Which methods are used to check for Corporate Credential Submissions? (Choose three.)

A. Group Mapping

B. IP User Mapping

C. LDAP query

D. Domain Credential Filter

E. User ID Credential Check

Which three of the following are identified in the Best Practice Assessment tool? (Choose three.)

A. use of device management access and settings

B. use of decryption policies

C. presence of command-and-control (C2) sessions

D. identification of sanctioned and unsanctioned software-as-a-service (SaaS) application

E. measurement of the adoption of URL filters, App-ID, and User-ID

What component is needed if there is a large scale deployment of Next Generation Firewalls with multiple Panorama Management Servers?

A. M-600 Appliance

B. Panorama Large Scale VPN Plugin

C. Panorama Interconnect Plugin

D. Palo Alto Networks Cluster License

Which deployment option of Advanced URL Filtering (AURLF) would help a prospect that actively uses PAC files?

A. Explicit Proxy

B. WildFire

C. Phishing prevention

D. Drive-by download protection

A customer next-generation firewall (NGFW) proof-of-concept (POC) and final presentation have just been completed.
Which CLI command is used to clear data, remove all logs, and restore default configuration?

A. >request private-data-reset system

B. >request reset system public-data-reset

C. >request system private-data-reset

D. >reset system public-data-reset

XYZ Corporation has a legacy environment with asymmetric routing. The customer understands that Palo Alto Networks firewalls can support asymmetric routing with redundancy.
Which two features must be enabled to meet the customer's requirements? (Choose two.)

A. Virtual systems

B. HA active/active

C. HA active/passive

D. Policy-based forwarding

Which three settings must be configured to enable Credential Phishing Prevention? (Choose three.)

A. validate credential submission detection

B. enable User-ID

C. define an SSL decryption rulebase

D. define URL Filtering Profile

E. Enable App-ID

What are two benefits of the sinkhole Internet Protocol (IP) address that DNS Security sends to the client in place of malicious IP addresses? (Choose two.)

A. It represents the remediation server that the client should visit for patching.

B. In situations where the internal DNS server is between the client and the firewall, it gives the firewall the ability to identify the clients who originated the query to the malicious domain.

C. The client communicates with it instead of the malicious IP address.

D. It will take over as the new DNS resolver for that client and prevent further DNS requests from occurring in the meantime.

A packet that is already associated with a current session arrives at the firewall.
What is the flow of the packet after the firewall determines that it is matched with an existing session?

A. It is sent through the fast path because session establishment is not required. If subject to content inspection, it will pass through multiple content inspection engines before egress.

B. It is sent through the slow path for further inspection. If subject to content inspection, it will pass through multiple content inspection engines before egress.

C. It is sent through the slow path for further inspection. If subject to content inspection, it will pass through a single stream-based content inspection engines before egress.

D. It is sent through the fast path because session establishment is not required. If subject to content inspection, it will pass through a single stream-based content inspection engine before egress.

What aspect of PAN-OS allows for the NGFW admin to create a policy that provides auto-remediation for anomalous user behavior and malicious activity while maintaining user visibility?

A. Remote Device UserID Agent

B. user-to-tag mapping

C. Dynamic User Groups

D. Dynamic Address Groups

What two types of certificates are used to configure SSL Forward Proxy? (׀¡hoose two.)

A. Enterprise CA-signed certificates

B. Self-Signed certificates

C. Intermediate certificates

D. Private key certificates

The Palo Alto Networks Cloud Identity Engine (CIE) includes which service that supports Identity Providers (IdP)?

A. Directory Sync and Cloud Authentication Service that support IdP using SAML 2.0

B. Directory Sync that supports IdP using SAML 2.0

C. Directory Sync and Cloud Authentication Service that support IdP using SAML 2.0 and OAuth2

D. Cloud Authentication Service that supports IdP using SAML 2.0 and OAuth2

Which security profile on the NGFW includes signatures to protect you from brute force attacks?

A. Zone Protection Profile

B. URL Filtering Profile

C. Vulnerability Protection Profile

D. Anti-Spyware Profile

Within the Five-Step Methodology of Zero Trust, in which step would application access and user access be defined?

A. Step 1: Define the Protect Surface

B. Step 3: Architect a Zero Trust Network

C. Step 5: Monitor and Maintain the Network

D. Step 2: Map the Protect Surface Transaction Flows

E. Step 4: Create the Zero Trust Policy

Palo Alto Networks publishes updated Command-and-Control signatures.
How frequently should the related signatures schedule be set?

A. Once an hour

B. Once a day

C. Once a week

D. Once every minute

A large number of next-generation firewalls (NGFWs), along with Panorama and WildFire have been positioned for a prospective customer. The customer is concerned about storing retrieving and archiving firewall logs and has indicated that logs must be retained for a minimum of 60 days. An additional requirement is ingestion of a maximum of 10,000 logs per second.
What will best meet the customer’s logging requirements?

A. NGFWs that have at least 10TB of internal storage

B. Appropriately sized NGFW based on use of the POPSICLE tool

C. Appropriate Data Lake storage determined by using the Data Lake Calculator

D. A pair of fully populated M-300 storage appliances

Which two actions should be taken prior to installing a decryption policy on an NGFW? (Choose two.)

A. Ensure throughput will not be an issue.

B. Determine whether local / regional decryption laws apply.

C. Deploy decryption settings all at one time.

D. Include all traffic types in decryption policy.

Which task would be included in the Best Practice Assessment (BPA) tool?

A. Identify sanctioned and unsanctioned software-as-a-service (SaaS) applications.

B. Identify and provide recommendations for device configurations.

C. Identify the threats associated with each application.

D. Identify the visibility and presence of command-and-control (C2) sessions.

Which three considerations should be made prior to installing a decryption policy on the NGFW? (Choose three.)

A. Include all traffic types in decryption policy

B. Inability to access websites

C. Exclude certain types of traffic in decryption policy

D. Deploy decryption setting all at one time

E. Ensure throughput is not an issue

Which proprietary technology solutions will allow a customer to identify and control traffic sources regardless of internet protocol (IP) address or network segment?

A. User-ID and Device-ID

B. Source-ID and Device-ID

C. Source-ID and Network-ID

D. User-ID and Source-ID

Which decryption requirement ensures that inspection can be provided to all inbound traffic routed to internal application and database servers?

A. Installation of certificates from the application server and database server on the NGFW and configuration of an SSL Inbound Decryption policy

B. Installation of a trusted root CA certificate on the NGFW and configuration of an SSL Inbound Decryption policy

C. Configuration of an SSL Inbound Decryption policy using one of the built-in certificates included in the certificate store

D. Configuration of an SSL Inbound Decryption policy without installing certificates

You have enabled the WildFire ML for PE files in the antivirus profile and have added the profile to the appropriate firewall rules. When you go to Palo Alto
Networks WildFire test av file and attempt to download the test file it is allowed through. In order to verify that the machine learning is working from the command line, which command returns a valid result?

A. show mlav cloud-status

B. show wfml cloud-status

C. show ml cloud-status

D. show wfav cloud-status

Which two of the following does decryption broker provide on a NGFW? (Choose two.)

A. Decryption broker allows you to offload SSL decryption to the Palo Alto Networks next-generation firewall and decrypt traffic only once

B. Eliminates the need for a third party SSL decryption option which allows you to reduce the total number of third party devices performing analysis and enforcement

C. Provides a third party SSL decryption option which allows you to increase the total number of third party devices performing analysis and enforcement

D. Decryption broker allows you to offload SSL decryption to the Palo Alto Networks next-generation firewall and decrypt traffic multiple times

WildFire subscription supports analysis of which three types? (Choose three.)

A. GIF

B. 7-Zip

C. Flash

D. RPM

E. ISO

F. DMG

Which action will protect against port scans from the internet?

A. Assign an Interface Management profile to the zone of the ingress interface

B. Assign Security profiles to Security policy rules for traffic sourcing from the untrust zone

C. Apply a Zone Protection profile on the zone of the ingress interface

D. Apply App-ID Security policy rules to block traffic sourcing from the untrust zone

Which solution informs a customer concerned about zero-day targeted attacks whether an attack is specifically targeted at its property?

A. Panorama Correlation Report

B. AutoFocus

C. Cortex XSOAR Community Edition

D. Cortex XDR Prevent

Which is the smallest Panorama solution that can be used to manage up to 2500 Palo Alto Networks Next Generation firewalls?

A. M-200

B. M-600

C. M-100

D. Panorama VM-Series

What are three valid sources that are supported for user IP address mapping in Palo Alto Networks NGFW? (Choose three.)

A. RADIUS

B. Client Probing

C. Lotus Domino

D. Active Directory monitoring

E. TACACS

F. eDirectory monitoring

In which step of the Palo Alto Networks Five-Step Zero Trust Methodology would an organization's critical data, applications, assets, and services (DAAS) be identified?

A. Step 1: Define the protect surface.

B. Step 4: Create the Zero Trust policy.

C. Step 3: Architect a Zero Trust network.

D. Step 2: Map the transaction flows.

Which action can prevent users from unknowingly downloading potentially malicious file types from the internet?

A. Apply a File Blocking profile to Security policy rules that allow general web access.

B. Apply a Zone Protection profile to the untrust zone.

C. Assign a Vulnerability profile to Security policy rules that deny general web access.

D. Assign an Antivirus profile to Security policy rules that deny general web access.

When HTTP header logging is enabled on a URL Filtering profile, which attribute-value can be logged?

A. HTTP method

B. HTTP response status code

C. Content type

D. X-Forwarded-For

Which two actions can be taken to enforce protection from brute force attacks in the security policy? (Choose two.)

A. Create a log forwarding object to send logs to Panorama and a third-party syslog server event correlation

B. Install content updates that include new signatures to protect against emerging threats

C. Attach the vulnerability profile to a security rule

D. Add the URL filtering profile to a security rule

Which CLI commands allows you to view SD-WAN events such as path selection and path quality measurements?

A. >show sdwan connection all

B. >show sdwan event

C. >show sdwan path-monitor stats vif

D. >show sdwan session distribution policy-name

Which two actions can be configured in an Anti-Spyware profile to address command-and-control (C2) traffic from compromised hosts? (Choose two.)

A. Redirect

B. Alert

C. Quarantine

D. Reset

What is the key benefit of Palo Alto Networks single-pass architecture (SPA) design?

A. It requires only one processor to complete all the functions within the box.

B. It allows the addition of new functions to existing hardware without affecting performance.

C. It allows the addition of new devices to existing hardware without affecting performance.

D. It decodes each network flow multiple times, therefore reducing throughput.

A customer is concerned about zero-day targeted attacks against its intellectual property.
Which solution informs a customer whether an attack is specifically targeted at them?

A. Cortex XDR Prevent

B. AutoFocus

C. Cortex XSOAR Community edition

D. Panorama Correlation Report

What are two ways to manually add and remove members of dynamic user groups (DUGs)? (Choose two.)

A. Tag the user through Active Directory.

B. Tag the user using Panorama or the Web UI of the firewall.

C. Tag the user through the firewall’s XML API.

D. Add the user to an external dynamic list (EDL).

What helps avoid split brain in active/passive HA pair deployment?

A. Use a standard traffic interface as the HA2 backup

B. Enable preemption on both firewalls in the HA pair

C. Use the management interface as the HA1 backup link

D. Use a standard traffic interface as the HA3 link

What is used to choose the best path on a virtual router that has two or more different routes to the same destination?

A. Metric

B. Source zone

C. Administrative distance

D. Path monitoring

The WildFire Inline Machine Learning is configured using which Content-ID profiles?

A. Antivirus Profile

B. WildFire Analysis Profile

C. Threat Prevention Profile

D. File Blocking Profile

Which two of the following are required when configuring the Domain Credential Filter method for preventing phishing attacks? (Choose two.)

A. LDAP connector

B. Group mapping

C. IP-address-to-username mapping

D. Windows User-ID agent

Which two methods will help avoid Split Brain when running HA in Active/Active mode? (Choose two.)

A. Configure a Backup HA1 Interface

B. Configure a Heartbeat Backup

C. Create a loopback IP address and use that as a Source Interface

D. Place your management interface in an Aggregate Interface Group configuration

A customer requests that a known spyware threat signature be triggered based on a rate of occurrence, for example, 10 hits in 5 seconds.
How is this goal accomplished?

A. Create a custom spyware signature matching the known signature with the time attribute

B. Add a correlation object that tracks the occurrences and triggers above the desired threshold

C. Submit a request to Palo Alto Networks to change the behavior at the next update

D. Configure the Anti-Spyware profile with the number of rule counts to match the occurrence frequency

If a Palo Alto Networks Next-Generation Firewall (NGFW) already has Advanced Threat Prevention (ATP) enabled what is the throughput impact of also enabling Wildfire and Advanced URL Filtering (AURLF)?

A. The throughput will decrease with each additional subscription enabled.

B. The throughput will remain consistent, but the maximum number of simultaneous sessions will decrease.

C. The throughput will remain consistent regardless of the additional subscriptions enabled.

D. The throughput will decrease, but the maximum simultaneous sessions will remain consistent.

A customer is starting to understand their Zero Trust protect surface using the Palo Alto Networks Zero Trust reference architecture.
What are two steps in this process? (Choose two.)

A. Prioritize securing the endpoints of privileged users because if non-privileged user endpoints are exploited, the impact will be minimal due to perimeter controls.

B. Categorize data and applications by levels of sensitivity.

C. Gain visibility of and control over applications and functionality in the traffic flow using a port and protocol firewall.

D. Validate user identities through authentication.

Which PAN-OS feature helps prevent user credential theft?

A. Drive-by download protection

B. Advanced URL Filtering (AURLF)

C. Data loss prevention (DLP)

D. Multi-factor authentication (MFA)

A customer with a legacy firewall architecture focused on port-and-protocol-level security has heard that NGFWs open all ports by default.
Which of the following statements regarding Palo Alto Networks NGFWs is an appropriate rebuttal that explains an advantage over legacy firewalls?

A. They do not consider port information, instead relying on App-ID signatures that do not reference ports.

B. They protect all applications on all ports while leaving all ports open by default.

C. They can control applications by application-default service ports or a configurable list of approved ports on a per-policy basis.

D. They keep ports closed by default, only opening after understanding the application request, and then opening only the application-specified ports.

Which task would be identified in Best Practice Assessment tool?

A. identify the visibility and presence of command-and-control sessions

B. identify sanctioned and unsanctioned SaaS applications

C. identify the threats associated with each application

D. identify and provide recommendations for device management access

Which functionality is available to firewall users with an active Threat Prevention subscription, but no WildFire license?

A. Access to the WildFire API

B. WildFire hybrid deployment

C. PE file upload to WildFire

D. 5 minute WildFire updates to threat signatures

Which three actions should be taken before deploying a firewall evaluation unit in the customer's environment? (Choose three.)

A. Reset the evaluation unit to factory default to ensure that data from any previous customer evaluation is removed

B. Request that the customer make port 3978 available to allow the evaluation unit to communicate with Panorama

C. Upgrade the evaluation unit to the most current recommended firmware, unless a demo of the upgrade process is planned

D. Inform the customer that they will need to provide a SPAN port for the evaluation unit assuming a TAP mode deployment

E. Set expectations around which information will be presented in the Security Lifecycle Review because sensitive information may be made visible