An administrator configures HA on a customer's Palo Alto Networks firewalls with path monitoring by using the default configuration values. What are the default values for ping interval and ping count before a failover is triggered?
A. Ping interval of 200 ms and ping count of three failed pings
B. Ping interval of 5000 ms and ping count of 10 failed pings
C. Ping interval of 200 ms and ping count of 10 failed pings
D. Ping interval of 5000 ms and ping count of three failed pings
Explanation: Ping Interval—Specify the interval between pings that are sent to the destination IP address (range is 200 to 60,000ms; default is 200ms). Ping Count—Specify the number of failed pings before declaring a failure (range is 3 to 10; default is 10).
A company wants to deploy IPv6 on its network which requires that all company Palo Alto Networks firewalls process IPv6 traffic and to be configured with IPv6 addresses. Which consideration should the engineers take into account when planning to enable IPv6?
A. Device > Setup Settings Do not enable on each interface
B. Network > Zone Settings Do not enable on each interface
C. Network > Zone Settings Enable on each interface
D. Device > Setup Settings Enable on each interface
An engineer is pushing configuration from Panorama to a managed firewall What happens when the pushed Panorama configuration has Address Object names that duplicate the Address Objects already configured on the firewall?
A. The firewall ignores only the pushed objects that have the same name as the locally configured objects, and it will commit the rest of the pushed configuration.
B. The firewall fully commits all of the pushed configuration and overwrites its locally configured objects
C. The firewall rejects the pushed configuration, and the commit fails.
D. The firewall renames the duplicate local objects with "-1" at the end signifying they are clones; it will update the references to the objects accordingly and fully commit the pushed configuration.
Which statement about High Availability timer settings is true?
A. Use the Critical timer for faster failover timer settings.
B. Use the Aggressive timer for faster failover timer settings
C. Use the Moderate timer for typical failover timer settings
D. Use the Recommended timer for faster failover timer settings.
A firewall engineer is investigating high dataplane CPU utilization. To decrease the load on this CPU, what should be reduced?
A. The amount of decrypted traffic
B. The timeout value for admin sessions
C. The number of mapped User-ID groups
D. The number of permitted IP addresses on the management interface
Phase two of a VPN will not establish a connection. The peer is using a policy-based VPN configuration. What part of the configuration should the engineer verify?
A. IKE Crypto Profile
B. Security policy
C. Proxy-IDs
D. PAN-OS versions
Which operation will impact the performance of the management plane?
A. Decrypting SSL sessions
B. Generating a SaaS Application report
C. Enabling DoS protection
D. Enabling packet buffer protection
You are auditing the work of a co-worker and need to verify that they have matched the Palo Alto Networks Best Practices for Anti-Spyware Profiles. For which three severity levels should single-packet captures be enabled to meet the Best Practice standard? (Choose three.)
A. Low
B. High
C. Critical
D. Informational
E. Medium
Explanation: The Palo Alto Networks Best Practices for Anti-Spyware Profiles recommend enabling single-packet captures (PCAP) for medium, high, and critical severity threats. This allows for capturing the first packet of the malicious traffic for further analysis and investigation. PCAP should not be enabled for low and informational severity threats, as they generate a relatively high volume of traffic and are not particularly useful compared to potential threats.
An administrator plans to install the Windows-Based User-ID Agent. What type of Active Directory (AD) service account should the administrator use?
A. Dedicated Service Account
B. System Account
C. Domain Administrator
D. Enterprise Administrator
A firewall engineer at a company is researching the Device Telemetry feature of PAN-OS. Which two aspects of the feature require further action for the company to remain compliant with local laws regarding privacy and data storage? (Choose two.)
A. Telemetry feature is automatically enabled during PAN-OS installation.
B. Telemetry data is uploaded into Strata Logging Service.
C. Telemetry feature is using Traffic logs and packet captures to collect data.
D. Telemetry data is shared in real time with Palo Alto Networks.
Explanation: To address the question about the Device Telemetry feature in PAN-OS
and its compliance with privacy and data storage laws, let’s examine the details thoroughly.
Understanding Device Telemetry in PAN-OS
Device Telemetry is a feature in Palo Alto Networks’ PAN-OS that collects data from the
firewall to provide insights for:
| Page 10 out of 33 Pages |
| Previous |
Copyright © - All Rights Reserved