The ability to prevent users from resolving internet protocol (IP) addresses to malicious, grayware, or newly registered domains is provided by which Security service?

A. DNS Security

B. Threat Prevention

C. WildFire

D. IoT Security

Which two features can be enabled to support asymmetric routing with redundancy on a Palo Alto Networks next-generation firewall (NGFW)? (Choose two.)

A. multiple virtual systems

B. active / active high availability (HA)

C. non-SYN first packet

D. asymmetric routing profile

Which statement is true about Deviating Devices and metrics?

A. A metric health baseline is determined by averaging the health performance for a given metric over seven days plus the standard deviation

B. Deviating Device Tab is only available with a SD-WAN Subscription

C. An Administrator can set the metric health baseline along with a valid standard deviation

D. Deviating Device Tab is only available for hardware-based firewalls

Which two interface types can be associated to a virtual router? (Choose two.)

A. Loopback

B. Virtual Wire

C. VLAN

D. Layer 2

Which two actions should be taken to provide some protection when a client chooses not to block uncategorized websites? (Choose two.)

A. Add a URL-filtering profile with the action set to “Continue” for unknown URL categories attached to Security policy rules that allow web access.

B. Attach a file-blocking profile to Security policy rules that allow uncategorized websites.

C. Add a Security policy rule using only known URL categories with the action set to “Allow.”

D. Attach a data-filtering profile with a custom data pattern to Security policy rules that deny uncategorized websites.

A large number of next-generation firewalls (NGFWs), along with Panorama and WildFire have been positioned for a prospective customer. The customer is concerned about storing retrieving and archiving firewall logs and has indicated that logs must be retained for a minimum of 60 days. An additional requirement is ingestion of a maximum of 10,000 logs per second.
What will best meet the customer’s logging requirements?

A. NGFWs that have at least 10TB of internal storage

B. Appropriately sized NGFW based on use of the POPSICLE tool

C. Appropriate Data Lake storage determined by using the Data Lake Calculator

D. A pair of fully populated M-300 storage appliances

Which two actions can be configured in an Anti-Spyware profile to address command-and-control (C2) traffic from compromised hosts? (Choose two.)

A. Redirect

B. Alert

C. Quarantine

D. Reset

A customer requests that a known spyware threat signature be triggered based on a rate of occurrence, for example, 10 hits in 5 seconds.
How is this goal accomplished?

A. Create a custom spyware signature matching the known signature with the time attribute

B. Add a correlation object that tracks the occurrences and triggers above the desired threshold

C. Submit a request to Palo Alto Networks to change the behavior at the next update

D. Configure the Anti-Spyware profile with the number of rule counts to match the occurrence frequency

The Palo Alto Networks Cloud Identity Engine (CIE) includes which service that supports Identity Providers (IdP)?

A. Directory Sync and Cloud Authentication Service that support IdP using SAML 2.0

B. Directory Sync that supports IdP using SAML 2.0

C. Directory Sync and Cloud Authentication Service that support IdP using SAML 2.0 and OAuth2

D. Cloud Authentication Service that supports IdP using SAML 2.0 and OAuth2

Which three of the following are identified in the Best Practice Assessment tool? (Choose three.)

A. use of device management access and settings

B. use of decryption policies

C. presence of command-and-control (C2) sessions

D. identification of sanctioned and unsanctioned software-as-a-service (SaaS) application

E. measurement of the adoption of URL filters, App-ID, and User-ID

What two types of certificates are used to configure SSL Forward Proxy? (׀¡hoose two.)

A. Enterprise CA-signed certificates

B. Self-Signed certificates

C. Intermediate certificates

D. Private key certificates

In PAN-OS 10.0 and later, DNS Security allows policy actions to be applied based on which three domains? (Choose three.)

A. benign

B. government

C. command and control (C2)

D. malware

E. grayware

Which two of the following does decryption broker provide on a NGFW? (Choose two.)

A. Decryption broker allows you to offload SSL decryption to the Palo Alto Networks next-generation firewall and decrypt traffic only once

B. Eliminates the need for a third party SSL decryption option which allows you to reduce the total number of third party devices performing analysis and enforcement

C. Provides a third party SSL decryption option which allows you to increase the total number of third party devices performing analysis and enforcement

D. Decryption broker allows you to offload SSL decryption to the Palo Alto Networks next-generation firewall and decrypt traffic multiple times

What is an advantage public cloud WildFire has over the private WildFire appliance?

A. signatures being available within minutes to protect global users once malware has been submitted

B. generating malware reports

C. using different types of operating systems (OSs) to test malware against

D. generating antivirus and domain name system (DNS) signatures for discovered malware and assigning a Uniform Resource Locator (URL) category to malicious links

Which two methods are used to check for Corporate Credential Submissions? (Choose two.)

A. domain credential filter

B. IP user mapping

C. User-ID credential check

D. LDAP query

Which two actions can be taken to enforce protection from brute force attacks in the security policy? (Choose two.)

A. Create a log forwarding object to send logs to Panorama and a third-party syslog server event correlation

B. Install content updates that include new signatures to protect against emerging threats

C. Attach the vulnerability profile to a security rule

D. Add the URL filtering profile to a security rule

Which two actions should be taken prior to installing a decryption policy on an NGFW? (Choose two.)

A. Ensure throughput will not be an issue.

B. Determine whether local / regional decryption laws apply.

C. Deploy decryption settings all at one time.

D. Include all traffic types in decryption policy.

Within the Five-Step Methodology of Zero Trust, in which step would application access and user access be defined?

A. Step 1: Define the Protect Surface

B. Step 3: Architect a Zero Trust Network

C. Step 5: Monitor and Maintain the Network

D. Step 2: Map the Protect Surface Transaction Flows

E. Step 4: Create the Zero Trust Policy

A customer is designing a private data center to host their new web application along with a separate headquarters for users.
Which cloud-delivered security service (CDSS) would be recommended for the headquarters only?

A. WildFire

B. Threat Prevention

C. Advanced URL Filtering (AURLF)

D. DNS Security

For customers with high bandwidth requirements for Service Connections, what two limitations exist when onboarding multiple Service Connections to the same
Prisma Access location servicing a single Datacenter? (Choose two.)

A. Network segments in the Datacenter need to be advertised to only one Service Connection

B. The customer edge device needs to support policy-based routing with symmetric return functionality

C. The resources in the Datacenter will only be able to reach remote network resources that share the same region

D. A maximum of four service connections per Datacenter are supported with this topology

What is the key benefit of Palo Alto Networks single-pass architecture (SPA) design?

A. It requires only one processor to complete all the functions within the box.

B. It allows the addition of new functions to existing hardware without affecting performance.

C. It allows the addition of new devices to existing hardware without affecting performance.

D. It decodes each network flow multiple times, therefore reducing throughput.

When HTTP header logging is enabled on a URL Filtering profile, which attribute-value can be logged?

A. HTTP method

B. HTTP response status code

C. Content type

D. X-Forwarded-For

What helps avoid split brain in active/passive HA pair deployment?

A. Use a standard traffic interface as the HA2 backup

B. Enable preemption on both firewalls in the HA pair

C. Use the management interface as the HA1 backup link

D. Use a standard traffic interface as the HA3 link

If a Palo Alto Networks Next-Generation Firewall (NGFW) already has Advanced Threat Prevention (ATP) enabled what is the throughput impact of also enabling Wildfire and Advanced URL Filtering (AURLF)?

A. The throughput will decrease with each additional subscription enabled.

B. The throughput will remain consistent, but the maximum number of simultaneous sessions will decrease.

C. The throughput will remain consistent regardless of the additional subscriptions enabled.

D. The throughput will decrease, but the maximum simultaneous sessions will remain consistent.

Which three of the following actions must be taken to enable Credential Phishing Prevention? (Choose three.)

A. Enable App-ID.

B. Define a uniform resource locator (URL) Filtering profile.

C. Enable User-ID.

D. Enable User Credential Detection.

E. Define a Secure Sockets Layer (SSL) decryption rule base.

A customer is looking for an analytics tool that uses the logs on the firewall to detect actionable events on the network. They require something to automatically process a series of related threat events that, when combined, indicate a likely compromised host on their network or some other higher level conclusion. They need to pinpoint the area of risk, such as compromised hosts on the network, allows you to assess the risk and take action to prevent exploitation of network resources.
Which feature of PAN-OS can you talk about to address their requirement to optimize their business outcomes?

A. The Automated Correlation Engine

B. Cortex XDR and Cortex Data Lake

C. WildFire with API calls for automation

D. 3rd Party SIEM which can ingest NGFW logs and perform event correlation

What is an advantage of having WildFire machine learning (ML) capability inline on the firewall?

A. It eliminates of the necessity for dynamic analysis in the cloud.

B. It is always able to give more accurate verdicts than the cloud ML analysis, reducing false positives and false negatives,

C. It improves the CPU performance of content inspection.

D. It enables the firewall to block unknown malicious files in real time and prevent patient zero without disrupting business productivity.

A potential customer requires an NGFW solution that enables high-throughput, low-latency network security and also inspects the application.
Which aspect of the Palo Alto Networks NGFW capabilities should be highlighted to help address these requirements?

A. single-pass architecture (SPA)

B. threat prevention

C. GlobalProtect

D. Elastic Load Balancing (ELB)

What are two benefits of the sinkhole Internet Protocol (IP) address that DNS Security sends to the client in place of malicious IP addresses? (Choose two.)

A. It represents the remediation server that the client should visit for patching.

B. In situations where the internal DNS server is between the client and the firewall, it gives the firewall the ability to identify the clients who originated the query to the malicious domain.

C. The client communicates with it instead of the malicious IP address.

D. It will take over as the new DNS resolver for that client and prevent further DNS requests from occurring in the meantime.

A potential customer requires an NGFW solution which enables high-throughput, low-latency network security, all while incorporating unprecedented features and technology. They need a solution that solves the performance problems that plague today's security infrastructure.
Which aspect of the Palo Alto Networks NGFW capabilities can you highlight to help them address the requirements?

A. SP3 (Single Pass Parallel Processing)

B. GlobalProtect

C. Threat Prevention

D. Elastic Load Balancers

Which four actions can be configured in an Anti-Spyware profile to address command-and-control traffic from compromised hosts? (Choose four.)

A. Reset

B. Quarantine

C. Drop

D. Allow

E. Redirect

F. Alert

A WildFire subscription is required for which two of the following activities? (Choose two.)

A. Enforce policy based on Host Information Profile (HIP).

B. Forward advanced file types from the firewall for analysis.

C. Filter uniform resource locator (URL) sites by category.

D. Decrypt Secure Sockets Layer (SSL).

E. Use the WildFire Application Programming Interface (API) to submit website links for analysis.

Which two of the following are required when configuring the Domain Credential Filter method for preventing phishing attacks? (Choose two.)

A. LDAP connector

B. Group mapping

C. IP-address-to-username mapping

D. Windows User-ID agent

What are three valid sources that are supported for user IP address mapping in Palo Alto Networks NGFW? (Choose three.)

A. RADIUS

B. Client Probing

C. Lotus Domino

D. Active Directory monitoring

E. TACACS

F. eDirectory monitoring

Which two products are included in the Prisma Brand? (Choose two.)

A. Prisma Cloud Compute

B. Panorama

C. NGFW

D. Prisma Cloud Enterprise

What is used to choose the best path on a virtual router that has two or more different routes to the same destination?

A. Metric

B. Source zone

C. Administrative distance

D. Path monitoring

What filtering criteria is used to determine what users to include as members of a dynamic user group?

A. Tags

B. Login IDs

C. Security Policy Rules

D. IP Addresses

Which two methods will help avoid Split Brain when running HA in Active/Active mode? (Choose two.)

A. Configure a Backup HA1 Interface

B. Configure a Heartbeat Backup

C. Create a loopback IP address and use that as a Source Interface

D. Place your management interface in an Aggregate Interface Group configuration

A customer is starting to understand their Zero Trust protect surface using the Palo Alto Networks Zero Trust reference architecture.
What are two steps in this process? (Choose two.)

A. Prioritize securing the endpoints of privileged users because if non-privileged user endpoints are exploited, the impact will be minimal due to perimeter controls.

B. Categorize data and applications by levels of sensitivity.

C. Gain visibility of and control over applications and functionality in the traffic flow using a port and protocol firewall.

D. Validate user identities through authentication.

A customer with a legacy firewall architecture is focused on port and protocol level security, and has heard that next generation firewalls open all ports by default.
What is the appropriate rebuttal that positions the value of a NGFW over a legacy firewall?

A. Palo Alto Networks does not consider port information, instead relying on App-ID signatures that do not reference ports

B. Default policies block all interzone traffic. Palo Alto Networks empowers you to control applications by default ports or a configurable list of approved ports on a per-policy basis

C. Palo Alto Networks keep ports closed by default, only opening ports after understanding the application request, and then opening only the application- specified ports

D. Palo Alto Networks NGFW protects all applications on all ports while leaving all ports opened by default

WildFire can discover zero-day malware in which three types of traffic? (Choose three.)

A. TFTP

B. SMTP

C. DNS

D. FTP

E. HTTPS

Which CLI commands allows you to view SD-WAN events such as path selection and path quality measurements?

A. >show sdwan connection all

B. >show sdwan event

C. >show sdwan path-monitor stats vif

D. >show sdwan session distribution policy-name

Which action will protect against port scans from the internet?

A. Assign an Interface Management profile to the zone of the ingress interface

B. Assign Security profiles to Security policy rules for traffic sourcing from the untrust zone

C. Apply a Zone Protection profile on the zone of the ingress interface

D. Apply App-ID Security policy rules to block traffic sourcing from the untrust zone

Which methods are used to check for Corporate Credential Submissions? (Choose three.)

A. Group Mapping

B. IP User Mapping

C. LDAP query

D. Domain Credential Filter

E. User ID Credential Check

Which three activities can the botnet report track? (Choose three.)

A. Accessing domains registered in the last 30 days

B. Visiting a malicious URL

C. Launching a P2P application

D. Detecting malware within a one-hour period

E. Initiating API calls to other applications

F. Using dynamic DNS domain providers

A customer requires protections and verdicts for PE (portable executable) and ELF (executable and linkable format) as well as integration with products and services can also access the immediate verdicts to coordinate enforcement to prevent successful attacks.
What competitive feature does Palo Alto Networks provide that will address this requirement?

A. File Blocking Profile

B. Dynamic Unpacking

C. WildFire

D. DNS Security

What two types of traffic should you exclude from a decryption policy? (Choose two.)

A. All Business and regulatory traffic

B. All outbound traffic

C. All Mutual Authentication traffic

D. All SSL/TLS 1.3 traffic

What three Tabs are available in the Detailed Device Health on Panorama for hardware-based firewalls? (Choose three.)

A. Errors

B. Environments

C. Interfaces

D. Mounts

E. Throughput

F. Sessions

G. Status

Which three mechanisms are valid for enabling user mapping? (Choose three.)

A. client probing

B. user behavior recognition

C. reverse DNS lookup

D. domain server monitoring

E. Captive Portal

Which solution informs a customer concerned about zero-day targeted attacks whether an attack is specifically targeted at its property?

A. Panorama Correlation Report

B. AutoFocus

C. Cortex XSOAR Community Edition

D. Cortex XDR Prevent