Q1. Which two statements are true about DoS Protection Profiles and Policies? Choose 2 answers
A. They mitigate against SYN, UDP, ICMP, ICMPv6, and other IP Flood attacks on a zone basis, regardless of interface(s). They provide reconnaissance protection against TCP/UDP port scans and host sweeps.
B. They mitigate against SYN, UDP, ICMP, ICMPv6, and other IP Flood attacks. They provide resource protection by limiting the number of sessions that can be used.
C. They mitigate against volumetric attacks that leverage known vulnerabilities, brute force methods, amplification, spoofing, and other vulnerabilities.
D. They mitigate against SYN, UDP, ICMP, ICMPv6, and other IP Flood attacks by utilizing "random early drop".
Answer: B,D
Explanation:
Reference: https://live.paloaltonetworks.com/servlet/JiveServlet/previewBody/7158-102-3-25328/Application%20DDoS%20Mitigation.pdf page 4
Q2. In PAN-OS 5.0, how is Wildfire enabled?
A. Via the "Forward" and "Continue and Forward" File-Blocking actions
B. A custom file blocking action must be enabled for all PDF and PE type files
C. Wildfire is automatically enabled with a valid URL-Filtering license
D. Via the URL-Filtering "Continue" Action.
Answer: A
Q3. Given the following routing table:
Which configuration change on the firewall would cause it to use 10.66.24.88 as the nexthop for the 192.168.93.0/30 network?
A. Configuring the Administrative Distance for RIP to be higher than that of OSPF Ext
B. Configuring the metric for RIP to be higher than that of OSPF Int
C. Configuring the metric for RIP to be lower than that of OSPF Ext
D. Configuring the Administrative Distance for RIP to be lower than that of OSPF Int
Answer: D
Explanation:
Reference: https://live.paloaltonetworks.com/servlet/JiveServlet/previewBody/5284-102-3-17278/Route%20Redistribution%20and%20Filtering%20TechNote%20-%20Rev%20B.pdf
Q4. The "Drive-By Download" protection feature, under File Blocking profiles in Content-ID, provides:
A. Password-protected access to specific file downloads, for authorized users increased speed on the downloads of the allowed file types
B. Protection against unwanted downloads, by alerting the user with a response page indicating that file is going to be downloaded
C. The Administrator the ability to leverage Authentication Profiles in order to protect against unwanted downloads
Answer: C
Q5. A user is reporting that they cannot download a PDF file from the internet.
Which action will show whether the downloaded file has been blocked by a Security Profile?
A. Filter the Session Browser for all sessions from the user with the application "adobe".
B. Filter the System log for "Download Failed" messages.
C. Filter the Traffic logs for all traffic from the user that resulted in a Deny action.
D. Filter the Data Filtering logs for the user’s traffic and the name of the PDF file.
Answer: D
Q6. Which routing protocol is supported on the Palo Alto Networks platform?
A. BGP
B. RSTP
C. ISIS
D. RIPv1
Answer: A
Q7. Enabling "Highlight Unsused Rules" in the Security policy window will:
A. Hightlight all rules that did not immmediately match traffic.
B. Hightlight all rules that did not match traffic since the rule was created or since last reboot of the firewall
C. Allows the administrator to troubleshoot rules when a validation error occurs at the time of commit.
D. Allow the administrator to temporarily disable rules that do not match traffic, for testing purposes
Answer: B
Q8. Which source address translation type will allow multiple devices to share a single translated source address while using a single NAT Policy rule?
A. Dynamic IP and Port
B. Dynamic IP
C. Bi-directional
D. Static IP
Answer: A
Explanation:
Reference: https://www.paloaltonetworks.com/documentation/61/pan-os/pan-os/networking/nat.html
Q9. When Destination Network Address Translation is being performed, the destination in the corresponding Security Policy Rule should use:
A. The PostNAT destination zone and PostNAT IP address.
B. The PreNAT destination zone and PreNAT IP address.
C. The PreNAT destination zone and PostNAT IP address.
D. The PostNAT destination zone and PreNAT IP address.
Answer: D
Q10. A user complains that they are no longer able to access a needed work application after you have implemented vulnerability and anti-spyware profiles. The user's application uses a unique port. What is the most efficient way to allow the user access to this application?
A. Utilize an Application Override Rule, referencing the custom port utilzed by this application. Application Override rules bypass all Layer 7 inspection, thereby allowing access to this application.
B. In the Threat log, locate the event which is blocking access to the user's application and create a IP-based exemption for this user.
C. In the vulnerability and anti-spyware profiles, create an application exemption for the user's application.
D. Create a custom Security rule for this user to access the required application. Do not apply vulnerability and anti-spyware profiles to this rule.
Answer: B