If the Forward Proxy Ready shows “no” when running the command show system setting
ssl-decrypt setting, what is most likely the cause?

A.

SSL forward proxy certificate is not generated

B.

Web interface certificate is not generated

C.

Forward proxy license is not enabled on the box n

D.

SSL decryption rule is not created

In PAN-OS 5.0, which of the following features is supported with regards to IPv6?

A.

OSPF

B.

NAT64

C.

IPSec VPN tunnels

D.

None of the above

A "Continue" action can be configured on the following Security Profiles:

A.

URL Filtering, File Blocking, and Data Filtering

B.

URL Filteringn

C.

URL Filtering and Antivirus

D.

URL Filtering and File Blocking

What new functionality is provided in PAN-OS 5.0 by Palo Alto Networks URL Filtering
Database (PAN-DB)?

A.

The "Log Container Page Only" option can be employed in a URL-Filtering policy to
reduce the number of logging events.

B.

URL-Filtering can now be employed as a match condition in Security policy

C.

IP-Based Threat Exceptions can now be driven by custom URL categories

D.

Daily database downloads for updates are no longer required as devices stay in-sync
with the cloud.

You’d like to schedule a firewall policy to only allow a certain application during a particular time of day. Where can this policy option be configured?

A.

Policies > Security > Service

B.

Policies > Security > Options

C.

Policies > Security > Application

D.

Policies > Security > Profile

Without a WildFire subscription, which of the following files can be submitted by the
Firewall to the hosted WildFire virtualized sandbox?

A.

PE files only

B.

PDF files only

C.

MS Office doc/docx, xls/xlsx, and ppt/pptx files only

D.

PE and Java Applet (jar and class) only

When allowing an Application in a Security policy on a PAN-OS 5.0 device, would a
dependency Application need to also be enabled if the application does not employ HTTP,
SSL, MSRPC, RPC, t.120, RTSP, RTMP, and NETBIOS-SS.

A.

Yes

B.

No

As the Palo Alto Networks administrator, you have enabled Application Block pages.
Afterward, some users do not receive web-based feedback for all denied applications. Why
would this be?

A.

Some users are accessing the Palo Alto Networks firewall through a virtual system that
does not have Application Block pages enabled.

B.

Application Block Pages will only be displayed when Captive Portal is configured

C.

Some Application ID's are set with a Session Timeout value that is too low.

D.

Application Block Pages will only be displayed when users attempt to access a denied
web-based application.

Will an exported configuration contain Management Interface settings?

A.

Yes

B.

No

The "Disable Server Return Inspection" option on a security profile:

A.

Can only be configured in Tap Mode

B.

Should only be enabled on security policies allowing traffic to a trusted server.

C.

Does not perform higher-level inspection of traffic from the side that originated the TCP
SYN packet

D.

Only performs inspection of traffic from the side that originated the TCP SYN-ACK
packet

What are the benefits gained when the "Enable Passive DNS Monitoring" checkbox is
chosen on the firewall? (Select all correct answers.)

A.

Improved DNSbased C&C signatures.

B.

Improved PANDB malware detection

C.

Improved BrightCloud malware detection.

D.

Improved malware detection in WildFire

When Destination Network Address Translation is being performed, the destination in the
corresponding Security Policy Rule should use:

A.

The PostNAT destination zone and PostNAT IP address

B.

The PreNAT destination zone and PreNAT IP address.

C.

The PreNAT destination zone and PostNAT IP address.

D.

The PostNAT destination zone and PreNAT IP address.