Q1. HOTSPOT
Match the components with their role in preventing threats.
Answer options may be used more than once or not at all.
Answer:
Q2. What is a prerequisite for configuring a pair of Palo Alto Networks firewalls in an Active/Passive High Availability (HA) pair?
A. The peer HA1 IP address must be the same on both firewalls.
B. The management interfaces must be on the same network.
C. The firewalls must have the same set of licenses.
D. The HA interfaces must be directly connected to each other.
Answer: C
Explanation:
Reference: https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/framemaker/60/pan-os/pan-os/section_4.pdf page 134
Q3. Which of the following is NOT a valid option for built-in CLI access roles?
A. read/write
B. superusers
C. vsysadmin
D. deviceadmin
Answer: A
Q4. What is the size limitation of files manually uploaded to WildFire
A. Configuarable up to 10 megabytes
B. Hard-coded at 10 megabytes
C. Hard-coded at 2 megabytes
D. Configuarable up to 20 megabytes
Answer: A
Q5. In Active/Active HA environments, redundancy for the HA3 interface can be achieved by
A. Configuring a corresponding HA4 interface
B. Configuring HA3 as an Aggregate Ethernet bundle
C. Configuring multiple HA3 interfaces
D. Configuring HA3 in a redundant group
Answer: B
Q6. Wildfire may be used for identifying which of the following types of traffic?
A. Malware
B. DNS
C. DHCP
D. URL Content
Answer: A
Q7. In an Anti-Virus profile, changing the action to “Block” for IMAP or POP decoders will result in the following:
A. The connection from the server will be reset
B. The Anti-virus profile will behave as if “Alert” had been specified for the action
C. The traffic will be dropped by the firewall
D. Error 541 being sent back to the server
Answer: B
Q8. What will the user experience when browsing a Blocked hacking website such as www.2600.com via Google Translator?
A. The URL filtering policy to Block is enforced
B. It will be translated successfully
C. It will be redirected to www.2600.com
D. User will get "HTTP Error 503 - Service unavailable" message
Answer: A
Q9. Which mechanism is used to trigger a High Availability (HA) failover if a firewall interface goes down?
A. Link Monitoring
B. Heartbeat Polling
C. Preemption
D. SNMP Polling
Answer: A
Explanation:
Reference: https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/framemaker/60/pan-os/pan-os/section_4.pdf page 130
Q10. When creating a Security Policy to allow Facebook in PAN-OS 5.0, how can you be sure that no other web-browsing traffic is permitted?
A. Ensure that the Service column is defined as "application-default" for this security rule. This will automatically include the implicit web-browsing application dependency.
B. Create a subsequent rule which blocks all other traffic
C. When creating the rule, ensure that web-browsing is added to the same rule. Both applications will be processed by the Security policy, allowing only Facebook to be accessed. Any other applications can be permitted in subsequent rules.
D. No other configuration is required on the part of the administrator, since implicit application dependencies will be added automaticaly.
Answer: D