Which statement is true about Deviating Devices and metrics?

A. A metric health baseline is determined by averaging the health performance for a given metric over seven days plus the standard deviation

B. Deviating Device Tab is only available with a SD-WAN Subscription

C. An Administrator can set the metric health baseline along with a valid standard deviation

D. Deviating Device Tab is only available for hardware-based firewalls

What is an advantage public cloud WildFire has over the private WildFire appliance?

A. signatures being available within minutes to protect global users once malware has been submitted

B. generating malware reports

C. using different types of operating systems (OSs) to test malware against

D. generating antivirus and domain name system (DNS) signatures for discovered malware and assigning a Uniform Resource Locator (URL) category to malicious links

Which two configuration elements can be used to prevent abuse of stolen credentials? (Choose two.)

A. multi-factor authentication (MFA)

B. URL Filtering Profiles

C. WildFire analysis

D. dynamic user groups (DUGs)

What is the key benefit of Palo Alto Networks Single Pass Parallel Processing design?

A. There are no benefits other than slight performance upgrades

B. It allows Palo Alto Networks to add new functions to existing hardware

C. Only one processor is needed to complete all the functions within the box

D. It allows Palo Alto Networks to add new devices to existing hardware

Access to a business site is blocked by URL Filtering inline machine learning (ML) and considered as a false-positive.
How should the site be made available?

A. Create a custom URL category and add it on exception of the inline ML profile.

B. Change the action of real-time-detection category on URL filtering profile.

C. Create a custom URL category and add it to the Security policy.

D. Disable URL Filtering inline ML.

Which action will protect against port scans from the internet?

A. Assign an Interface Management profile to the zone of the ingress interface

B. Assign Security profiles to Security policy rules for traffic sourcing from the untrust zone

C. Apply a Zone Protection profile on the zone of the ingress interface

D. Apply App-ID Security policy rules to block traffic sourcing from the untrust zone

There are different Master Keys on Panorama and managed firewalls.
What is the result if a Panorama Administrator pushes configuration to managed firewalls?

A. The push operation will fail regardless of an error or not within the configuration itself

B. Provided there’s no error within the configuration to be pushed, the push will succeed

C. The Master Key from the managed firewalls will be overwritten with the Master Key from Panorama

D. There will be a popup to ask if the Master Key from the Panorama should replace the Master Key from the managed firewalls

You have enabled the WildFire ML for PE files in the antivirus profile and have added the profile to the appropriate firewall rules. When you go to Palo Alto
Networks WildFire test av file and attempt to download the test file it is allowed through. In order to verify that the machine learning is working from the command line, which command returns a valid result?

A. show mlav cloud-status

B. show wfml cloud-status

C. show ml cloud-status

D. show wfav cloud-status

When having a customer pre-sales call, which aspects of the NGFW should be covered?

A. The NGFW simplifies your operations through analytics and automation while giving you consistent protection through exceptional visibility and control across the data center, perimeter, branch, mobile and cloud networks

B. The Palo Alto Networks-developed URL filtering database, PAN-DB provides high-performance local caching for maximum inline performance on URL lookups, and offers coverage against malicious URLs and IP addresses. As WildFire identifies unknown malware, zero-day exploits, and advanced persistent threats (APTs), the PAN-DB database is updated with information on malicious URLs so that you can block malware downloads and disable Command and Control (C2) communications to protect your network from cyberthreats. URL categories that identify confirmed malicious content ג€” malware, phishing, and C2 are updated every five minutes ג€” to ensure that you can manage access to these sites within minutes of categorization

C. The NGFW creates tunnels that allow users/systems to connect securely over a public network, as if they were connecting over a local area network (LAN). To set up a VPN tunnel you need a pair of devices that can authenticate each other and encrypt the flow of information between them The devices can be a pair of Palo Alto Networks firewalls, or a Palo Alto Networks firewall along with a VPN-capable device from another vendor

D. Palo Alto Networks URL Filtering allows you to monitor and control the sites users can access, to prevent phishing attacks by controlling the sites to which users can submit valid corporate credentials, and to enforce safe search for search engines like Google and Bing

Which two statements correctly describe what a Network Packet Broker does for a Palo Alto Networks NGFW? (Choose two.)

A. It provides a third-party SSL decryption option, which can increase the total number of third-party devices performing analysis and enforcement.

B. It allows SSL decryption to be offloaded to the NGFW and traffic to be decrypted only once.

C. It eliminates the need for a third-party SSL decryption option, which reduces the total number of third-party devices performing decryption.

D. It allows SSL decryption to be offloaded to the NGFW and traffic to be decrypted multiple times.

What aspect of PAN-OS allows for the NGFW admin to create a policy that provides auto-remediation for anomalous user behavior and malicious activity while maintaining user visibility?

A. Remote Device UserID Agent

B. user-to-tag mapping

C. Dynamic User Groups

D. Dynamic Address Groups

Which three of the following actions must be taken to enable Credential Phishing Prevention? (Choose three.)

A. Enable App-ID.

B. Define a uniform resource locator (URL) Filtering profile.

C. Enable User-ID.

D. Enable User Credential Detection.

E. Define a Secure Sockets Layer (SSL) decryption rule base.

Which three of the following are identified in the Best Practice Assessment tool? (Choose three.)

A. use of device management access and settings

B. use of decryption policies

C. presence of command-and-control (C2) sessions

D. identification of sanctioned and unsanctioned software-as-a-service (SaaS) application

E. measurement of the adoption of URL filters, App-ID, and User-ID

What two types of certificates are used to configure SSL Forward Proxy? (׀¡hoose two.)

A. Enterprise CA-signed certificates

B. Self-Signed certificates

C. Intermediate certificates

D. Private key certificates

What is the key benefit of Palo Alto Networks single-pass architecture (SPA) design?

A. It requires only one processor to complete all the functions within the box.

B. It allows the addition of new functions to existing hardware without affecting performance.

C. It allows the addition of new devices to existing hardware without affecting performance.

D. It decodes each network flow multiple times, therefore reducing throughput.

Which methods are used to check for Corporate Credential Submissions? (Choose three.)

A. Group Mapping

B. IP User Mapping

C. LDAP query

D. Domain Credential Filter

E. User ID Credential Check

Which security profile on the NGFW includes signatures to protect you from brute force attacks?

A. Zone Protection Profile

B. URL Filtering Profile

C. Vulnerability Protection Profile

D. Anti-Spyware Profile

The WildFire Inline Machine Learning is configured using which Content-ID profiles?

A. Antivirus Profile

B. WildFire Analysis Profile

C. Threat Prevention Profile

D. File Blocking Profile

In an HA pair running Active/Passive mode, over which interface do the dataplanes communicate?

A. HA3

B. HA1

C. HA2

D. HA4

A customer with a legacy firewall architecture focused on port-and-protocol-level security has heard that NGFWs open all ports by default.
Which of the following statements regarding Palo Alto Networks NGFWs is an appropriate rebuttal that explains an advantage over legacy firewalls?

A. They do not consider port information, instead relying on App-ID signatures that do not reference ports.

B. They protect all applications on all ports while leaving all ports open by default.

C. They can control applications by application-default service ports or a configurable list of approved ports on a per-policy basis.

D. They keep ports closed by default, only opening after understanding the application request, and then opening only the application-specified ports.

WildFire machine learning (ML) for portable executable (PE) files is enabled in the antivirus profile and added to the appropriate firewall rules in the profile. In the Palo Alto Networks WildFire test av file, an attempt to download the test file is allowed through.
Which command returns a valid result to verify the ML is working from the command line?

A. show wfml cloud-status

B. show ml cloud-status

C. show mlav cloud-status

D. show wfav cloud-status

Which two interface types can be associated to a virtual router? (Choose two.)

A. Loopback

B. Virtual Wire

C. VLAN

D. Layer 2

A potential customer requires an NGFW solution that enables high-throughput, low-latency network security and also inspects the application.
Which aspect of the Palo Alto Networks NGFW capabilities should be highlighted to help address these requirements?

A. single-pass architecture (SPA)

B. threat prevention

C. GlobalProtect

D. Elastic Load Balancing (ELB)

Which is the smallest Panorama solution that can be used to manage up to 2500 Palo Alto Networks Next Generation firewalls?

A. M-200

B. M-600

C. M-100

D. Panorama VM-Series

Which three platform components can identify and protect against malicious email links? (Choose three.)

A. WildFire hybrid cloud solution

B. WildFire public cloud

C. WF-500

D. M-200

E. M-600

Which two actions can be configured in an Anti-Spyware profile to address command-and-control (C2) traffic from compromised hosts? (Choose two.)

A. Redirect

B. Alert

C. Quarantine

D. Reset

Which two features are found in Palo Alto Networks NGFW but are absent in a legacy firewall product? (Choose two.)

A. Policy match is based on application

B. Traffic control is based on IP, port, and protocol

C. Traffic is separated by zones

D. Identification of application is possible on any port

A prospective customer wants to purchase a next-generation firewall (NGFW) and requires at least 2 million concurrent sessions with a minimum of 10Gbps of throughput with threat detection enabled.
Which tool will help quickly determine the correct size of NGFW for this customer?

A. Data Lake Calculator available on the Palo Alto Networks website

B. NGFW sizing app available for iOS and Android devices

C. Product Comparison tool available on the Palo Alto Networks website

D. Quoting tool available on the Palo Alto Networks website

What is the correct behavior when a Palo Alto Networks next-generation firewall (NGFW) is unable to retrieve a DNS verdict from DNS service cloud in the configured lookup time?

A. NGFW discard a response from the DNS server.

B. NGFW temporarily disable DNS Security function.

C. NGFW permit a response from the DNS server.

D. NGFW resend a verdict challenge to DNS service cloud.

What two types of traffic should you exclude from a decryption policy? (Choose two.)

A. All Business and regulatory traffic

B. All outbound traffic

C. All Mutual Authentication traffic

D. All SSL/TLS 1.3 traffic

Which three steps in the cyberattack lifecycle does Palo Alto Networks Security Operating Platform prevent? (Choose three.)

A. recon the target

B. deliver the malware

C. exfiltrate data

D. weaponize vulnerabilities

E. lateral movement

Within the Five-Step Methodology of Zero Trust, in which step would application access and user access be defined?

A. Step 1: Define the Protect Surface

B. Step 3: Architect a Zero Trust Network

C. Step 5: Monitor and Maintain the Network

D. Step 2: Map the Protect Surface Transaction Flows

E. Step 4: Create the Zero Trust Policy

What will best enhance security of a production online system while minimizing the impact for the existing network?

A. active/active high availability (HA)

B. Layer 2 interfaces

C. virtual systems

D. virtual wire

A Fortune 500 customer has expressed interest in purchasing WildFire; however, they do not want to send discovered malware outside of their network.
Which version of WildFire will meet this customer’s requirements?

A. WildFire Government Cloud

B. WildFire Public Cloud

C. WildFire Private Cloud

D. WildFire Secure Cloud

Which functionality is available to firewall users with an active Threat Prevention subscription, but no WildFire license?

A. Access to the WildFire API

B. WildFire hybrid deployment

C. PE file upload to WildFire

D. 5 minute WildFire updates to threat signatures

Which task would be identified in Best Practice Assessment tool?

A. identify the visibility and presence of command-and-control sessions

B. identify sanctioned and unsanctioned SaaS applications

C. identify the threats associated with each application

D. identify and provide recommendations for device management access

A customer is looking for an analytics tool that uses the logs on the firewall to detect actionable events on the network. They require something to automatically process a series of related threat events that, when combined, indicate a likely compromised host on their network or some other higher level conclusion. They need to pinpoint the area of risk, such as compromised hosts on the network, allows you to assess the risk and take action to prevent exploitation of network resources.
Which feature of PAN-OS can you talk about to address their requirement to optimize their business outcomes?

A. The Automated Correlation Engine

B. Cortex XDR and Cortex Data Lake

C. WildFire with API calls for automation

D. 3rd Party SIEM which can ingest NGFW logs and perform event correlation

What is an advantage of having WildFire machine learning (ML) capability inline on the firewall?

A. It eliminates of the necessity for dynamic analysis in the cloud.

B. It is always able to give more accurate verdicts than the cloud ML analysis, reducing false positives and false negatives,

C. It improves the CPU performance of content inspection.

D. It enables the firewall to block unknown malicious files in real time and prevent patient zero without disrupting business productivity.

In PAN-OS 10.0 and later, DNS Security allows policy actions to be applied based on which three domains? (Choose three.)

A. benign

B. government

C. command and control (C2)

D. malware

E. grayware

Which decryption requirement ensures that inspection can be provided to all inbound traffic routed to internal application and database servers?

A. Installation of certificates from the application server and database server on the NGFW and configuration of an SSL Inbound Decryption policy

B. Installation of a trusted root CA certificate on the NGFW and configuration of an SSL Inbound Decryption policy

C. Configuration of an SSL Inbound Decryption policy using one of the built-in certificates included in the certificate store

D. Configuration of an SSL Inbound Decryption policy without installing certificates

Which solution informs a customer concerned about zero-day targeted attacks whether an attack is specifically targeted at its property?

A. Panorama Correlation Report

B. AutoFocus

C. Cortex XSOAR Community Edition

D. Cortex XDR Prevent

What three Tabs are available in the Detailed Device Health on Panorama for hardware-based firewalls? (Choose three.)

A. Errors

B. Environments

C. Interfaces

D. Mounts

E. Throughput

F. Sessions

G. Status

Which CLI commands allows you to view SD-WAN events such as path selection and path quality measurements?

A. >show sdwan connection all

B. >show sdwan event

C. >show sdwan path-monitor stats vif

D. >show sdwan session distribution policy-name

When HTTP header logging is enabled on a URL Filtering profile, which attribute-value can be logged?

A. HTTP method

B. HTTP response status code

C. Content type

D. X-Forwarded-For

Which task would be included in the Best Practice Assessment (BPA) tool?

A. Identify sanctioned and unsanctioned software-as-a-service (SaaS) applications.

B. Identify and provide recommendations for device configurations.

C. Identify the threats associated with each application.

D. Identify the visibility and presence of command-and-control (C2) sessions.

WildFire subscription supports analysis of which three types? (Choose three.)

A. GIF

B. 7-Zip

C. Flash

D. RPM

E. ISO

F. DMG

Which two of the following does decryption broker provide on a NGFW? (Choose two.)

A. Decryption broker allows you to offload SSL decryption to the Palo Alto Networks next-generation firewall and decrypt traffic only once

B. Eliminates the need for a third party SSL decryption option which allows you to reduce the total number of third party devices performing analysis and enforcement

C. Provides a third party SSL decryption option which allows you to increase the total number of third party devices performing analysis and enforcement

D. Decryption broker allows you to offload SSL decryption to the Palo Alto Networks next-generation firewall and decrypt traffic multiple times

Which two methods are used to check for Corporate Credential Submissions? (Choose two.)

A. domain credential filter

B. IP user mapping

C. User-ID credential check

D. LDAP query

What helps avoid split brain in active/passive HA pair deployment?

A. Use a standard traffic interface as the HA2 backup

B. Enable preemption on both firewalls in the HA pair

C. Use the management interface as the HA1 backup link

D. Use a standard traffic interface as the HA3 link

A potential customer requires an NGFW solution which enables high-throughput, low-latency network security, all while incorporating unprecedented features and technology. They need a solution that solves the performance problems that plague today's security infrastructure.
Which aspect of the Palo Alto Networks NGFW capabilities can you highlight to help them address the requirements?

A. SP3 (Single Pass Parallel Processing)

B. GlobalProtect

C. Threat Prevention

D. Elastic Load Balancers