Which of the following is True of an application filter?
A.
An application filter automatically adapts when an application moves from one IP address to another.
B.
An application filter automatically includes a new application when one of the new
application’s characteristics are included in the filter.
C.
An application filter specifies the users allowed to access an application.
D.
An application filter is used by malware to evade detection by firewalls and anti-virus
software.
An application filter automatically includes a new application when one of the new
application’s characteristics are included in the filter.
Enabling "Highlight Unsused Rules" in the Security policy window will:
A.
Hightlight all rules that did not immmediately match traffic.
B.
Hightlight all rules that did not match traffic since the rule was created or since last
reboot of the firewall
C.
Allows the administrator to troubleshoot rules when a validation error occurs at the time
of commit.
D.
Allow the administrator to temporarily disable rules that do not match traffic, for testing
purposes
Hightlight all rules that did not match traffic since the rule was created or since last
reboot of the firewall
What option should be configured when using User-ID
A.
Enable User-ID per zone
B.
Enable User-ID per interface
C.
Enable User-ID per Security Policy
D.
None of the above
Enable User-ID per Security Policy
Which local interface cannot be assigned to the IKE gateway?
A.
Tunnel
B.
L3
C.
VLAN
D.
Loopback
Tunnel
As of PAN-OS 7.0, when configuring a Decryption Policy Rule, which of the following is
NOT an available option as matching criteria in the rule?
A.
Application
B.
Source User
C.
URL Category
D.
Source Zone
E.
Service
Application
When troubleshooting Phase 1 of an IPSec VPN tunnel, what location will have the most
informative logs?
A.
Responding side, Traffic Logs
B.
Initiating side, Traffic Logs
C.
Responding side, System Logs
D.
Initiating side, System Logs
Responding side, System Logs
Which of the following is NOT a valid option for built-in CLI access roles?
A.
read/write
B.
superusers
C.
vsysadmin
D.
deviceadmin
read/write
Which of the following types of protection are available in DoS policy?
A.
Session Limit, SYN Flood, UDP Flood
B.
Session Limit, Port Scanning, Host Swapping, UDP Flood
C.
Session Limit, SYN Flood, Host Swapping, UDP Flood
D.
Session Limit, SYN Flood, Port Scanning, Host Swapping
Session Limit, SYN Flood, UDP Flood
An interface in Virtual Wire mode must be assigned an IP address.
A.
True
B.
False
False
Which of the following would be a reason to use the PAN-OS XML API to communicate
with a Palo Alto Networks firewall?
A.
To allow the firewall to push User-ID information to a Network Access Control (NAC)
device.
B.
To permit syslogging of User Identification events.
C.
To pull information from other network resources for User-ID.
To allow the firewall to push User-ID information to a Network Access Control (NAC)
device.
Which option allows an administrator to segrate Panorama and Syslog traffic, so that the
Management Interface is not employed when sending these types of traffic?
A.
Custom entries in the Virtual Router, pointing to the IP addresses of the Panorama and
Syslog devices.
B.
Define a Loopback interface for the Panorama and Syslog Devices
C.
On the Device tab in the Web UI, create custom server profiles for Syslog and
Panorama
D.
Service Route Configuration
Service Route Configuration
Which routing protocol is supported on the Palo Alto Networks platform?
A.
BGP
B.
RSTP
C.
ISIS
D.
RIPv1
BGP
| Page 2 out of 11 Pages |
| Previous |