In which threat profile object would you configure the DNS Security service?

A. Antivirus

B. Anti-Spyware

C. WildFire

D. URL Filtering

Which Security Profile can provide protection against ICMP floods, based on individual combinations of a packet's source and destination IP addresses?

A. DoS protection

B. URL filtering

C. packet buffering

D. anti-spyware

A Security Profile can block or allow traffic at which point?

A. on either the data plane or the management plane

B. after it is matched to a Security policy rule that allows or blocks traffic

C. after it is matched to a Security policy rule that allows traffic

D. before it is matched to a Security policy rule

When creating a custom URL category object, which is a valid type?

A. domain match

B. host names

C. wildcard

D. category match

To enable DNS sinkholing, which two addresses should be reserved? (Choose two.)

A. MAC

B. IPv6

C. Email

D. IPv4

What does rule shadowing in Security policies do?

A. It shows rules with the same Source Zones and Destination Zones.

B. It indicates that a broader rule matching the criteria is configured above a more specific rule.

C. It indicates rules with App-ID that are not configured as port-based.

D. It shows rules that are missing Security profile configurations.

Which System log severity level would be displayed as a result of a user password change?

A. Low

B. Medium

C. High

D. Critical

Which step is mandatory to create a static route in PAN-OS?

A. Apply the autonomous system number.

B. Specify the outgoing interface.

C. Select the dynamic routing protocol.

D. Select the virtual router.

An administrator is trying to understand which NAT policy is being matched.
In what order does the firewall evaluate NAT policies?

A. Dynamic IP and Port first, then Static, and finally Dynamic IP

B. From top to bottom

C. Static NAT rules first, then lop down

D. Static NAT rules first, then Dynamic

Which operations are allowed when working with App-ID application tags?

A. Predefined tags may be deleted.

B. Predefined tags may be augmented by custom tags.

C. Predefined tags may be modified.

D. Predefined tags may be updated by WildFire dynamic updates.

Which user mapping method could be used to discover user IDs in an environment with multiple Windows domain controllers?

A. Active Directory monitoring

B. Windows session monitoring

C. Windows client probing

D. domain controller monitoring

The compliance officer requests that all evasive applications need to be blocked on all perimeter firewalls out to the internet. The firewall is configured with two zones:
1. trust for internal networks
2. untrust to the internet
Based on the capabilities of the Palo Alto Networks NGFW, what are two ways to configure a security policy using App-ID to comply with this request? (Choose two.)

A. Create a deny rule at the top of the policy from trust to untrust with service application-default and add an application filter with the evasive characteristic

B. Create a deny rule at the top of the policy from trust to untrust over any service and select evasive as the application

C. Create a deny rule at the top of the policy from trust to untrust with service application-default and select evasive as the application

D. Create a deny rule at the top of the policy from trust to untrust over any service and add an application filter with the evasive characteristic

Which Security policy set should be used to ensure that a policy is applied first?

A. Local firewall policy

B. Shared pre-rulebase

C. Parent device-group pre-rulebase

D. Child device-group pre-rulebase

Which profile must be applied to the Security policy rule to block spyware on compromised hosts from trying to phone-home or beacon out to external command-and-control (C2) servers?

A. Anti-spyware

B. File blocking

C. WildFire

D. URL filtering

According to the best practices for mission critical devices, what is the recommended interval for antivirus updates?

A. by minute

B. hourly

C. daily

D. weekly

In which section of the PAN-OS GUI does an administrator configure URL Filtering profiles?

A. Network

B. Policies

C. Objects

D. Device

Which Security Profile mitigates attacks based on packet count?

A. zone protection profile

B. URL filtering profile

C. antivirus profile

D. vulnerability profile

By default, which action is assigned to the interzone-default rule?

A. Allow

B. Deny

C. Reset-client

D. Reset-server

Which type of administrator account cannot be used to authenticate user traffic flowing through the firewall's data plane?

A. Kerberos user

B. SAML user

C. local database user

D. local user

Which three configuration settings are required on a Palo Alto Network firewall management interface? (Choose three.)

A. hostname

B. netmask

C. default gateway

D. auto-negotiation

E. IP address

During the packet flow process, which two processes are performed in application identification? (Choose two.)

A. pattern based application identification

B. application override policy match

C. session application identified

D. application changed from content inspection

At which point in the App-ID update process can you determine if an existing policy rule is affected by an App-ID update?

A. after clicking Check Now in the Dynamic Update window

B. after committing the firewall configuration

C. after installing the update

D. after downloading the update

What must be considered with regards to content updates deployed from Panorama?

A. Content update schedulers need to be configured separately per device group.

B. Panorama can only install up to five content versions of the same type for potential rollback scenarios.

C. A PAN-OS upgrade resets all scheduler configurations for content updates.

D. Panorama can only download one content update at a time for content updates of the same type.

How can a complete overview of the logs be displayed to an administrator who has permission in the system to view them?

A. Select the unified log entry in the side menu.

B. Modify the number of columns visible on the page.

C. Modify the number of logs visible on each page.

D. Select the system logs entry in the side menu.

The PowerBall Lottery has reached a high payout amount and a company has decided to help employee morale by allowing employees to check the number, but doesn't want to unblock the gambling URL category.
Which two methods will allow the employees to get to the PowerBall Lottery site without the company unlocking the gambling URL category? (Choose two.)

A. Add all the URLs from the gambling category except powerball.com to the block list and then set the action for the gambling category to allow.

B. Manually remove powerball.com from the gambling URL category.

C. Add *.powerball.com to the allow list

D. Create a custom URL category called PowerBall and add *.powerball.com to the category and set the action to allow.

What are three characteristics of the Palo Alto Networks DNS Security service? (Choose three.)

A. It requires an active subscription to a third-party DNS Security service

B. It requires a valid URL Filtering license

C. It uses techniques such as DGA/DNS tunneling detection and machine learning

D. It requires a valid Threat Prevention license

E. It enables users to access real-time protections using advanced predictive analytics

What two authentication methods on the Palo Alto Networks firewalls support authentication and authorization for role-based access control (RBAC)? (Choose two.)

A. SAML

B. TACACS+

C. LDAP

D. Kerberos

Which option shows the attributes that are selectable when setting up application filters?

A. Category, Subcategory, Technology, and Characteristic

B. Category, Subcategory, Technology, Risk, and Characteristic

C. Name, Category, Technology, Risk, and Characteristic

D. Category, Subcategory, Risk, Standard Ports, and Technology

Which three interface deployment methods can be used to block traffic flowing through the Palo Alto Networks firewall? (Choose three.)

A. Tap

B. HA

C. Layer 3

D. Layer 2

E. Virtual Wire

Palo Alto Networks firewall architecture accelerates content inspection performance while minimizing latency using which two components? (Choose two.)

A. Network Processing Engine

B. Policy Engine

C. Parallel Processing Hardware

D. Single Stream-based Engine

An administrator needs to add capability to perform real time signature lookups to block or sinkhole all known malware domains.
Which type of single, unified engine will get this result?

A. Content ID

B. App-ID

C. Security Processing Engine

D. User-ID

What is an advantage for using application tags?

A. They are helpful during the creation of new zones.

B. They help content updates automate policy updates.

C. They help with the creation of interfaces.

D. They help with the design of IP address allocations in DHCP.

Access to which feature requires a URL Filtering license?

A. PAN-DB database

B. External dynamic lists

C. DNS Security

D. Custom URL categories

What are three valid information sources that can be used when tagging users to dynamic user groups? (Choose three.)

A. firewall logs

B. custom API scripts

C. Security Information and Event Management Systems (SIEMS), such as Splunk

D. biometric scanning results from iOS devices

E. DNS Security service

Which path is used to save and load a configuration with a Palo Alto Networks firewall?

A. Device>Setup>Services

B. Device>Setup>Management

C. Device>Setup>Operations

D. Device>Setup>Interfaces

Which path in PAN-OS 11.x would you follow to see how new and modified App-IDs impact a Security policy?

A. Device > Dynamic Updates > Review App-IDs

B. Objects > Dynamic Updates > Review App-IDs

C. Objects > Dynamic Updates > Review Policies

D. Device > Dynamic Updates > Review Policies

Which object would an administrator create to block access to all high-risk applications?

A. HIP profile

B. Vulnerability Protection profile

C. application group

D. application filter

What is the function of an application group object?

A. It contains applications that you want to treat similarly in policy

B. It groups applications dynamically based on application attributes that you define

C. It represents specific ports and protocols for an application

D. It identifies the purpose of a rule or configuration object and helps you better organize your rulebase

What are three DNS policy actions? (Choose three.)

A. Block

B. Allow

C. Strict

D. Sinkhole

E. Alert

An administrator is troubleshooting an issue with an accounts payable application.
Which log setting could be temporarily configured to improve visibility?

A. Log at Session Start and Log at Session End both enabled

B. Log at Session Start and Log at Session End both disabled

C. Log at Session Start enabled, Log at Session End disabled

D. Log at Session Start disabled, Log at Session End enabled

An administrator is reviewing the Security policy rules shown in the screenshot.
Why are the two fields in the Security policy EDL-Deny highlighted in red?
 

A. Because antivirus inspection is enabled for this policy

B. Because the destination zone, address, and device are all “any”

C. Because the action is Deny

D. Because the Security-EDL tag has been assigned the red color

Which statement is true regarding a Heatmap report?

A. When guided by authorized sales engineer, it helps determine the areas of greatest security risk

B. It runs only on firewalls.

C. It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture.

D. It provides a percentage of adoption for each assessment area.

Where in Panorama would Zone Protection profiles be configured?

A. Templates

B. Device Groups

C. Shared

D. Panorama tab

The CFO found a USB drive in the parking lot and decide to plug it into their corporate laptop. The USB drive had malware on it that loaded onto their computer and then contacted a known command and control (CnC) server, which ordered the infected machine to begin Exfiltrating data from the laptop.
Which security profile feature could have been used to prevent the communication with the CnC server?

A. Create an anti-spyware profile and enable DNS Sinkhole

B. Create an antivirus profile and enable DNS Sinkhole

C. Create a URL filtering profile and block the DNS Sinkhole category

D. Create a security policy and enable DNS Sinkhole

Which type of address object is www.paloaltonetworks.com?

A. named address

B. IP range

C. FQDN

D. IP netmask

What is the Anti-Spyware Security profile default action?

A. Sinkhole

B. Reset-client

C. Drop

D. Reset-both

You receive notification about a new malware that infects hosts. An infection results in the infected host attempting to contact a command-and-control server.
Which Security Profile detects and prevents this threat from establishing a command-and-control connection?

A. Vulnerability Protection Profile applied to outbound Security policy rules.

B. Anti-Spyware Profile applied to outbound security policies.

C. Antivirus Profile applied to outbound Security policy rules

D. Data Filtering Profile applied to outbound Security policy rules.

Identify the correct order to configure the PAN-OS integrated USER-ID agent.
3. add the service account to monitor the server(s)
2. define the address of the servers to be monitored on the firewall
4. commit the configuration, and verify agent connection status
1. create a service account on the Domain Controller with sufficient permissions to execute the User- ID agent

A. 2-3-4-1

B. 1-4-3-2

C. 3-1-2-4

D. 1-3-2-4

Starting with PAN-OS version 9.1, application dependency information is now reported in which two locations? (Choose two.)

A. on the App Dependency tab in the Commit Status window

B. on the Policy Optimizer’s Rule Usage page

C. on the Application tab in the Security Policy Rule creation window

D. on the Objects > Applications browser pages

Where within the URL Filtering security profile must a user configure the action to prevent credential submissions?

A. URL Filtering > Categories

B. URL Filtering > URL Filtering Settings

C. URL Filtering > Inline Categorization

D. URL Filtering > HTTP Header Insertion