Which operation will impact the performance of the management plane?
A. Decrypting SSL sessions
B. Generating a SaaS Application report
C. Enabling DoS protection
D. Enabling packet buffer protection
You are auditing the work of a co-worker and need to verify that they have matched the Palo Alto Networks Best Practices for Anti-Spyware Profiles. For which three severity levels should single-packet captures be enabled to meet the Best Practice standard? (Choose three.)
A. Low
B. High
C. Critical
D. Informational
E. Medium
Explanation: The Palo Alto Networks Best Practices for Anti-Spyware Profiles recommend enabling single-packet captures (PCAP) for medium, high, and critical severity threats. This allows for capturing the first packet of the malicious traffic for further analysis and investigation. PCAP should not be enabled for low and informational severity threats, as they generate a relatively high volume of traffic and are not particularly useful compared to potential threats.
An administrator plans to install the Windows-Based User-ID Agent. What type of Active Directory (AD) service account should the administrator use?
A. Dedicated Service Account
B. System Account
C. Domain Administrator
D. Enterprise Administrator
A firewall engineer at a company is researching the Device Telemetry feature of PAN-OS. Which two aspects of the feature require further action for the company to remain compliant with local laws regarding privacy and data storage? (Choose two.)
A. Telemetry feature is automatically enabled during PAN-OS installation.
B. Telemetry data is uploaded into Strata Logging Service.
C. Telemetry feature is using Traffic logs and packet captures to collect data.
D. Telemetry data is shared in real time with Palo Alto Networks.
Explanation: To address the question about the Device Telemetry feature in PAN-OS
and its compliance with privacy and data storage laws, let’s examine the details thoroughly.
Understanding Device Telemetry in PAN-OS
Device Telemetry is a feature in Palo Alto Networks’ PAN-OS that collects data from the
firewall to provide insights for:
An organization has recently migrated its infrastructure and configuration to NGFWs, for which Panorama manages the devices. The organization is coming from a L2-L4 firewall vendor, but wants to use App-ID while identifying policies that are no longer needed. Which Panorama tool can provide a solution?
A. Application Groups
B. Policy Optimizer
C. Test Policy Match
D. Config Audit
The server team is concerned about the high volume of logs forwarded to their syslog server, it is determined that DNS is generating the most logs per second. The risk and compliance team requests that any Traffic logs indicating port abuse of port 53 must still be forwarded to syslog. All other DNS. Traffic logs can be exclude from syslog forwarding. How should syslog log forwarding be configured?
A. With (port,dst neq 53)’ Traffic log filter Object > Log Forwarding.
B. With ‘(port dst neq 53)’ Traffic log filter inside Device > log Settings.
C. With ‘(app neq dns-base)’’ Traffic log filter inside Device> Log Settings.
D. With ‘(app neq dns-base)’’ Traffic log filter inside Objects> Log Forwarding
Which protocol is natively supported by GlobalProtect Clientless VPN?
A. HTP
B. SSH
C. HTTPS
D. RDP
An internal audit team has requested additional information to be included inside traffic logs forwarded from Palo Alto Networks firewalls to an interal syslog server. Where can the firewall engineer define the data to be added into each forwarded log?
A. Data Patterns within Objects > Custom Objects
B. Custom Log Format within Device Server Profiles> Syslog
C. Built-in Actions within Objects > Log Forwarding Profile
D. Logging and Reporting Settings within Device > Setup > Management
What happens when an A/P firewall pair synchronizes IPsec tunnel security associations (SAs)?
A. Phase 1 and Phase 2 SAs are synchronized over HA3 links.
B. Phase 2 SAs are synchronized over HA2 links.
C. Phase 1 and Phase 2 SAs are synchronized over HA2 links.
D. Phase 1 SAs are synchronized over HA1 links.
Explanation: In a High Availability (HA) setup with Palo Alto Networks firewalls, the synchronization of IPsec tunnel Security Associations (SAs) is an important aspect to ensure seamless failover and continued secure communication. Specifically, for Phase 2 SAs, they are synchronized over the HA2 links. The HA2 link is dedicated to synchronizing sessions, forwarding tables, IPSec SA, ARP tables, and other critical information between the active and passive firewalls in an HA pair. This ensures that the passive unit can immediately take over in case the active unit fails, without the need for re-establishing IPsec tunnels, thereby maintaining secure communications without interruption. It's important to note that Phase 1 SAs, which are responsible for establishing the secure tunnel itself, are not synchronized between the HA pair, as these need to be re-established upon failover to ensure secure key exchange.
A network security engineer is attempting to peer a virtual router on a PAN-OS firewall with an external router using the BGP protocol. The peer relationship is not establishing. What command could the engineer run to see the current state of the BGP state between the two devices?
A. show routing protocol bgp summary
B. show routing protocol bgp rib-out
C. show routing protocol bgp state
D. show routing protocol bgp peer
An engineer has been given approval to upgrade their environment to the latest version of
PAN-OS.
The environment consists of both physical and virtual firewalls, a virtual Panorama, and
virtual log collectors.
What is the recommended order of operational steps when upgrading?
A. Upgrade the log collectors, upgrade the firewalls, upgrade Panorama
B. Upgrade the firewalls, upgrade log collectors, upgrade Panorama
C. Upgrade Panorama, upgrade the log collectors, upgrade the firewalls
D. Upgrade the firewalls, upgrade Panorama, upgrade the log collectors
Explanation: When planning an upgrade in an environment that includes Panorama,
firewalls, and log collectors, it's crucial to follow the recommended sequence to ensure
compatibility and minimize disruptions. Palo Alto Networks recommends the following
order:
Upgrade Panorama: Start with Panorama because it's the central management
platform. Upgrading Panorama first ensures that it's compatible with the new PANOS
versions that the managed devices (firewalls and log collectors) will be
upgraded to. Panorama must be able to support the new versions for it to manage
and monitor the devices effectively.
Upgrade the log collectors: Next, upgrade the log collectors. Since log collectors
work closely with Panorama to aggregate and store logs from the firewalls, they
should be upgraded after Panorama to ensure compatibility. Upgrading the log
collectors ensures they can handle the log formats and features introduced in the
new PAN-OS version.
Upgrade the firewalls: Finally, upgrade the firewalls. The firewalls are the last
components to be upgraded to ensure that they remain compatible with the
management and log collection infrastructure. Upgrading the firewalls last
minimizes the risk of compatibility issues with Panorama and log collectors.
This sequence ensures that all components are compatible and that the management and logging infrastructure can fully support the firewalls running the latest PAN-OS version.
An administrator needs to identify which NAT policy is being used for internet traffic. From the Monitor tab of the firewall GUI, how can the administrator identify which NAT policy is in use for a traffic flow?
A. Click Session Browser and review the session details.
B. Click Traffic view and review the information in the detailed log view.
C. Click Traffic view; ensure that the Source or Destination NAT columns are included and review the information in the detailed log view.
D. Click App Scope > Network Monitor and filter the report for NAT rules.
Explanation: Traffic view in the Monitor tab of the firewall GUI can display the information about the NAT policy that is in use for a traffic flow, if the Source or Destination NAT columns are included and reviewed in the detailed log view1. The Source NAT column shows the translated source IP address and port, and the Destination NAT column shows the translated destination IP address and port2. These columns can help the administrator identify which NAT policy is applied to the traffic flow based on the pre-NAT and post-NAT addresses and ports.
| Page 9 out of 27 Pages |
| Previous |