ACE
Which statement describes the Export named configuration snapshot operation?
A saved configuration is transferred to an external host's storage device.
An Antivirus Security Profile specifies Actions and WildFire Actions. Wildfire Actions enable you to configure the firewall to perform which operation?
Block traffic when a WildFire virus signature is detected.
Which User-ID user mapping method is recommended for environments where users frequently change IP addresses?
Client Probing
Which two User-ID methods are used to verify known IP address-to-user mappings? (Choose two.)
Client Probing Captive Portal
Which two user mapping methods are supported by the User-ID integrated agent? (Choose two.)
Client Probing LDAP Filters
Which four actions can be applied to traffic matching a URL Filtering Security Profile? (Choose four.)
Continue Block Override Alert
In a Security Profile, which action does a firewall take when the profiles action is configured as Reset Server? (Choose two.)
For UDP sessions, the connection is dropped. The traffic responder is reset.
Which three HTTP header insertion types are predefined? (Choose three.)
Google YouTube Dropbox
Which interface type is NOT assigned to a security zone?
HA
GlobalProtect clientless VPN provides secure remote access to web applications that use which three technologies? (Choose three.)
HTML5 HTML JavaScript
App-ID running on a firewall identifies applications using which three methods? (Choose three.)
Known protocol decoders Application signatures Program heuristics
An Interface Management Profile can be attached to which two interface types? (Choose two.)
Loopback Layer 3
What are three connection methods for the GlobalProtect agent? (Choose three.)
Pre-Logon User-Logon On-demand
What is a characteristic of Dynamic Admin Roles?
Role privileges can be dynamically updated with newer software releases.
When SSL traffic passes through the firewall, which component is evaluated first?
Security policy
Which three statements are true regarding sessions on the firewall? (Choose three.)
Sessions are always matched to a Security policy rule. Network packets are always matched to a session. Return traffic is allowed.
Which file must be downloaded from the firewall to create a Heatmap and Best Practices Assessment report?
Tech Support File
What is the result of performing a firewall Commit operation?
The candidate configuration becomes the running configuration.
Which condition must exist before a firewall's in-band interface can process traffic?
The firewall must be assigned an IP address.
A Security policy rule displayed in italic font indicates which condition?
The rule is disabled.
Which statement is true about a URL Filtering Profile override password?
There is a single, per-firewall password.
If a DNS sinkhole is configured, any sinkhole actions indicating a potentially infected host are recorded in which log type?
Threat
Which three subscription services are included as part of the GlobalProtect cloud service? (Choose three.)
Threat Prevention WildFire® URL Filtering
Which VM-Series model was introduced with the release of PAN-OS® 8.1?
VM-50 Lite
Finding URLs matched to the not-resolved URL category in the URL Filtering log file might indicate that you should take which action?
Validate connectivity to the PAN-DB cloud.
Which interface type does NOT require any configuration changes to adjacent network devices?
Virtual Wire
Which three interface types can control or shape network traffic? (Choose three.)
Virtual Wire Layer 3 Layer 2
Which three network modes are supported by active/passive HA? (Choose three.)
Virtual Wire Layer 3 Layer 2
A Server Profile enables a firewall to locate which server type?
a server with remote user accounts
Which three are valid configuration options in a WildFire Analysis Profile? (Choose three.)
application direction file types
Which feature is a dynamic grouping of applications used in Security policy rules?
application group
Which essential cloud characteristic is designed for applications that will be required to run on all platforms including smartphones, tablets, and laptops?
broad network access
What are the two separate planes that make up the PAN-OS architecture? (Choose two.)
dataplane control/management plane
In an HA configuration, which three functions are associated with the HA1 Control Link? (Choose three.)
exchanging heartbeats synchronizing configuration exchanging hellos
What is a use case for deploying Palo Alto Networks NGFW in the public cloud?
extending the corporate data center into the public cloud
Which three components can be sent to WildFire for analysis? (Choose three.)
files traversing the firewall URL links found in email email attachments
Cloud security is a shared responsibility between the cloud provider and the customer. Which security platform is the cloud provider responsible for?
foundation services
In an HA configuration, which two failure detection methods rely on ICMP ping? (Choose two.)
heartbeats link groups
In an HA configuration, which three components are synchronized between the pair of firewalls? (Choose three.)
objects networks policies
In a destination NAT configuration, which option accurately completes the following sentence? A Security policy rule should be written to match the _______.
original pre-NAT source and destination addresses, but the post-NAT destination zone
Which cloud computing service model will enable an application developer to develop, manage, and test their applications without the expense of purchasing equipment?
platform as a service
Which cloud computing platform provides shared resources, servers, and storage in a pay-as-you-go model?
public
Because a firewall examines every packet in a session, a firewall can detect application ________?
shifts
What are two benefits of attaching a Decryption Profile to a Decryption policy no-decrypt rule? (Choose two.)
untrusted certificate checking expired certificate checking
The WildFire Portal website supports which three operations? (Choose three.)
upload files to WildFire for analysis report incorrect verdicts view WildFire verdicts
