Topic 1 : Main Questions pool
What are two benefits of nested device groups in Panorama? (Choose two.)
A.
Reuse of the existing Security policy rules and objects
B.
Requires configuring both function and location for every device
C.
All device groups inherit settings form the Shared group
D.
Overwrites local firewall configuration
Requires configuring both function and location for every device
All device groups inherit settings form the Shared group
An administrator has enabled OSPF on a virtual router on the NGFW. OSPF is not adding new routes to the virtual router. Which two options enable the administrator to troubleshoot this issue? (Choose two.)
A.
View Runtime Stats in the virtual router.
B.
View System logs.
C.
Add a redistribution profile to forward as BGP updates.
D.
Perform a traffic pcap at the routing stage.
View Runtime Stats in the virtual router.
View System logs.
A PaloAlto Networks NGFW just submitted a file to WildFire for analysis. Assume a 5-minute window for
analysis. The firewall is configured to check for verdicts every 5 minutes.
How quickly will the firewall receive back a verdict?
A.
More than 15 minutes
B.
5 minutes
C.
10 to 15 minutes
D.
5 to 10 minutes
5 to 10 minutes
Refer to the exhibit.
An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the
specific server based on the application, where Host A (10.1.1.100) received HTTP traffic and
hostB(10.1.1.101) receives SSH traffic.
Which two security policy rules will accomplish this configuration? (Choose two)
A.
Untrust (Any) to Untrust (10.1.1.1) Ssh-Allow
B.
Untrust (Any) to DMZ (1.1.1.100) Ssh-Allow
C.
Untrust (Any) to DMZ (1.1.1.100) Web-browsing -Allow
D.
Untrust (Any) to Untrust (10.1.1.1) Web-browsing -Allow
Untrust (Any) to DMZ (1.1.1.100) Web-browsing -Allow
Untrust (Any) to Untrust (10.1.1.1) Web-browsing -Allow
Refer to the exhibit.
An administrator cannot see any if the Traffic logs from the Palo Alto Networks NGFW on Panorama. The configuration problem seems to be on the firewall side. Where is the best place on the Palo Alto Networks NGFW to check whetherthe configuration is correct?
A.
Option A
B.
Option B
C.
Option C
D.
Option D
Option D
An administrator has created an SSL Decryption policy rule that decrypts SSL sessions on any port. Which log entry can the administrator use to verify that sessions are being decrypted?
A.
In the details of the Traffic log entries
B.
Decryption log
C.
Data Filtering log
D.
In the details of the Threat log entries
In the details of the Traffic log entries
Which two benefits come from assigning a Decryption Profile to a Decryption policy rule with a “No Decrypt” action? (Choose two.)
A.
Block sessions with expired certificates
B.
Block sessions with client authentication
C.
Block sessions with unsupported cipher suites
D.
Block sessions with untrusted issuers
E.
Block credential phishing
Block sessions with expired certificates
Block sessions with client authentication
Block sessions with unsupported cipher suites
Reference:https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/decryption/create-a-decryption-profile
Which two methods can be used to verify firewall connectivity to AutoFocus? (Choose two.)
A.
Verify AutoFocus status using CLI.
B.
Check the WebUI Dashboard AutoFocus widget.
C.
Check for WildFire forwarding logs.
D.
Check the license
E.
Verify AutoFocus is enabled below Device Management tab.
Check the WebUI Dashboard AutoFocus widget.
Check the license
Reference:https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/getting-started/enable-autofocus-threat
An administrator is using Panorama and multiple Palo Alto Networks NGFWs. After upgrading all devices to the latest PAN-OS® software, the administrator enables log forwarding from the firewalls to PanoramA. Pre-existing logs from the firewalls are not appearing in PanoramA.
Which action would enable the firewalls to send their pre-existing logs to Panorama?
A.
Use the import option to pull logs into PanoramA.
B.
A CLI command will forward the pre-existing logs to PanoramA.
C.
Use the ACC to consolidate pre-existing logs.
D.
The log database will need to exported form the firewalls and manually imported into PanoramA.
A CLI command will forward the pre-existing logs to PanoramA.
Which two features does PAN-OS® software use to identify applications? (Choose two)
A.
port number
B.
session number
C.
transaction characteristics
D.
application layer payload
transaction characteristics
application layer payload