What option should be configured when using User Identification?
A.
Enable User Identification per Zone
B.
Enable User Identification per Security Rule
C.
Enable User Identification per interface
D.
None of the above
Enable User Identification per Zone
Which of the following are accurate statements describing the HA3 link in an Active-Active
HA deployment?
A.
HA3 is used for session synchronization
B.
The HA3 link is used to transfer Layer 7 information
C.
HA3 is used to handle asymmetric routing
D.
HA3 is the control link
HA3 is used for session synchronization
Which of the following fields is not available in DoS policy?
A.
Destination Zone
B.
Source Zone
C.
Application
D.
Service
Application
When configuring Admin Roles for Web UI access, what are the available access levels?
A.
Enable and Disable only
B.
None, Superuser, Device Administrator
C.
Allow and Deny only
D.
Enable, Read-Only and Disable
Enable, Read-Only and Disable
When adding an application in a Policy-based Forwarding rule, only a subset of the entire
App-ID database is represented. Why would this be?
A.
Policy-based forwarding can only indentify certain applications at this stage of the
packet flow, as the majority of applications are only identified once the session is created.
B.
Policy-based forwarding rules require that a companion Security policy rule, allowing the
needed Application traffic, must first be created.
C.
The license for the Application ID database is no longer valid.
D.
A custom application must first be defined before it can be added to a Policy-based
forwarding rule.
Policy-based forwarding can only indentify certain applications at this stage of the
packet flow, as the majority of applications are only identified once the session is created.
When employing the Brightcloud URL filtering database on the Palo Alto Networks
firewalls, the order of checking within a profile is:
A.
Block List, Allow List, Custom Categories, Cache Files, Predefined Categories, Dynamic
URL Filtering
B.
Block List, Allow List, Cache Files, Custom Categories, Predefined Categories, Dynamic
URL Filtering
C.
Dynamic URL Filtering, Block List, Allow List, Cache Files, Custom Categories,
Predefined Categories
D.
None of the above
Block List, Allow List, Custom Categories, Cache Files, Predefined Categories, Dynamic
URL Filtering
Which of the following options may be enabled to reduce system overhead when using
Content ID?
A.
STP
B.
VRRP
C.
RSTP
D.
DSRI
DSRI
When an interface is in Tap mode and a policy action is set to block, the interface will send
a TCP reset.
A.
True
B.
False
False
When Network Address Translation has been performed on traffic, Destination Zones in
Security rules should be based on:
A.
Post-NAT addresses
B.
The same zones used in the NAT rules
C.
Pre-NAT addresses
D.
None of the above
Post-NAT addresses
WildFire Analysis Reports are available for the following Operating Systems (select all that
apply)
A.
Windows XP
B.
Windows 7
C.
Windows 8
D.
Mac OS-X
Windows XP
Windows 7
Windows 8
Users may be authenticated sequentially to multiple authentication servers by configuring:
A.
An Authentication Profile.
B.
An Authentication Sequence.
C.
A custom Administrator Profile.
D.
Multiple RADIUS servers sharing a VSA configuration.
An Authentication Sequence.
WildFire analyzes files to determine whether or not they are malicious. When doing so,
WildFire will classify the file with an official verdict. This verdict is known as the WildFire
Analysis verdict. Choose the three correct classifications as a result of this analysis and
classification?
A.
Benign
B.
Adware
C.
Spyware
D.
Malware detection
E.
Safeware
F.
Grayware
Benign
Malware detection
Grayware
| Page 1 out of 11 Pages |