Question # 1
Which selection must be configured on PAN-OS External Dynamic Lists to supportMineMeld indicators?
D. Feed Base URL
Question # 2
Decryption port mirroring is now supported on which platform?
A. all hardware-based and VM-Series firewalls with the exception of VMware NSX. CitrixSDX, or public cloud hypervisors
B. in hardware only
C. only one the PA-5000 Series and higher
D. all hardware-based and VM-Series firewalls regardless of where installed
Question # 3
Which two steps are required to configure the Decryption Broker? (Choose two.)
A. reboot the firewall to activate the license
B. activate the Decryption Broker license
C. enable SSL Forward Proxy decryption
D. enable a pair of virtual wire interfaces to forward decrypted traffic
Question # 4
Which two network events are highlighted through correlation objects as potential securityrisks? (Choose two.)
A. Identified vulnerability exploits
B. Launch of an identified malware executable file
C. Endpoints access files from a removable drive
D. Suspicious host behavior
Question # 5
A customer with a legacy firewall architecture is focused on port and protocol level security,and has heard that next generation firewalls open all ports by default. What is theappropriate rebuttal that positions the value of a NGFW over a legacy firewall?
A. Palo Alto Networks keep ports closed by default, only opening ports after understandingthe application request, and then opening only the application-specified ports.
B. Palo Alto Networks does not consider port information, instead relying on App-IDsignatures that do not reference ports.
C. Default policies block all interzone traffic. Palo Alto Networks empowers you to controlapplications by default ports or a configurable list of approved ports on a per-policy basis.
D. Palo Alto Networks NGFW protects all applications on all ports while leaving all portsopened by default.
Question # 6
For customers with high bandwidth requirements for Service Connections, what twolimitations exist when onboarding multiple Service Connections to the same Prisma Accesslocation servicing a single Datacenter? (Choose two.)
A. Network segments in the Datacenter need to be advertised to only one ServiceConnection
B. The customer edge device needs to support policy-based routing with symmetric returnfunctionality
C. The resources in the Datacenter will only be able to reach remote network resourcesthat share the same region
D. A maximum of four service connections per Datacenter are supported with this topology
Question # 7
Which are the three mandatory components needed to run Cortex XDR? (Choose three.)
B. NGFW with PANOS 8 0.5 or later
C. Cortex Data Lake
F. Directory Syn Service
Question # 8
A customer is concerned about malicious activity occurring directly on their endpoints andwill not be visible to their firewalls.Which three actions does the Traps agent execute during a security event, beyondensuring the prevention of this activity? (Choose three.)
A. Informs WildFire and sends up a signature to the Cloud
B. Collects forensic information about the event
C. Communicates the status of the endpoint to the ESM
D. Notifies the user about the event
E. Remediates the event by deleting the malicious file
Question # 9
When log sizing is factored for the Cortex Data Lake on the NGFW, what is the average logsize used in calculation?
B. depends on the Cortex Data Lake tier purchased
C. 18 bytes
D. 1500 bytes
Question # 10
XYZ Corporation has a legacy environment with asymmetric routing. The customerunderstands that Palo Alto Networks firewalls can support asymmetric routing withredundancy. Which two features must be enabled to meet the customer's requirements?(Choose two.)
A. Policy-based forwarding
B. HA active/active
C. Virtual systems
D. HA active/passive
Question # 11
WildFire subscription supports analysis of which three types? (Choose three.)
Question # 12
Which three platform components can identify and protect against malicious email links?(Choose three.)
A. WildFire hybrid cloud solution
B. WildFire public cloud
Question # 13
A customer is concerned about zero-day targeted attacks against its intellectual property.Which solution informs a customer whether an attack is specifically targeted at them?
A. Traps TMS
C. Panorama Correlation Report
D. Firewall Botnet Report
Question # 14
A potential customer requires an NGFW solution which enables high-throughput, lowlatency network security, all while incorporating unprecedented features and technology.They need a solution that solves the performance problems that plague today's securityinfrastructure.Which aspect of the Palo Alto Networks NGFW capabilities can you highlight to help themaddress the requirements?
A. SP3 (Single Pass Parallel Processing)
C. Threat Prevention
D. Elastic Load Balancers
Question # 15
As you prepare to scan your Amazon S3 account, what enables Prisma service permissionto access Amazon S3?
A. access key ID
B. secret access key
C. administrative Password
D. AWS account ID
Question # 16
What are two benefits of using Panorama for a customer who is deploying virtual firewallsto secure data center traffic? (Choose two.)
A. It can provide the Automated Correlation Engine functionality, which the virtual firewallsdo not support.
B. It can monitor the virtual firewalls' physical hosts and Vmotion them as necessary
C. It can automatically create address groups for use with KVM.
D. It can bootstrap the virtual firewalls for dynamic deployment scenarios.
Question # 17
An SE is preparing an SLR report for a school and wants to emphasize URL filteringcapabilities because the school is concerned that its students are accessing inappropriatewebsites. The URL categories being chosen by default in the report are not highlightingthese types of websites. How should the SE show the customer the firewall can detect thatthese websites are being accessed?
A. Create a footnote within the SLR generation tool
B. Edit the Key-Findings text to list the other types of categories that may be of interest
C. Remove unwanted categories listed under 'High Risk' and use relevant information
D. Produce the report and edit the PDF manually
Question # 18
The firewall includes predefined reports, custom reports can be built for specific data andactionable tasks, or predefined and custom reports can be combined to compile informationneeded to monitor network security.The firewall provides which three types of reports? (Choose three.)
A. SNMP Reports
B. PDF Summary Reports
C. Netflow Reports
D. Botnet Reports
E. User or Group Activity Reports
Question # 19
How do you configure the rate of file submissions to WildFire in the NGFW?
A. based on the purchased license uploaded
B. QoS tagging
C. maximum number of files per minute
D. maximum number of files per day
Question # 20
In which two ways can PAN-OS software consume MineMeld outputs? (Choose two.)
Question # 21
What are three purposes for the Eval Systems, Security Lifecycle Reviews and PreventionPosture Assessment tools? (Choose three.)
A. when you're delivering a security strategy
B. when client's want to see the power of the platform
C. provide users visibility into the applications currently allowed on the network
D. help streamline the deployment and migration of NGFWs
E. assess the state of NGFW feature adoption
Question # 22
An endpoint, inside an organization, is infected with known malware that attempts to makea command-and-control connection to a C2 server via the destination IP addressWhich mechanism prevents this connection from succeeding?
A. DNS Sinkholing
B. DNS Proxy
C. Anti-Spyware Signatures
D. Wildfire Analysis
Question # 23
There are different Master Keys on Panorama and managed firewalls.What is the result if a Panorama Administrator pushes configuration to managed firewalls?
A. The push operation will fail regardless of an error or not within the configuration itself
B. Provided there’s no error within the configuration to be pushed, the push will succeed
C. The Master Key from the managed firewalls will be overwritten with the Master Key fromPanorama
D. There will be a popup to ask if the Master Key from the Panorama should replace theMaster Key from the managed firewalls
Question # 24
Which three components are specific to the Query Builder found in the Custom Reportcreation dialog of the firewall? (Choose three.)
Question # 25
A customer requests that a known spyware threat signature be triggered based on a rate of occurrence, for example, 10 hits in 5 seconds.How is this goal accomplished?
A. Create a custom spyware signature matching the known signature with the time attribute
B. Add a correlation object that tracks the occurrences and triggers above the desiredthreshold
C. Submit a request to Palo Alto Networks to change the behavior at the next update
D. Configure the Anti-Spyware profile with the number of rule counts to match theoccurrence frequency
Question # 26
What are the three possible verdicts in WildFire Submissions log entries for a submittedsample? (Choose four.)
Question # 27
What is the key benefit of Palo Alto Networks Single Pass Parallel Processing design?
A. There are no benefits other than slight performance upgrades
B. It allows Palo Alto Networks to add new functions to existing hardware
C. Only one processor is needed to complete all the functions within the box
D. It allows Palo Alto Networks to add new devices to existing hardware
Question # 28
What can be applied to prevent users from unknowingly downloading malicious file typesfrom the internet?
A. A vulnerability profile to security policy rules that deny general web access
B. An antivirus profile to security policy rules that deny general web access
C. A zone protection profile to the untrust zone
D. A file blocking profile to security policy rules that allow general web access