? Continue Alert Block Sinkhole

Alert

What is default action setting when configuring Security Policy Rule? Reset client Deny Drop Allow

Allow

Facebook-base requires web-browsing, to make sure Facebook-base will successfully communicate you have to? Web-browsing is allowed by default in PAN firewall App-ID database implicitly allows the parent application Create Security Policy Rule to allow web-browsing App-ID database needs to be updated

App-ID database implicitly allows the parent application

Why would an administrator add audit comments to the Security Policy Rule? Audit history of a Security Policy Rule Future reference in Security Policy Rule Logs can be audited in Security Policy Rule Required field in Security Policy Rule

Audit history of a Security Policy Rule

Which Next Generation Firewall feature is part of the Threat Intelligence Cloud and provides direct access to security operations and analysis teams to all of the threat intelligence Palo Alto Networks gathers from clients, open source feeds, and the Unit 42 threat research team Aperture Panorama Autofocus Global protect

Autofocus

When configuring a File Blocking Profile, what action you can set? (choose three.) Block Reset Both Reset Server Sinkhole Reset Client Alert Continue

Block Alert Continue

What User-ID Mapping is Recommendations for clients that do no use the domain server? Captive Portal User-ID agent: Client probing Syslog listener XML API Terminal Services agent GlobalProtect User-ID agent: Session monitoring

Captive Portal

Which Next Generation Firewall plane can be accessed from the console/mgt interface and provides configuration, logging, and reporting functions? Network Signature Data Security Control

Control

Standard service allows firewalls to automatically send unknown Windows Portable Executable or PE files for analysis. In Palo Alto Networks firewall with a Threat Prevention license Four Windows PE file types include EXE, SCR, FON and? CLASS JAR PDF DLL

DLL

Antivirus updated content is made available by Palo Alto Networks on the following schedule? 5 min Monthly Daily Weekly

Daily

Palo Alto Networks firewall with a Threat Prevention license signatures and protections are made available? within 5 minutes daily within 1 minutes weekly

Daily

Which pieces of information is NOT passed during IKE Phase 1? (Select all that apply.) Hashing algorithm Lifetime Symmetric Key Algorithm Diffie-Hellman key exchange Domain Name Authentication method

Domain Name

What is the maximum number of IPsec tunnels that each tunnel interface can have? Each tunnel interface can have a maximum of 10 IPsec tunnels Each tunnel interface can have a maximum of 100 IPsec tunnels Each tunnel interface can have a maximum of 2 IPsec tunnels Each tunnel interface can have a maximum of 1 IPsec tunnel

Each tunnel interface can have a maximum of 10 IPsec tunnels

What are two approaches to mitigate DoS attacks? (choose two) Security policy rules Protection End Host Protection Zone-Based Protection DNS Proxy protection

End Host Protection Zone-Based Protection

The WildFire Regional Clouds are in: (select all that apply). China Europe India Singapore Japan

Europe Singapore Japan

Which GlobalProtect gateway provides security enforcement and VPN access for remote users? External gateways Internal gateways Security policy GlobalProtect Portal

External gateways

True of False. The Palo Alto Networks firewall includes two predefined, read-only File Blocking Profiles?

False

True or False? Active/active configuration is specifically designed to serve environments that need symmetric routing.

False

True or False? Each WildFire cloud analyses samples and generates malware signatures and verdicts dependent to other WildFire clouds. False True

False

True or False? When configure HA on your Palo Alto Networks, firewalls can have different set of licenses.

False

True or false? An application filter is an object that statically groups applications based on the attributes of the application that you pick from the App-ID database.

False

True or false? Data Filtering Profiles are used to prevent sensitive, confidential and proprietary information from entering your network.

False

True or false? File blocking activity is logged to the Threat log.

False

True or false? SSL/TLS (commonly referred to simply as SSL) uses asymmetric only encryption.

False

True or false? The Palo Alto Networks firewall includes a predefined, read/write default Antivirus Security Profile.

False

True or false? When new applications are added to the App-ID database, application groups are always automatically updated.

False

When a firewall encounters a file, it will verify if the file is signed by a trusted signer. If the answer is yes, what is the next step that firewall will take? Firewall creates a hash number and sends to Wildfire for further analysis Firewall does not trust the signer and file is dropped. Firewall trusts that the file does not have hidden malware and allows the file to be delivered. Firewall creates a hash number for the file to see if the file already has been sent to WildFire.

Firewall trusts that the file does not have hidden malware and allows the file to be delivered.

In a TCP exchange how many packets does it take to identify the application? Three One Two Four or Five

Four or five

In the Application Command Center (ACC), which filter allows you to restrict the display to the data you are interested in right now and to remove irrelevant information from the current display? Global filter Universal filter Group filter Local filter

Global filter

What User-ID Mapping is Recommendations GlobalProtect VPN clients? User-ID agent: Session monitoring Terminal Services agent GlobalProtect Captive Portal XML API User-ID agent: Client probing Syslog listener

GlobalProtect

Connectivity in all parts of the GlobalProtect infrastructure is authenticated by using SSL certificates. Which two GlobalProtect Certificates are optional? GlobalProtect Gateway certificate GlobalProtect client certificate GlobalProtect Portal certificate Certificate authority (CA) certificate

GlobalProtect client certificate Certificate authority (CA) certificate

How do you know which Security policy is being used and how often? Rule monitor Action rule Hit count Rule usage

Hit count

In which phase of the IKE process would the data traffic be encapsulated? IKE Phase 1 IKE Phase 3 IKE Phase 2 Data is send in clear text always

IKE Phase 2

VM-Series firewalls starting with PAN-OS version 8.0, the MGT port is configured with?

IP address DHCP

You may use the Palo Alto Networks firewall to deploy two firewalls as a High Availability (HA) pair. When firewalls synchronize which of the following is NOT shared between peers? Share certificate IP address management interface Session information Policy configuration

IP address management interface

The PAN-OS DIPP NAT implementation supports oversubscription on some platforms. What is DIPP NAT Oversubscription?

Increase port numbers available for DIPP

To which item you apply Zone Protection Profiles? Egress ports Ingress ports DNS Proxy protection Security policy rules

Ingress ports

The user-ID agent is available in two forms: an integrated agent resident on the firewall or a Windows-based agent. Which agent type uses network bandwidth more efficiently? Windows-based agent Integrated agent resident on the firewall Both use bandwidth efficiently No bandwidth is used by agents

Integrated agent resident on the firewall

The GlobalProtect portal includes an IP address and a DNS hostname as part of the information passed on to the client connection request The agent performs a reverse lookup, on the IP address. Expected hostname is received as a response, to which GlobalProtect Gateway will client connect? External gateway Portal gateway Internal gateway None

Internal gateway

In which Security Policy rule type you can not define destination zone? Intrazone rule Zone-to-zone rule Universal rule Interzone rule

Intrazone rule

In Active/Passive deployment HA Control link is? Layer 1 link Layer 2 link Layer 3 link Layer 4 link

Layer 3 link

When encryption of traffic is enabled, looking at the OSI Model 7 Layers, which layers are encrypted? Layer 6 Presentation Layer 7 Application Layer 5 Session (TLS/SSL) Layer 2 Data Link (MAC Addresses) Layer 1 Physical (Hardware) Layer 4 Transport (Ports) Layer 3 Network (IP Addresses)

Layer 6 Presentation Layer 7 Application

What pieces of information are passed during IKE Phase 1? (Select all that apply.) Lifetime Diffie-Hellman key exchange Symmetric Key Algorithm Hashing algorithm Authentication method MAC address Domain Name

Lifetime Diffie-Hellman key exchange Symmetric Key Algorithm Hashing algorithm Authentication method

Why must you set up server monitoring for all individual domain controllers to catch all user logon events? Logs are not replicated between Domain Controllers Windows-based agent requirement PAN-OS integrated agent requirement NAC systems requirement

Logs are not replicated between Domain Controllers

In User-ID, Windows-based agent uses? WinRM MS-RPC WMI SNMP

MS-RPC

Before you can configure HA on your Palo Alto Networks firewalls, both firewalls must have? (select three.) Identical management IP address Matching Threat databases Up-to-date application Matching URL database

Matching Threat databases Up-to-date application Matching URL database

In which Next Generation Firewall feature metadata from all sources will be filtered, unduplicated, and unified, enabling security teams to determine a more actionable data set that has been enriched from multiple sources? Aperture Autofocus GlobalProtect MineMeld

MineMeld

If malware or phishing URLs are detected, WildFire can generate a new antivirus signature or add a URL to the PAN-DB Phishing URL category, how long before this update is available worldwide? 6 Hours 1 Week 24 Hours Minutes

Minutes

What version of Netflow the firewall can generate and export NetFlow records to an outside NetFlow collector? Net flow ver 1 Net flow ver 3 Net flow ver 5 Net flow ver 9

Net flow ver 9

Where should you install Windows-based agent? Panorama Domain Controller PAN Firewall One or more domain member

One or more domain member

Initial firewall configuration is achieved by connecting to the MGT port or to the firewall serial console port. This type of connection is called? In-band Direct In-direct Out-of-band

Out-of-band

In a single physical Palo Alto Networks firewall, Virtual Systems, or vsys, are separate logical firewall instances. In which firewall series, virtual systems (vsys) are NOT supported? PA-3x00 PA-5x00 PA-800 PA-7x00

PA-800

Logs can be forwarded to which four of the following Remote Logging Destinations? (Choose four.) Panorama DHCP Server Email SNMP manager Syslog/SIEM server

Panorama Email SNMP manager Syslog/SIEM server

Not all traffic should be decrypted. Depending on local rules and regulations, what traffic can not legally be decrypted? (select all that apply). Office records Privacy concerns Health records Financial records

Privacy concerns Health records Financial records

If WMI probing is enabled, what type of IP addresses will WMI probe? Private IP addresses APIPA addresses Loopback addresses Public IP addresses

Private IP addresses

If you know the admin account password, what command can be used to reset a firewall to its default factory settings?

Request system private-data-reset

What configuration is the actual configuration which controls the firewall operation? Service XML Candidate Running

Running

Which administrative management services and network services are enabled by default to access and manage the firewall through the MGT interface? SSH HTTP SNMP Ping Telnet HTTPS

SSH Ping HTTPS

GlobalProtect Clientless VPN offers secure remote access to popular enterprise web applications using HTML, HTML5, and JavaScript technologies. How will clients have access to the GlobalProtect client software? Http-enabled web browsers GlobalProtect Windows server software GlobalProtect Mac server software SSL-enabled web browsers

SSL-enabled web browsers

You may use the Palo Alto Networks firewall to deploy two firewalls as a High Availability (HA) pair. When firewalls synchronize which of the following is shared between peers? Application Command Center Session information Log data IP address management interface

Session information

DoS policy and DoS Profile protects: (choose two) Specific hosts Egress ports Destination zone Source zone

Specific hosts Destination zone

The Windows-based agent can be installed on 32-bit or 64-bit machines running Microsoft Windows Operating system XP SP3 or later. What TCP port will User-ID agent use to communicate with the firewall? UDP port 389 TCP port 389 UDP port 5007 TCP port 5007

TCP port 5007

What is Rule Shadowing? Bottom rule hides top rules Two rules are the same Default rules are applied The above rule hides rule beneath

The above rule hides rule beneath

The Application Command Center (ACC) is an interactive, graphical summary of the applications, users, URLs, threats, and content traversing your network. What four predefined tabs are included by default in the ACC? (Choose four.) Application Usage Threat Activity Blocked Activity Tunnel Activity Network Activity User Activity

Threat Activity Blocked Activity Tunnel Activity Network Activity

Application exceptions are usually configured when false positives occur. The configuration of specific application exemptions allows the firewall to pass on traffic that was previously blocked. What is used to identify specific application to be used as Application exceptions? IP address Threat ID Port Number Hint Count

Threat ID

Which are not Security Profiles Types? (Select two) Telemetry Antivirus Data Filtering File Blocking WildFire Analysis URL Filtering Anti-Spyware Vulnerability Protection Threat intelligence

Threat intelligence Telemetry

The default logging behavior is to log only at the end of the session. Why would an administrator enable logging at the start of the session? No login at the start of the session is possible Troubleshooting Disable logging at the end of session Required for SNMP logging

Troubleshooting

True or False? integrated agent is more suited for reading remote logs and the Windows-based agent is more suited for reading local logs.

True

True or false? No URL filtering license is necessary to define and use custom URL categories.

True

Which model of the Palo Alto Next Generation VM series needs a minimum of 16 GB of memory and 60 GB of dedicated disk drive capacity? VM-700 VM-100 VM-50 VM-500

VM-500

Before you can configure HA on your VM-Series firewalls, you need to make sure that VM machines have? VM-Series firewalls have same IP address management interface VM-Series firewalls have same number of CPU cores assigned to each peer VM-Series firewalls have same Application Command Center VM-Series firewalls have same log data

VM-Series firewalls have same number of CPU cores assigned to each peer

A network engineer clicks "Save candidate configuration" to save the configuration to memory to finish the configuration later. After the engineer continues editing and click "Save candidate configuration" again, the configuration that is saved in memory is overwritten. What type of memory is this saved configuration stored in? Read only Non-volatile memory Volatile memory Flash memory

Volatile memory

In which zone type the interface cannot be assigned?

Vwire Layer 3 Tunnel Tap Layer 2

Applications and Threats updated content is made available by Palo Alto Networks on the following schedule? Daily Monthly Weekly 5 min

Weekly

What license is required to have access to Antivirus Signatures content database available within 5 minutes? WildFire license No license is required Threat Prevention license URL Filtering license

WildFire license

A digital PKI certificate is a method of packaging and distributing public keys in a way that proves their owners' identity. Palo Alto Networks firewalls support __________ format certificates. X.507 X.508 X.506 X.509

X.509

Administrator plans to deploy GlobalProtect to its network using the latest Next Generation Palo Alto firewall. Will the administrator be successful in deploying GlobalProtect with only one firewall? GlobalProtect is compatible with Palo Alto. No. Because GlobalProtect is not supported on the latest Next Generation Palo Alto firewall. No. Because you need two firewalls GlobalProtect Portal firewall and GlobalProtect Gateway firewall. Yes. Because gateway and portal can be configured on the same firewall

Yes. Because gateway and portal can be configured on the same firewall

For file transfer applications, what six protocols are in default Antivirus Profile? (choose six). http/2 smtp ftp dhcp pop3 imap dns smb

http/2 smtp ftp pop3 smb

The GlobalProtect does not include host name and address pair as a response to the client, to which gateway will client attempt to connect first? Portal gateway internal gateway none external gateway

internal gateway

When you select users for a Security policy, which option you will use if you want to match a specific user or group identified by User-ID? any unknown pre-logon select known-user

select

In Route-Based Site-to-Site VPN Each tunnel is bound to a? physical interface serial interface tunnel interface loopback interface

tunnel interface

GlobalProtect supports three client connection methods? (choose three.) known user any users user-logon all users none pre-logon on-demand

user-logon pre-logon on-demand