Forwarding of which two log types is configured in Device > Log Settings? (Choose two.)
A. Threat
B. HIP Match
C. Traffic
D. Configuration
Explanation: Based on PAN-OS 11.0 documentation, the forwarding configuration for
specific log types in Device > Log Settings involves selecting log types for system-level
logs, which include HIP Match and Configuration logs.
Explanation for Each Option
A. Threat
Refer to Exhibit:
A. Option A
B. Option B
C. Option C
D. Option D
An administrator plans to install the Windows-Based User-ID Agent to prevent credential phishing. Which installer package file should the administrator download from the support site?
A. UaCredlnstall64-11.0.0.msi
B. GlobalProtect64-6.2.1.msi
C. Talnstall-11.0.0.msi
D. Ualnstall-11.0.0msi
A firewall administrator has been tasked with ensuring that all firewalls forward System logs to Panorama. In which section is this configured?
A. Monitor > Logs > System
B. Objects > Log Forwarding
C. Panorama > Managed Devices
D. Device > Log Settings
A network security administrator has been tasked with deploying User-ID in their organization. What are three valid methods of collecting User-ID information in a network? (Choose three.)
A. Windows User-ID agent
B. GlobalProtect
C. XMLAPI
D. External dynamic list
E. Dynamic user groups
Explanation:
User-ID is a feature that allows the firewall to identify and classify users and groups on the
network based on their usernames, IP addresses, and other attributes1. User-ID
information can be collected from various sources, such as:
A: Windows User-ID agent: A software agent that runs on a Windows server and
collects user information from Active Directory domain controllers, Exchange
servers, or eDirectory servers2. The agent then sends the user information to the
firewall or Panorama for user mapping2.
B: GlobalProtect: A software agent that runs on the endpoints and provides secure
VPN access to the network3. GlobalProtect also collects user information from the
endpoints and sends it to the firewall or Panorama for user mapping4.
C: XMLAPI: An application programming interface that allows external systems or
scripts to send user information to the firewall or Panorama in XML format. The
XMLAPI can be used to integrate with third-party systems, such as identity
providers, captive portals, or custom applications.
An administrator needs to evaluate a recent policy change that was committed and pushed to a firewall device group. How should the administrator identify the configuration changes?
A. Click Preview Changes under Push Scope
B. Use Test Policy Match to review the policies in Panorama
C. Review the configuration logs on the Monitor tab
D. Context-switch to the affected firewall and use the configuration audit tool
Explanation: When an administrator needs to evaluate recent policy changes that were
committed and pushed to a firewall device group in Panorama, the most direct approach is
to use the "Preview Changes" feature.
A. Click Preview Changes under Push Scope:
The "Preview Changes" option is available under the "Push Scope" in Panorama.
This feature allows administrators to see a detailed comparison of the changes
that are about to be pushed to the managed firewalls or that have been recently
pushed. It highlights the differences between the current configuration and the
previous one, making it easier to identify exactly what changes were made,
including modifications to policies, objects, and other settings.
This is particularly useful for auditing and verifying that the intended changes
match the actual changes being deployed, enhancing transparency and reducing
the risk of unintended configuration modifications.
This approach provides a clear and concise way to review configuration changes before
and after they are applied, ensuring that policy modifications are intentional and accurately
reflect the administrator's objectives.
Which are valid ACC GlobalProtect Activity tab widgets? (Choose two.)
A. Successful GlobalProtect Deployed Activity
B. GlobalProtect Deployment Activity
C. GlobalProtect Quarantine Activity
D. Successful GlobalProtect Connection Activity
In a template, which two objects can be configured? (Choose two.)
A. SD-WAN path quality profile
B. Monitor profile
C. IPsec tunnel
D. Application group
An engineer is configuring secure web access (HTTPS) to a Palo Alto Networks firewall for management. Which profile should be configured to ensure that management access via web browsers is encrypted with a trusted certificate?
A. An SSL/TLS Service profile with a certificate assigned.
B. An Interface Management profile with HTTP and HTTPS enabled.
C. A Certificate profile with a trusted root CA.
D. An Authentication profile with the allow list of users.
Which template values will be configured on the firewall if each template has an SSL to be deployed. The template stack should consist of four templates arranged according to the diagram. Which template values will be configured on the firewall if each template has an SSL/TLS Service profile configured named Management?
A. Values in Datacenter
B. Values in efwOlab.chi
C. Values in Global Settings
D. Values in Chicago
Explanation: The template stack should consist of four templates arranged according to the diagram. The template values that will be configured on the firewall if each template has an SSL/TLS Service profile configured named Management will be the values in Chicago. This is because the SSL/TLS Service profile is configured in the Chicago template, which is the highest priority template in the stack. The firewall will inherit the settings from the highest priority template that has the setting configured, and ignore the settings from the lower priority templates that have the same setting configured. Therefore, the values in Datacenter, efwOlab.chi, and Global Settings will not be applied to the firewall.
An administrator has purchased WildFire subscriptions for 90 firewalls globally. What should the administrator consider with regards to the WildFire infra-structure?
A. To comply with data privacy regulations, WildFire signatures and ver-dicts are not shared globally.
B. Palo Alto Networks owns and maintains one global cloud and four WildFire regional clouds.
C. Each WildFire cloud analyzes samples and generates malware signatures and verdicts independently of the other WildFire clouds.
D. The WildFire Global Cloud only provides bare metal analysis
Each WildFire cloud—global (U.S.), regional, and private—analyzes samples and generates WildFire verdicts independently of the other WildFire clouds. With the exception of WildFire private cloud verdicts, WildFire verdicts are shared globally, enabling WildFire users to access a worldwide database of threat data.
After switching to a different WAN connection, users have reported that various websites
will not load, and timeouts are occurring. The web servers work fine from other locations.
The firewall engineer discovers that some return traffic from these web servers is not
reaching the users behind the firewall. The engineer later concludes that the maximum
transmission unit (MTU) on an upstream router interface is set to 1400 bytes.
The engineer reviews the following CLI output for ethernet1/1.
Which setting should be modified on ethernet1/1 to remedy this problem?
A. Lower the interface MTU value below 1500.
B. Enable the Ignore IPv4 Don't Fragment (DF) setting.
C. Change the subnet mask from /23 to /24.
D. Adjust the TCP maximum segment size (MSS) value.
| Page 12 out of 27 Pages |
| Previous |