Q1. After pushing a security policy from Panorama to a PA-3020 firewall, the firewall administrator notices that traffic logs from the PA-3020 are not appearing in Panorama's traffic logs.
What could be the problem?
A. The firewall is not licensed for logging to this Panorama device.
B. Panorama is not licensed to receive logs from this particular firewall.
C. None of the firewall’s policies have been assigned a Log Forwarding profile.
D. A Server Profile has not been configured for logging to this Panorama device.
Answer: C
Q2. Which authentication method can provide role-based administrative access to firewalls running PAN-OS?
A. LDAP
B. Certificate-based authentication
C. Kerberos
D. RADIUS with Vendor Specific Attributes
Answer: D
Q3. Which best describes how Palo Alto Networks firewall rules are applied to a session?
A. last match applied
B. first match applied
C. all matches applied
D. most specific match applied
Answer: B
Q4. When configuring a Decryption Policy, which of the following are available as matching criteria in a policy? (Choose 3)
A. Source Zone
B. Source User
C. Service
D. URL-Category
E. Application
Answer: A,B,D
Q5. Users can be authenticated serially to multiple authentication servers by configuring:
A. Multiple RADIUS Servers sharing a VSA configuration
B. Authentication Sequence
C. Authentication Profile
D. A custom Administrator Profile
Answer: B
Q6. It is discovered that WebandNetTrends Unlimited’s new web server software produces traffic that the Palo Alto Networks firewall sees as "unknown-tcp" traffic.
Which two configurations would identify the application while preserving the ability of the firewall to perform content and threat detection on the traffic? Choose 2 answers
A. A custom application, with a name properly describing the new web server s purpose
B. A custom application and an application override policy that assigns traffic going to and from the web server to the custom application
C. An application override policy that assigns the new web server traffic to the built-in application "web-browsing"
D. A custom application with content and threat detection enabled, which includes a signature, identifying the new web server s traffic
Answer: A,B
Q7. Which of the following options may be enabled to reduce system overhead when using Content ID?
A. STP
B. VRRP
C. RSTP
D. DSRI
Answer: D
Q8. When using Config Audit, the color yellow indicates which of the following?
A. A setting has been changed between the two config files
B. A setting has been deleted from a config file.
C. A setting has been added to a config file
D. An invalid value has been used in a config file.
Answer: C
Q9. Which method is the most efficient for determining which administrator made a specific change to the running config?
A. In the Configuration log, set a filter for the edit command and look for the object that was changed.
B. In the System log, set a filter for the name of the object that was changed.
C. In Config Audit, compare the current running config to all of the saved configurations until the change is found.
D. In Config Audit, compare the current running config to previous committed versions until the change is found.
Answer: B
Q10. Which of the following must be enabled in order for UserID to function?
A. Captive Portal Policies must be enabled.
B. UserID must be enabled for the source zone of the traffic that is to be identified.
C. Captive Portal must be enabled.
D. Security Policies must have the UserID option enabled.
Answer: B