Q1. A security engineer has been asked by management to optimize how Palo Alto Networks firewall syslog messages are forwarded to a syslog receiver. There are currently 20 PA-5060 s, each of which is configured to forward syslogs individually.
The security engineer would like to leverage their two M-100 appliances to send syslog messages from a single source and has already deployed one in Panorama mode and the other as a Log Collector.
What is the remaining step in implementing this solution?
A. Configure Collector Log Forwarding
B. Configure a Syslog Proxy Profile
C. Configure a Panorama Log Forwarding Profile
D. Enable Syslog Aggregation
Answer: A
Explanation:
Reference: https://live.paloaltonetworks.com/docs/DOC-7987
Q2. When troubleshooting Phase 1 of an IPSec VPN tunnel, what location will have the most informative logs?
A. Responding side, Traffic Logs
B. Initiating side, Traffic Logs
C. Responding side, System Logs
D. Initiating side, System Logs
Answer: C
Q3. Configuring a pair of devices into an Active/Active HA pair provides support for:
A. Higher session count
B. Redundant Virtual Routers
C. Asymmetric routing environments
D. Lower fail-over times
Answer: B
Q4. What built-in administrator role allows all rights except for the creation of administrative accounts and virtual systems?
A. superuser
B. vsysadmin
C. A custom role is required for this level of access
D. deviceadmin
Answer: D
Q5. Which of the following would be a reason to use an XML API to communicate with a Palo Alto Networks firewall?
A. So that information can be pulled from other network resources for User-ID
B. To allow the firewall to push UserID information to a Network Access Control (NAC) device.
C. To permit sys logging of User Identification events
Answer: B
Q6. Can multiple administrator accounts be configured on a single firewall?
A. Yes
B. No
Answer: A
Q7. When Network Address Translation has been performed on traffic, Destination Zones in Security rules should be based on:
A. Post-NAT addresses
B. The same zones used in the NAT rules
C. Pre-NAT addresses
D. None of the above
Answer: A
Q8. HOTSPOT
Match the description of an application field with its name.
Answer options may be used more than once or not at all.
Answer:
Q9. By default, all PA-5060 syslog data is forwarded out the Management interface. What needs to be configured in order to send syslog data out of a different interface?
A. Configure Service Route Only for Threats and URL Filtering, and the traffic will use the same route.
B. Configure an Interface Management Profile and apply it to the interface that the syslogs will be sent through.
C. Configure a Service Route for the Syslog service to use a dataplane interface.
D. Create a Log-Forwarding Profile that points to the device that will receive the syslogs.
Answer: C
Explanation:
Reference: https://www.paloaltonetworks.com/documentation/60/pan-os/pan-os/reports-and-logging/define-remote-logging-destinations.html
Q10. When creating an application filter, which of the following is true?
A. They are used by malware
B. Excessive bandwidth may be used as a filter match criteria
C. They are called dynamic because they automatically adapt to new IP addresses
D. They are called dynamic because they will automatically include new applications from an application signature update if the new application's type is included in the filter
Answer: D