An administrator Just enabled HA Heartbeat Backup on two devices However, the status on tie firewall's dashboard is showing as down High Availability.

A. Go to Device > High Availability> General > HA Pair Settings > Setup and configuring the peer IP for heartbeat backup

B. Check peer IP address In the permit list In Device > Setup > Management > Interfaces > Management Interface Settings

C. Go to Device > High Availability > HA Communications> General> and check the Heartbeat Backup under Election Settings

D. Check peer IP address for heartbeat backup to Device > High Availability > HA Communications > Packet Forwarding settings.

An administrator configures a preemptive active-passive high availability (HA) pair of firewalls and configures the HA election settings on firewall-02 with a device priority value of 100, and firewall-01 with a device priority value of 90. When firewall-01 is rebooted, is there any action taken by the firewalls?

A. No - Neither firewall takes any action because firewall-01 cannot be rebooted when configured with device priority of 90.

B. No - Neither firewall takes any action because firewall-02 is already the active-primary member.

C. Yes - Firewall-02 takes over as the active-primary firewall; firewall-01 takes over as the active-primary member after it becomes functional.

D. Yes - Firewall-02 takes over as the active-primary firewall; firewall-02 remains the active-primary member after firewall-01 becomes functional.

An administrator needs to assign a specific DNS server to an existing template variable. Where would the administrator go to edit a template variable at the device level?

A. "Managed Devices > Device Association"

B. PDF Export under "Panorama > Templates"

C. Variable CSV export under "Panorama > Templates"

D. Manage variables under "Panorama > Templates"

Certain services in a customer implementation are not working, including Palo Alto Networks Dynamic version updates. Which CLI command can the firewall administrator use to verify if the service routes were correctly installed and that they are active in the Management Plane?

A. debug dataplane Internal vif route 250

B. show routing route type service-route

C. show routing route type management

D. debug dataplane internal vif route 255

Which User-ID mapping method should be used in a high-security environment where all IP address-to-user mappings should always be explicitly known?

A. PAN-OS integrated User-ID agent

B. GlobalProtect

C. Windows-based User-ID agent

D. LDAP Server Profile configuration

An engineer manages a high availability network and requires fast failover of the routing protocols. The engineer decides to implement BFD. Which three dynamic routing protocols support BFD? (Choose three.)

A. OSPF

B. RIP

C. BGP

D. IGRP

E. OSPFv3 virtual link

A company has a PA-3220 NGFW at the edge of its network and wants to use active directory groups in its Security policy rules. There are 1500 groups in its active directory. An engineer has been provided 800 active directory groups to be used in the Security policy rules. What is the engineer's next step?

A. Create a Group Mapping with 800 groups in the Group Include List.

B. Create two Group Include Lists, each with 400 Active Directory groups.

C. Create a Group Include List with the 800 Active Directory groups

D. Create two Group Mappings, each with 400 groups in the Group Include List

Match the terms to their corresponding definitions

A firewall administrator is changing a packet capture filter to troubleshoot a specific traffic flow Upon opening the newly created packet capture, the administrator still sees traffic for the previous fitter What can the administrator do to limit the captured traffic to the newly configured filter?

A. Command line > debug dataplane packet-diag clear filter-marked-session all

B. In the GLH under Monitor > Packet Capture > Manage Filters under Ingress Interface select an interface

C. Command line> debug dataplane packet-diag clear filter all

D. In the GUI under Monitor > Packet Capture > Manage Filters under the Non-IP field, select "exclude"

Which log type is supported in the Log Forwarding profile?

A. Configuration

B. GlobalProtect

C. Tunnel

D. User-ID

Given the following snippet of a WildFire submission log did the end-user get access to the requested information and why or why not?

A. Yes, because the action is set to alert

B. No, because this is an example from a defeated phishing attack

C. No, because the severity is high and the verdict is malicious.

D. Yes, because the action is set to allow.

A network engineer has discovered that asymmetric routing is causing a Palo Alto Networks firewall to drop traffic. The network architecture cannot be changed to correct this. Which two actions can be taken on the firewall to allow the dropped traffic permanently? (Choose two.)

A. Navigate to Network > Zone Protection Click Add
Select Packet Based Attack Protection > TCP/IP Drop Set "Reject Non-syn-TCP" to No Set "Asymmetric Path" to Bypass

B. > set session tcp-reject-non-syn no

C. Navigate to Network > Zone Protection Click Add
Select Packet Based Attack Protection > TCP/IP Drop Set "Reject Non-syn-TCP" to Global
Set "Asymmetric Path" to Global

D. # set deviceconfig setting session tcp-reject-non-syn no