Which prerequisite must be satisfied before creating an SSH proxy Decryption policy?

A.

Both SSH keys and SSL certificates must be generated.

B.

No prerequisites are required.

C.

SSH keys must be manually generated.

D.

SSL certificates must be generated.

Which four NGFW multi-factor authentication factors are supported by PAN-OS®?(Choose four.)

A.

User logon

B.

Short message service

C.

Push

D.

SSH key

E.

One-Time Password

F.

Voice

Which User-ID method maps IP addresses to usernames for users connecting through an 802.1x-enabled wireless network device that has no native integration with PAN-OS® software?

A.

XML API

B.

Port Mapping

C.

Client Probing

D.

Server Monitoring

For which two reasons would a firewall discard a packet as part of the packet flow sequence? (Choose two )

A.

equal-cost multipath

B.

ingress processing errors

C.

rule match with action "allow"

D.

rule match with action "deny"

An administrator deploys PA-500 NGFWs as an active/passive high availability pair. The devices are not participating in dynamic routing and preemption is disabled. What must be verified to upgrade the firewalls to the most recent version of PAN-OS software?

A.

Wildfire update package

B.

User-ID agent

C.

Anti virus update package

D.

Application and Threats update package

A global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck
near the User-ID agent server.
Which solution in PAN-OS® software wouldhelp in this case?

A.

application override

B.

Virtual Wire mode

C.

content inspection

D.

redistribution of user mappings

Based on the following image,

what is the correct path of root, intermediate, and end-user certificate?

A.

Palo Alto Networks > Symantec > VeriSign

B.

Symantec > VeriSign > Palo Alto Networks

C.

VeriSign > Palo Alto Networks > Symantec

D.

VeriSign > Symantec > Palo Alto Networks

An administrator has configured a QoS policy rule and a QoS profile that limits the maximum allowable bandwidth for the YouTube application. However , YouTube is consuming more than the maximum bandwidth allotment configured.
Which configuration step needs to be configured to enable QoS?

A.

Enable QoS Data Filtering Profile

B.

Enable QoS monitor

C.

Enable Qos interface

D.

Enable Qos in the interface Management Profile

A customer wants to combine multiple Ethernet interfaces into a single virtual interface using link
aggregation. Which two formats are correct for naming aggregate interfaces? (Choose two.)

A.

ae.8

B.

aggregate.1

C.

ae.1

D.

aggregate.8

A session in the Traffic log is reporting the application as “incomplete.” What does “incomplete” mean?

A.

The three-way TCP handshake was observed, but the application could not be identified.

B.

The three-way TCP handshake did not complete.

C.

The traffic is coming across UDP, and the application could not be identified.

D.

Data was received but was instantly discarded because of a Deny policy was applied before
App-IDcould be applied.