Which benefit do policy rule UUIDs provide?
A.functionality for scheduling policy actions
B.the use of user IP mapping and groups in policies
C.cloning of policies between device-groups
D.an audit trail across a policy's lifespan
What are two valid deployment options for Decryption Broker? (Choose two)
A.Transparent Bridge Security Chain
B.Layer 3 Security Chain
C.Layer 2 Security Chain
D.Transparent Mirror Security Chain
An administrator needs to evaluate a recent policy change that was committed and pushed to a firewall device group.
How should the administrator identify the configuration changes?
A.review the configuration logs on the Monitor tab
B.click Preview Changes under Push Scope
C.use Test Policy Match to review the policies in Panorama
D.context-switch to the affected firewall and use the configuration audit tool
Which two statements are true about DoS Protection and Zone Protection Profiles? (Choose two).
A.Zone Protection Profiles protect ingress zones
B.Zone Protection Profiles protect egress zones
C.DoS Protection Profiles are packet-based, not signature-based
D.DoS Protection Profiles are linked to Security policy rules
Which two statements are true for the DNS Security service? (Choose two.)
A.It eliminates the need for dynamic DNS updates
B.It functions like PAN-DB and requires activation through the app portal
C.It removes the 100K limit for DNS entries for the downloaded DNS updates
D.It is automatically enabled and configured
An engineer is creating a security policy based on Dynamic User Groups (DUG) What benefit does this provide?
A.Automatically include users as members without having to manually create and commit policy or group changes
B.DUGs are used to only allow administrators access to the management interface on the Palo Alto Networks firewall
C.It enables the functionality to decrypt traffic and scan for malicious behaviour for User-ID based policies
D.Schedule commits at a regular intervals to update the DUG with new users matching the tags specified
What happens, by default, when the GlobalProtect app fails to establish an IPSec tunnel to the GlobalProtect gateway?
A.It keeps trying to establish an IPSec tunnel to the GlobalProtect gateway
B.It stops the tunnel-establishment processing to the GlobalProtect gateway immediately
C.It tries to establish a tunnel to the GlobalProtect gateway using SSL/TLS
D.It tries to establish a tunnel to the GlobalProtect portal using SSL/TLS
A standalone firewall with local objects and policies needs to be migrated into Panoram
A.What procedure should you use so Panorama is fully managing the firewall?
B.Use the "import Panorama configuration snapshot" operation, then perform a device-group commit push with "include device and network templates"
C.Use the "import device configuration to Panorama" operation, then "export or push device config bundle" to push the configuration
D.Use the "import Panorama configuration snapshot" operation, then "export or push device config bundle" to push the configuration
E.Use the "import device configuration to Panorama" operation, then perform a device-group commit push with "include device and network templates"
A customer is replacing its legacy remote-access VPN solution Prisma Access has been selected as the replacement.
During onboarding, the following options and licenses were selected and enabled:
The customer wants to forward to a Splunk SIEM the logs that are generated by users that are connected to Prisma Access for Mobile Users.
Which two settings must the customer configure? (Choose two)
A.Configure a log forwarding profile and select the Panorama/Cortex Data Lake checkbox.
Apply the Log Forwarding profile to all of the security policy rules in Mobile_User_Device_Group
B.Configure Cortex Data Lake log forwarding and add the Splunk syslog server
C.Configure a Log Forwarding profile, select the syslog checkbox and add the Splunk syslog server.
Apply the Log Forwarding profile to all of the security policy rules in the Mobiie_User_Device_Group
D.Configure Panorama Collector group device log forwarding to send logs to the Splunk syslog server
A customer is replacing their legacy remote access VPN solution.
The current solution is in place to secure internet egress and provide access to resources located in the main datacenter for the connected clients.
Prisma Access has been selected to replace the current remote access VPN solution.
During onboarding the following options and licenses were selected and enabled
What must be configured on Prisma Access to provide connectivity to the resources in the datacenter?
A.Configure a mobile user gateway in the region closest to the datacenter to enable connectivity to the datacenter
B.Configure a remote network to provide connectivity to the datacenter
C.Configure Dynamic Routing to provide connectivity to the datacenter
D.Configure a service connection to provide connectivity to the datacenter
A network security engineer has applied a File Blocking profile to a rule with the action of Block. The user of a Linux CLI operating system has opened a ticket. The ticket states that the user is being blocked by the firewall when trying to download a TAR file. The user is getting no error response on the system.
Where is the best place to validate if the firewall is blocking the user's TAR file?
B.Data Filtering log
C.WildFire Submissions log
D.URL Filtering log
To support a new compliance requirement, your company requires positive username attribution of every IP address used by wireless devices. You must collect IP address-to-username mappings as soon as possible with minimal downtime and minimal configuration changes to the wireless devices themselves. The wireless devices are from various manufacturers.
Given the scenario, choose the option for sending IP address-to-username mappings to the firewall
An administrator has configured PAN-OS SD-WAN and has received a request to find out the reason for a session failover for a session that has already ended. Where would you find this in Panorama or firewall logs?
D.You cannot find failover details on closed sessions
What are two best practices for incorporating new and modified App-IDs? (Choose two.)
A.Run the latest PAN-OS version in a supported release tree to have the best performance for the new App-IDs
B.Configure a security policy rule to allow new App-IDs that might have network-wide impact
C.Perform a Best Practice Assessment to evaluate the impact of the new or modified App-IDs
D.Study the release notes and install new App-IDs if they are determined to have low impact
What type of address object would be useful for internal devices where the addressing structure assigns meaning to certain bits in the address, as illustrated in the diagram?
B.IP Wildcard Mask
Which statement is true regarding a Best Practice Assessment?
A.It shows how your current configuration compares to Palo Alto Networks recommendations
B.It runs only on firewalls
C.When guided by an authorized sales engineer, it helps determine the areas of greatest risk where you should focus prevention activities.
D.It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture
An administrator is using Panorama and multiple Palo Alto Networks NGFWs. After upgrading all devices to the latest PAN-OS software, the administrator enables log forwarding from the firewalls to Panorama. Pre-existing logs from the firewalls are not appearing in PanoramA.
Which action would enable the firewalls to send their pre-existing logs to Panorama?
A.Use the import option to pull logs.
B.Export the log database
C.Use the scp logdb export command
D.Use the ACC to consolidate the logs
2022 Latest Braindump2go PCNSE PDF and PCNSE VCE Dumps Free Share: