Q1. Which fields can be altered in the default Vulnerability Protection Profile? A. Category
B. Severity
C. None
Answer: C
Q2. Select the implicit rules enforced on traffic failing to match any user defined Security Policies:
A. Intra-zone traffic is denied
B. Inter-zone traffic is denied
C. Intra-zone traffic is allowed
D. Inter-zone traffic is allowed
Answer: B,C
Q3. In PAN-OS 5.0, which of the following features is supported with regards to IPv6?
A. OSPF
B. NAT64
C. IPSec VPN tunnels
D. None of the above
Answer: B
Q4. Palo Alto Networks maintains a dynamic database of malicious domains. Which two Security Platform components use this database to prevent threats? Choose 2 answers
A. Brute-force signatures
B. DNS-based command-and-control signatures
C. PAN-DB URL Filtering
D. BrightCloud URL Filtering
Answer: B,C
Explanation:
Reference: https://www.paloaltonetworks.com/products/features/apt-prevention.html
Q5. Which of the following interfaces types will have a MAC address?
A. Layer 3
B. Tap
C. Vwire
D. Layer 2
Answer: D
Q6. What can cause missing SSL packets when performing a packet capture on data plane interfaces?
A. There is a hardware problem with the offloading FPGA on the management plane.
B. The missing packets are offloaded to the management plane CPU.
C. The packets are hardware offloaded to the offload processor on the data plane.
D. The packets are not captured because they are encrypted.
Answer: C
Explanation:
Reference: https://live.paloaltonetworks.com/docs/DOC-8621
Q7. A network engineer experienced network reachability problems through the firewall. The routing table on the device is complex. To troubleshoot the problem the engineer ran a Command Line Interface (CLI) command to determine the egress interface for traffic destined to 98.139.183.24. The command resulted in the following output:
How should this output be interpreted?
A. There is no route for the IP address 98.139.183.24, and there is a default route for outbound traffic.
B. There is no interface in the firewall with the IP address 98.139.183.24.
C. In virtual-router vrl, there is a route in the routing table for the network 98.139.0.0/16.
D. There is no route for the IP address 98.139.183.24, and there is no default route.
Answer: D
Q8. Which of the following fields is not available in DoS policy?
A. Destination Zone
B. Source Zone
C. Application
D. Service
Answer: C
Q9. A network administrator uses Panorama to push security policies to managed firewalls at branch offices.
Which policy type should be configured on Panorama if the administrator wishes to allow local administrators at the branch office sites to override these policies?
A. Implicit Rules
B. Post Rules
C. Default Rules
D. Pre Rules
Answer: D
Q10. Which link is used by an Active-Passive cluster to synchronize session information?
A. The Data Link
B. The Control Link
C. The Uplink
D. The Management Link
Answer: A