There are different Master Keys on Panorama and managed firewalls.
What is the result if a Panorama Administrator pushes configuration to managed firewalls?

A. The push operation will fail regardless of an error or not within the configuration itself

B. Provided there’s no error within the configuration to be pushed, the push will succeed

C. The Master Key from the managed firewalls will be overwritten with the Master Key from Panorama

D. There will be a popup to ask if the Master Key from the Panorama should replace the Master Key from the managed firewalls

Which task would be identified in Best Practice Assessment tool?

A. identify the visibility and presence of command-and-control sessions

B. identify sanctioned and unsanctioned SaaS applications

C. identify the threats associated with each application

D. identify and provide recommendations for device management access

What two types of certificates are used to configure SSL Forward Proxy? (׀¡hoose two.)

A. Enterprise CA-signed certificates

B. Self-Signed certificates

C. Intermediate certificates

D. Private key certificates

Which two email links, contained in SMTP and POP3, can be submitted from WildFire analysis with a WildFire subscription? (Choose two.)

A. FTP

B. HTTPS

C. RTP

D. HTTP

A customer is looking for an analytics tool that uses the logs on the firewall to detect actionable events on the network. They require something to automatically process a series of related threat events that, when combined, indicate a likely compromised host on their network or some other higher level conclusion. They need to pinpoint the area of risk, such as compromised hosts on the network, allows you to assess the risk and take action to prevent exploitation of network resources.
Which feature of PAN-OS can you talk about to address their requirement to optimize their business outcomes?

A. The Automated Correlation Engine

B. Cortex XDR and Cortex Data Lake

C. WildFire with API calls for automation

D. 3rd Party SIEM which can ingest NGFW logs and perform event correlation

Which security profile on the NGFW includes signatures to protect you from brute force attacks?

A. Zone Protection Profile

B. URL Filtering Profile

C. Vulnerability Protection Profile

D. Anti-Spyware Profile

The need for a file proxy solution, virus and spyware scanner, a vulnerability scanner, and HTTP decoder for URL filtering is handled by which component in the
NGFW?

A. First Packet Processor

B. Stream-based Signature Engine

C. SIA (Scan It All) Processing Engine

D. Security Processing Engine

What is the key benefit of Palo Alto Networks Single Pass Parallel Processing design?

A. There are no benefits other than slight performance upgrades

B. It allows Palo Alto Networks to add new functions to existing hardware

C. Only one processor is needed to complete all the functions within the box

D. It allows Palo Alto Networks to add new devices to existing hardware

Which methods are used to check for Corporate Credential Submissions? (Choose three.)

A. Group Mapping

B. IP User Mapping

C. LDAP query

D. Domain Credential Filter

E. User ID Credential Check

You have a prospective customer that is looking for a way to provide secure temporary access to contractors for a designated period of time. They currently add contractors to existing user groups and create ad hoc policies to provide network access. They admit that once the contractor no longer needs access to the network, administrators are usually too busy to manually delete policies that provided access to the contractor. This has resulted in over-provisioned access that has allowed unauthorized access to their systems.
They are looking for a solution to automatically remove access for contractors once access is no longer required.
You address their concern by describing which feature in the NGFW?

A. Dynamic User Groups

B. Dynamic Address Groups

C. Multi-factor Authentication

D. External Dynamic Lists

Which three categories are identified as best practices in the Best Practice Assessment tool? (Choose three.)

A. use of device management access and settings

B. identify sanctioned and unsanctioned SaaS applications

C. expose the visibility and presence of command-and-control sessions

D. measure the adoption of URL filters, App-ID, User-ID

E. use of decryption policies

For customers with high bandwidth requirements for Service Connections, what two limitations exist when onboarding multiple Service Connections to the same
Prisma Access location servicing a single Datacenter? (Choose two.)

A. Network segments in the Datacenter need to be advertised to only one Service Connection

B. The customer edge device needs to support policy-based routing with symmetric return functionality

C. The resources in the Datacenter will only be able to reach remote network resources that share the same region

D. A maximum of four service connections per Datacenter are supported with this topology

A customer requests that a known spyware threat signature be triggered based on a rate of occurrence, for example, 10 hits in 5 seconds.
How is this goal accomplished?

A. Create a custom spyware signature matching the known signature with the time attribute

B. Add a correlation object that tracks the occurrences and triggers above the desired threshold

C. Submit a request to Palo Alto Networks to change the behavior at the next update

D. Configure the Anti-Spyware profile with the number of rule counts to match the occurrence frequency

Which two features are found in Palo Alto Networks NGFW but are absent in a legacy firewall product? (Choose two.)

A. Policy match is based on application

B. Traffic control is based on IP, port, and protocol

C. Traffic is separated by zones

D. Identification of application is possible on any port

Which two of the following does decryption broker provide on a NGFW? (Choose two.)

A. Decryption broker allows you to offload SSL decryption to the Palo Alto Networks next-generation firewall and decrypt traffic only once

B. Eliminates the need for a third party SSL decryption option which allows you to reduce the total number of third party devices performing analysis and enforcement

C. Provides a third party SSL decryption option which allows you to increase the total number of third party devices performing analysis and enforcement

D. Decryption broker allows you to offload SSL decryption to the Palo Alto Networks next-generation firewall and decrypt traffic multiple times

A customer with a legacy firewall architecture is focused on port and protocol level security, and has heard that next generation firewalls open all ports by default.
What is the appropriate rebuttal that positions the value of a NGFW over a legacy firewall?

A. Palo Alto Networks does not consider port information, instead relying on App-ID signatures that do not reference ports

B. Default policies block all interzone traffic. Palo Alto Networks empowers you to control applications by default ports or a configurable list of approved ports on a per-policy basis

C. Palo Alto Networks keep ports closed by default, only opening ports after understanding the application request, and then opening only the application- specified ports

D. Palo Alto Networks NGFW protects all applications on all ports while leaving all ports opened by default

Which three settings must be configured to enable Credential Phishing Prevention? (Choose three.)

A. validate credential submission detection

B. enable User-ID

C. define an SSL decryption rulebase

D. define URL Filtering Profile

E. Enable App-ID

A customer has business-critical applications that rely on the general web-browsing application. Which security profile can help prevent drive-by-downloads while still allowing web-browsing traffic?

A. File Blocking Profile

B. DoS Protection Profile

C. URL Filtering Profile

D. Vulnerability Protection Profile

Which three features are used to prevent abuse of stolen credentials? (Choose three.)

A. multi-factor authentication

B. URL Filtering Profiles

C. WildFire Profiles

D. Prisma Access

E. SSL decryption rules

A potential customer requires an NGFW solution which enables high-throughput, low-latency network security, all while incorporating unprecedented features and technology. They need a solution that solves the performance problems that plague today's security infrastructure.
Which aspect of the Palo Alto Networks NGFW capabilities can you highlight to help them address the requirements?

A. SP3 (Single Pass Parallel Processing)

B. GlobalProtect

C. Threat Prevention

D. Elastic Load Balancers

What helps avoid split brain in active/passive HA pair deployment?

A. Use a standard traffic interface as the HA2 backup

B. Enable preemption on both firewalls in the HA pair

C. Use the management interface as the HA1 backup link

D. Use a standard traffic interface as the HA3 link

What filtering criteria is used to determine what users to include as members of a dynamic user group?

A. Tags

B. Login IDs

C. Security Policy Rules

D. IP Addresses

Which statement is true about Deviating Devices and metrics?

A. A metric health baseline is determined by averaging the health performance for a given metric over seven days plus the standard deviation

B. Deviating Device Tab is only available with a SD-WAN Subscription

C. An Administrator can set the metric health baseline along with a valid standard deviation

D. Deviating Device Tab is only available for hardware-based firewalls

The WildFire Inline Machine Learning is configured using which Content-ID profiles?

A. Antivirus Profile

B. WildFire Analysis Profile

C. Threat Prevention Profile

D. File Blocking Profile

DRAG DROP -
Match the WildFire Inline Machine Learning Model to the correct description for that model.
Select and Place:
 

In an HA pair running Active/Passive mode, over which interface do the dataplanes communicate?

A. HA3

B. HA1

C. HA2

D. HA4

Which three activities can the botnet report track? (Choose three.)

A. Accessing domains registered in the last 30 days

B. Visiting a malicious URL

C. Launching a P2P application

D. Detecting malware within a one-hour period

E. Initiating API calls to other applications

F. Using dynamic DNS domain providers

WildFire subscription supports analysis of which three types? (Choose three.)

A. GIF

B. 7-Zip

C. Flash

D. RPM

E. ISO

F. DMG

A customer requires protections and verdicts for PE (portable executable) and ELF (executable and linkable format) as well as integration with products and services can also access the immediate verdicts to coordinate enforcement to prevent successful attacks.
What competitive feature does Palo Alto Networks provide that will address this requirement?

A. File Blocking Profile

B. Dynamic Unpacking

C. WildFire

D. DNS Security

Which three actions should be taken before deploying a firewall evaluation unit in the customer's environment? (Choose three.)

A. Reset the evaluation unit to factory default to ensure that data from any previous customer evaluation is removed

B. Request that the customer make port 3978 available to allow the evaluation unit to communicate with Panorama

C. Upgrade the evaluation unit to the most current recommended firmware, unless a demo of the upgrade process is planned

D. Inform the customer that they will need to provide a SPAN port for the evaluation unit assuming a TAP mode deployment

E. Set expectations around which information will be presented in the Security Lifecycle Review because sensitive information may be made visible

A customer is concerned about zero-day targeted attacks against its intellectual property.
Which solution informs a customer whether an attack is specifically targeted at them?

A. Cortex XDR Prevent

B. AutoFocus

C. Cortex XSOAR Community edition

D. Panorama Correlation Report

What are three valid sources that are supported for user IP address mapping in Palo Alto Networks NGFW? (Choose three.)

A. RADIUS

B. Client Probing

C. Lotus Domino

D. Active Directory monitoring

E. TACACS

F. eDirectory monitoring

Which two actions can be taken to enforce protection from brute force attacks in the security policy? (Choose two.)

A. Create a log forwarding object to send logs to Panorama and a third-party syslog server event correlation

B. Install content updates that include new signatures to protect against emerging threats

C. Attach the vulnerability profile to a security rule

D. Add the URL filtering profile to a security rule

Which CLI allows you to view the names of SD-WAN policy rules that send traffic to the specified virtual SD-WAN interface, along with the performance metrics?

A. >show sdwan connection all |

B. >show sdwan path-monitor stats vif

C. >show sdwan rule vif sdwan.x

D. >show sdwan session distribution policy-name

Which four actions can be configured in an Anti-Spyware profile to address command-and-control traffic from compromised hosts? (Choose four.)

A. Reset

B. Quarantine

C. Drop

D. Allow

E. Redirect

F. Alert

DRAG DROP -
Match the functions to the appropriate processing engine within the dataplane.
Select and Place:
 

What three Tabs are available in the Detailed Device Health on Panorama for hardware-based firewalls? (Choose three.)

A. Errors

B. Environments

C. Interfaces

D. Mounts

E. Throughput

F. Sessions

G. Status

What are three considerations when deploying User-ID? (Choose three.)

A. Specify included and excluded networks when configuring User-ID

B. Only enable User-ID on trusted zones

C. Use a dedicated service account for User-ID services with the minimal permissions necessary

D. User-ID can support a maximum of 15 hops

E. Enable WMI probing in high security networks

What component is needed if there is a large scale deployment of Next Generation Firewalls with multiple Panorama Management Servers?

A. M-600 Appliance

B. Panorama Large Scale VPN Plugin

C. Panorama Interconnect Plugin

D. Palo Alto Networks Cluster License

Which three script types can be analyzed in WildFire? (Choose three.)

A. JScript

B. PythonScript

C. PowerShell Script

D. VBScript

E. MonoScript

Which functionality is available to firewall users with an active Threat Prevention subscription, but no WildFire license?

A. Access to the WildFire API

B. WildFire hybrid deployment

C. PE file upload to WildFire

D. 5 minute WildFire updates to threat signatures

Palo Alto Networks publishes updated Command-and-Control signatures.
How frequently should the related signatures schedule be set?

A. Once an hour

B. Once a day

C. Once a week

D. Once every minute

What are the three possible verdicts in WildFire Submissions log entries for a submitted sample? (Choose four.)

A. Benign

B. Spyware

C. Malicious

D. Phishing

E. Grayware

Which two methods will help avoid Split Brain when running HA in Active/Active mode? (Choose two.)

A. Configure a Backup HA1 Interface

B. Configure a Heartbeat Backup

C. Create a loopback IP address and use that as a Source Interface

D. Place your management interface in an Aggregate Interface Group configuration

What two types of traffic should you exclude from a decryption policy? (Choose two.)

A. All Business and regulatory traffic

B. All outbound traffic

C. All Mutual Authentication traffic

D. All SSL/TLS 1.3 traffic

What action would address the sub-optimal traffic path shown in the figure?
Key:
RN - Remote Network -
SC - Service Connection -
MU GW - Mobile User Gateway -

A. Onboard a Service Connection in the Americas region

B. Remove the Service Connection in the EMEA region

C. Onboard a Service Connection in the APAC region

D. Onboard a Remote Network location in the EMEA region

When having a customer pre-sales call, which aspects of the NGFW should be covered?

A. The NGFW simplifies your operations through analytics and automation while giving you consistent protection through exceptional visibility and control across the data center, perimeter, branch, mobile and cloud networks

B. The Palo Alto Networks-developed URL filtering database, PAN-DB provides high-performance local caching for maximum inline performance on URL lookups, and offers coverage against malicious URLs and IP addresses. As WildFire identifies unknown malware, zero-day exploits, and advanced persistent threats (APTs), the PAN-DB database is updated with information on malicious URLs so that you can block malware downloads and disable Command and Control (C2) communications to protect your network from cyberthreats. URL categories that identify confirmed malicious content ג€” malware, phishing, and C2 are updated every five minutes ג€” to ensure that you can manage access to these sites within minutes of categorization

C. The NGFW creates tunnels that allow users/systems to connect securely over a public network, as if they were connecting over a local area network (LAN). To set up a VPN tunnel you need a pair of devices that can authenticate each other and encrypt the flow of information between them The devices can be a pair of Palo Alto Networks firewalls, or a Palo Alto Networks firewall along with a VPN-capable device from another vendor

D. Palo Alto Networks URL Filtering allows you to monitor and control the sites users can access, to prevent phishing attacks by controlling the sites to which users can submit valid corporate credentials, and to enforce safe search for search engines like Google and Bing

You have enabled the WildFire ML for PE files in the antivirus profile and have added the profile to the appropriate firewall rules. When you go to Palo Alto
Networks WildFire test av file and attempt to download the test file it is allowed through. In order to verify that the machine learning is working from the command line, which command returns a valid result?

A. show mlav cloud-status

B. show wfml cloud-status

C. show ml cloud-status

D. show wfav cloud-status

What aspect of PAN-OS allows for the NGFW admin to create a policy that provides auto-remediation for anomalous user behavior and malicious activity while maintaining user visibility?

A. Remote Device UserID Agent

B. user-to-tag mapping

C. Dynamic User Groups

D. Dynamic Address Groups

Which three platform components can identify and protect against malicious email links? (Choose three.)

A. WildFire hybrid cloud solution

B. WildFire public cloud

C. WF-500

D. M-200

E. M-600