What is the key benefit of Palo Alto Networks Single Pass Parallel Processing design?

Which security profile on the NGFW includes signatures to protect you from brute force attacks?

The need for a file proxy solution, virus and spyware scanner, a vulnerability scanner, and HTTP decoder for URL filtering is handled by which component in the NGFW?

A customer is looking for an analytics tool that uses the logs on the firewall to detect actionable events on the network. They require something to automatically process a series of related threat events that, when combined, indicate a likely compromised host on their network or some other higher level conclusion. They need to pinpoint the area of risk, such as compromised hosts on the network, allows you to assess the risk and take action to prevent exploitation of network resources. Which feature of PAN-OS can you talk about to address their requirement to optimize their business outcomes?

Which two email links, contained in SMTP and POP3, can be submitted from WildFire analysis with a WildFire subscription? (Choose two.)

What two types of certificates are used to configure SSL Forward Proxy? (Choose two.)

Which two of the following does decryption broker provide on a NGFW? (Choose two.)

There are different Master Keys on Panorama and managed firewalls. What is the result if a Panorama Administrator pushes configuration to managed firewalls?

Which task would be identified in Best Practice Assessment tool?

A customer requests that a known spyware threat signature be triggered based on a rate of occurrence, for example, 10 hits in 5 seconds. How is this goal accomplished?

Which two features are found in Palo Alto Networks NGFW but are absent in a legacy firewall product? (Choose two.)

For customers with high bandwidth requirements for Service Connections, what two limitations exist when onboarding multiple Service Connections to the same Prisma Access location servicing a single Datacenter? (Choose two.)

Which three categories are identified as best practices in the Best Practice Assessment tool? (Choose three.)

You have a prospective customer that is looking for a way to provide secure temporary access to contractors for a designated period of time. They currently add contractors to existing user groups and create ad hoc policies to provide network access. They admit that once the contractor no longer needs access to the network, administrators are usually too busy to manually delete policies that provided access to the contractor. This has resulted in over-provisioned access that has allowed unauthorized access to their systems. They are looking for a solution to automatically remove access for contractors once access is no longer required. You address their concern by describing which feature in the NGFW?

Which methods are used to check for Corporate Credential Submissions? (Choose three.)

WildFire subscription supports analysis of which three types? (Choose three.)

The WildFire Inline Machine Learning is configured using which Content-ID profiles?

n an HA pair running Active/Passive mode, over which interface do the dataplanes communicate?

A potential customer requires an NGFW solution which enables high-throughput, low-latency network security, all while incorporating unprecedented features and technology. They need a solution that solves the performance problems that plague today's security infrastructure. Which aspect of the Palo Alto Networks NGFW capabilities can you highlight to help them address the requirements?

What filtering criteria is used to determine what users to include as members of a dynamic user group?

Which three features are used to prevent abuse of stolen credentials? (Choose three.)

A customer has business-critical applications that rely on the general web-browsing application. Which security profile can help prevent drive-by-downloads while still allowing web-browsing traffic?

Which three settings must be configured to enable Credential Phishing Prevention? (Choose three.)

A customer with a legacy firewall architecture is focused on port and protocol level security, and has heard that next generation firewalls open all ports by default. What is the appropriate rebuttal that positions the value of a NGFW over a legacy firewall?

Which four actions can be configured in an Anti-Spyware profile to address command-and-control traffic from compromised hosts? (Choose four.)

What are three valid sources that are supported for user IP address mapping in Palo Alto Networks NGFW? (Choose three.)

Which CLI allows you to view the names of SD-WAN policy rules that send traffic to the specified virtual SD-WAN interface, along with the performance metrics?

Which two actions can be taken to enforce protection from brute force attacks in the security policy? (Choose two.)

A customer is concerned about zero-day targeted attacks against its intellectual property. Which solution informs a customer whether an attack is specifically targeted at them?

Which three actions should be taken before deploying a firewall evaluation unit in the customer's environment? (Choose three.)

Which three activities can the botnet report track? (Choose three.)

A customer requires protections and verdicts for PE (portable executable) and ELF (executable and linkable format) as well as integration with products and services can also access the immediate verdicts to coordinate enforcement to prevent successful attacks. What competitive feature does Palo Alto Networks provide that will address this requirement?

Which statement is true about Deviating Devices and metrics?

Palo Alto Networks publishes updated Command-and-Control signatures. How frequently should the related signatures schedule be set?

Which two methods will help avoid Split Brain when running HA in Active/Active mode? (Choose two.)

Which three script types can be analyzed in WildFire? (Choose three.)

What helps avoid split brain in active/passive HA pair deployment?

What are three considerations when deploying User-ID? (Choose three.)

Which three considerations should be made prior to installing a decryption policy on the NGFW? (Choose three.)

Which three components are specific to the Query Builder found in the Custom Report creation dialog of the firewall? (Choose three.)

Which CLI commands allows you to view SD-WAN events such as path selection and path quality measurements?

Which three steps in the cyberattack lifecycle does Palo Alto Networks Security Operating Platform prevent? (Choose three.)

Which profile or policy should be applied to protect against port scans from the internet?

Which two products are included in the Prisma Brand? (Choose two.)

Which three platform components can identify and protect against malicious email links? (Choose three.)

When having a customer pre-sales call, which aspects of the NGFW should be covered?

What aspect of PAN-OS allows for the NGFW admin to create a policy that provides auto-remediation for anomalous user behavior and malicious activity while maintaining user visibility?

You have enabled the WildFire ML for PE files in the antivirus profile and have added the profile to the appropriate firewall rules. When you go to Palo Alto Networks WildFire test av file and attempt to download the test file it is allowed through. In order to verify that the machine learning is working from the command line, which command returns a valid result?

What are the three possible verdicts in WildFire Submissions log entries for a submitted sample? (Choose four.)

What two types of traffic should you exclude from a decryption policy? (Choose two.)

Which functionality is available to firewall users with an active Threat Prevention subscription, but no WildFire license?

What is the recommended way to ensure that firewalls have the most current set of signatures for up-to-date protection?

What three Tabs are available in the Detailed Device Health on Panorama for hardware-based firewalls? (Choose three.)

What component is needed if there is a large scale deployment of Next Generation Firewalls with multiple Panorama Management Servers?

Which is the smallest Panorama solution that can be used to manage up to 2500 Palo Alto Networks Next Generation firewalls?

XYZ Corporation has a legacy environment with asymmetric routing. The customer understands that Palo Alto Networks firewalls can support asymmetric routing with redundancy. Which two features must be enabled to meet the customer's requirements? (Choose two.)

What is the correct behavior when a Palo Alto Networks next-generation firewall (NGFW) is unable to retrieve a DNS verdict from DNS service cloud in the configured lookup time?

Which statement best describes the business value of Palo Alto Networks' Zero Touch Provisioning (ZTP)?

When HTTP header logging is enabled on a URL Filtering profile, which attribute-value can be logged?

In PAN-OS 10.0 and later, DNS Security allows policy actions to be applied based on which three domains? (Choose three.)

Which two features are key in preventing unknown targeted attacks? (Choose two.)

Which of the following statements is valid with regard to Domain Name System (DNS) sinkholing?

Which two features can be enabled to support asymmetric routing with redundancy on a Palo Alto Networks next-generation firewall (NGFW)? (Choose two.)

What is an advantage public cloud WildFire has over the private WildFire appliance?

Which two platform components can identify and protect against malicious email links? (Choose two.)

Which action can prevent users from unknowingly downloading potentially malicious file types from the internet?

Which functionality is available to firewall users who have an active Threat Prevention subscription but no WildFire license?

A potential customer requires an NGFW solution that enables high-throughput, low-latency network security and also inspects the application. Which aspect of the Palo Alto Networks NGFW capabilities should be highlighted to help address these requirements?

The ability to prevent users from resolving internet protocol (IP) addresses to malicious, grayware, or newly registered domains is provided by which Security service?

What are two ways to manually add and remove members of dynamic user groups (DUGs)? (Choose two.)

A customer is starting to understand their Zero Trust protect surface using the Palo Alto Networks Zero Trust reference architecture. What are two steps in this process? (Choose two.)

Which task would be included in the Best Practice Assessment (BPA) tool?

Within the Five-Step Methodology of Zero Trust, in which step would application access and user access be defined?

Which proprietary technology solutions will allow a customer to identify and control traffic sources regardless of internet protocol (IP) address or network segment?

What are two benefits of the sinkhole Internet Protocol (IP) address that DNS Security sends to the client in place of malicious IP addresses? (Choose two.)

In which step of the Palo Alto Networks Five-Step Zero Trust Methodology would an organization's critical data, applications, assets, and services (DAAS) be identified?

What are three key benefits of the Palo Alto Networks platform approach to security? (Choose three.)

A prospective customer currently uses a firewall that provides only Layer 4 inspection and protections. The customer sees traffic going to an external destination, port 53, but cannot determine what Layer 7 application traffic is going over that port. Which capability of PAN-OS would address the customer's lack of visibility?

Which two statements apply to a Palo Alto Networks NGFW but not to a legacy firewall product? (Choose two.)

Which Security profile on the Next-Generation Firewall (NGFW) includes signatures to protect against brute force attacks?

Which built-in feature of PAN-OS allows the NGFW administrator to create a policy that provides auto remediation for anomalous user behavior and malicious activity while maintaining user visibility?

A customer is designing a private data center to host their new web application along with a separate headquarters for users. Which cloud-delivered security service (CDSS) would be recommended for the headquarters only?

Which three mechanisms are valid for enabling user mapping? (Choose three.)

Which Palo Alto Networks security component should an administrator use to extend NGFW policies to remote users?

What is the default behavior in PAN-OS when a 12 MB portable executable (PE) file is forwarded to the WildFire cloud service?

What is an advantage of having WildFire machine learning (ML) capability inline on the firewall?

What is the default behavior in PAN-OS when a 12 MB portable executable (PE) file is forwarded to the WildFire cloud service?

What is an advantage of having WildFire machine learning (ML) capability inline on the firewall?

What is the key benefit of Palo Alto Networks single-pass architecture (SPA) design?

Which two actions should be taken prior to installing a decryption policy on an NGFW? (Choose two.)

Access to a business site is blocked by URL Filtering inline machine learning (ML) and considered as a false-positive. How should the site be made available?

Which two methods are used to check for Corporate Credential Submissions? (Choose two.)

A WildFire subscription is required for which two of the following activities? (Choose two.)

Which two actions should be taken to provide some protection when a client chooses not to block uncategorized websites? (Choose two.)

A packet that is already associated with a current session arrives at the firewall. What is the flow of the packet after the firewall determines that it is matched with an existing session?

A customer with a fully licensed Palo Alto Networks firewall is concerned about threats based on domain generation algorithms (DGAs). Which Security profile is used to configure Domain Name Security (DNS) to identify and block previously unknown DGA-based threats in real time?

Which two actions can be configured in an Anti-Spyware profile to address command-and-control (C2) traffic from compromised hosts? (Choose two.)

The Palo Alto Networks Cloud Identity Engine (CIE) includes which service that supports Identity Providers (IdP)?

A customer worried about unknown attacks is hesitant to enable SSL decryption due to privacy and regulatory issues. How does the platform address the customer's concern?