A customer wants to set up a VLAN interface for a Layer 2 Ethernet port. Which two mandatory options are used to configure a VLAN interface ? Choose two

A company wants to install a PA-3060 firewall between two core switches on a VLAN trunk link. They need to assign each VLAN to its own zone and to assign untagged (native) traffic to its own zone. Which options differentiates multiple VLAN into separate zones ?

Which statement accurately describes service routes and virtual systems ?

An administrator creates a custom application containing Layer 7 signatures. The latest application and threat dynamic update is downloaded to the same firewall. The update contains an application that matches the same traffic signatures as the custom application. Which application will be used to identify traffic traversing the firewall ?

A network security administrator wants to begin inspecting bulk user HTTPS traffic flows egressing out of the internet edge firewall. Which certificate is the best choice to configure as an SSL Forward Trust Certificate ?

An administrator has configured a pair of firewalls using high availability in Active/Passive mode. Link and Path Monitoring is enabled with the Failure Condition set to "any". There is one link group configured containing member interfaces ethernet1/1 and ethernet 1/2 with a Group Failure Condition set to "all". Which HA state will the Active firewall go into if ethernet1/1 link goes down due to failure ?

Dallas-Branch has Dallas-FW as a member of the Dallas-Branch device-group. NYC-DC has NYC-FW as a member of the NYC-DC device-group. What objects and policies will the Dallas-FW receive if "Share Unused Address and Service Objects" is enabled in Panorama ?

A system administrator runs a port scan using the company tool as part of vulnerability check. The administrator finds that the scan is identified as a threat and is dropped by the firewall. After further investigating the logs, the administrator finds that the scan is in the Threat logs. What should the administrator do to allow the tool to scan through the firewall ?

- - -. The USB flash drive has been inserted in the firewall's USB port, and the firewall has been restarted using command :> request resort system Upon restart, the firewall fails to begin the bootstrapping process. The failure ls caused because

Which three items are import considerations during SD-WAN configuration planning ? Choose three

An administrator is seeing one of the firewalls in a HA active/passive pair moved to "suspended" state due to Non-functional loop. Which three actions will help the administrator troubleshooting this issue ? Choose three

An engineer must configure the Decryption Broker feature. Which Decryption Broker security chain supports bi-directional traffic flow ?

Which three actions can Panorama perform when deploying PAN-OS images to its managed devices ?

A network administrator plans a Prisma Access deployment with three service connections, each with a BGP peering to a CPE. The administrator needs to minimize the BGP configuration and management overhead on on-premise network devices. What should the administrator implement ?

When you navigate to Network: > GrobalProtect > Portals > Method section, which three options are available ? Choose three

An administrator needs to optimize traffic to prefer business-critical applications over non-critical applications QoS natively integrates with which feature to provide service quality ?

Which statement is true regarding a Best Practice Assessment ?

An administrator wants to configure the PaloAlto Networks Windows User-ID agent to map IP addresses to usernames. The company uses four Microsoft Active Directory servers and two Microsoft Exchange servers, which can provide logs for login events. All six servers have IP addresses assigned from the following subnet : 192.168.28.32/27. The Microsoft Active Directory servers reside in 192.168.28.32/28. and the Microsoft Exchange servers reside in 192.168.28.48/28. What information does the administrator need to provide in the User Identification > Discovery section ?

When an in-band data port is set up to provide access to require services, what is required for an interface that is assigned to service routes ?

A firewall administrator requires an A/P HA pair to fail over more quickly due to critical business application uptime requirements ?

A network administrator wants to use a certificate for SSL/TLS Service Profile. Which type of certificate should the administrator use ?

Users at internal system want to ssh to the SSH server. The server is configured to respond only to the ssh requests coming from IP 172.16.15.1. In order to reach the SSH server only from the Trust zoue, which Security rule and NAT rule must be configured on the firewall ?

An administrator analyzes the following portion of a VPN system log and notices the following issue. "Reviced local id 10.10.1.4/24 type IPv4 address protocol 0 port 0, received remote id 10.1.10.4/24 type IPv4 address protocol 0 port 0." What is the cause of the issue ?

A network security engineer wants to prevent resource-consumption issues on the firewall. Which strategy is consistent with decryption best practice to ensure consistent performance ?

A company is looking to increase redundancy in their network. Which interface type could help accomplish this ?

Below are the steps in the workflow for creating a Best Practice Assessment in a firewall and Panorama configuration. Place the steps in order. ① ② ③ ④ ⑤

How can administrator use the Panorama device-deployment option to update the apps and threat version of an HA pair of managed firewalls ?

An enterprise information Security team has deployed policies based on AD groups to restrict user access to critical infrastructure systems. However a recent phishing campaign against the organization has promoted Information Security to look for more controls that can secure access to critical assets. For users that needs to access there systems Information Security wants to use PAN-OS multi-factor authentication (MFA) integration to enforce MFA. What should the enterprise do to use PAN-OS MFA1 ?

Which statement regarding HA timer settings is true ?

What is a key step in implementing WildFire best practices ?

An administrator wants to multiple web servers in the DMZ to receive connections initiated from the Internet. Traffic destined for 206.15.22.9 port 80/TCP needs to be forwarded to the server at 10.1.1.22. Based on the image, which NAT rule will forward web-browsing traffic correctly ?

A network security engineer attempted to configure a bootstrap package on Microsoft Azure, but virtual machine provisioning process failed. In reviewing the bootstrap package, the engineer only had the following directories: /config, /license and / software. Why did the bootstrap process fail for the VM-Series firewall in Azure ?

An engineer configures SSL decryption in order to have more visibility to the internal users' traffic when it is regressing the firewall. Which three types of interfaces support SSL Forward Proxy ? Choose three

An administrator accidentally closed the commit window/screen before the commit was finished. Which two options could the administrator use to verify the progress or success of that commit task ? (Choose two)

Which GrobalProtect component must be configured to enable Clientless VPN ?

An organization wishes to roll out decryption but gets some resistance from engineering leadership regarding the guest network. What is a common obstacle for decrypting traffic from guest devices ?

What are three reasons for excluding a site from SSL decryption ? Choose three

Which configuration task is best for reducing load on the management plane ?

A network engineer troubleshoots a VPN Phase 2 mismatch and decides that PFS(Perfect Forward Security) needs to be enabled What action should the engineer take ?

Four configuration choices are listed, and each could be used to block access to a specific URL. If you configured each choice to block the same URL, then which choice would be evaluated last in the processing order to block access to the URL1 ?

Which profile generates a packet threat type found in threat logs ?

A remote administrator needs firewall access on a untrusted interface. Which two components are required on the firewall to configure certificate-based administrator authentication to the Web UI ? Choose two

WildFire will submit for analysis blocked that match which profile settings ?

An engineer is pushing configuration from Panorama to a managed firewall. What happens when the pushed Panorama configuration has Address Object names that duplicate the Address Objects already configured on the firewall ?

place the steps in the WildFire process workflow in their correct order ① ② ③ ④

A customer is replacing thier legacy remote access VPN solution. The current solution is in place to secure only internet egress for the connected clients. Prisma Access has been selected to replace the current remote access VPN solution. During onboarding the following options and licenses were selected and enabled. -Prisma Access for Remote Networks 300Mbps -Prisma Access for Mobile Users 1500 Users -Cortex Data lake 2 TB -Trusted Zones trust -Untreated Zones untrust -Parent Device Group shared How can you configure Prisma Access to provide the same level of access as the current VPN solution ?