Domain 3 - Policy Evaluation and Management

Question 1

What will be the result of one or more occurrences of shadowing?

a. A failed commit
b. An invalid configuration
c. A warning
d. An alarm window

Answer 1

c. A warning

Question 2

Which column in the Applications and Threats screen includes the options Review Apps and Policies?

a. Features
b. Type
c. Version
d. Action

Answer 2

d. Action

Question 3

Which link can you select in the web interface to minimize the risk of installing new App-Id updates?

a. Enable new apps in content update.
b. Disable new apps in App-ID database.
c. Disable new apps in content update.
d. Enable new apps in App-ID database.

Answer 3

c. Disable new apps in content update.

Question 4

Which two protocols are implicitly allowed when you select the facebook-base application? (Choose two)

a. Web-browsing
b. Chat
c. Gaming
d. SSL

Answer 4

a. Web-browsing
d. SSL

Question 5

What are the two default (predefined) Security policy rule type sin PAN-OS software? (Choose two)

a. Universal
b. Interzone
c. Intrazone
d. Extrazone

Answer 5

b. Interzone
c. Intrazone

Question 6

Which type of Security policy rules most often exist above the two predefined security policies?

a. Intrazone
b. Interzone
c. Universal
d. Global

Answer 6

c. Universal

Question 7

What does the TCP Half Closed setting mean?

a. Maximum length of time that a session remains in the session table between reception of the first FIN and reception of the third FIN or RST.

b. Minimum length of time that a session remains in the session table between reception of the first FIN and reception of the third FIN or RST.

c. Maximum length of time that a session remains in the session table between reception of the first FIN and reception of the second FIN or RST.

d. Minimum length of time that a session remains in the session table between reception of the first FIN and reception of the second FIN or RST.

Answer 7

c. Maximum length of time that a session remains in the session table between reception of the first FIN and reception of the second FIN or RST.

Question 8

What are two application characteristics? (Choose two)

a. Stateful
b. Excessive bandwidth use.
c. Intensive
d. Evasive

Answer 8

b. Excessive bandwidth use.
d. Evasive

Question 9

Which two HTTP Header Logging options are within a URL Filtering profile? (Choose two)

a. User-Agent
b. Safe Search
c. URL redirection
d. X-Forwarded-For

Answer 9

a. User-Agent
d. X-Forwarded-For

Question 10

What are two source NAT types? (Choose two)

a. Universal
b. Static
c. Dynamic
e. Extrazone

Answer 10

b. Static
c. Dynamic

Question 11

Which phrase is a simple way to remember how to configure Security policy rules where NAT was implemented?

a. Post-NAT IP, pre-NAT zone
b. Post-NAT IP, post-NAT zone
c. Pre-NAT IP, post-NAT zone
d. Pre-NAT IP, pre-NAT zone

Answer 11

c. Pre-NAT IP, post-NAT zone

Question 12

What are two types of destination NAT? (Choose two)

a. Dynamic IP (with session distribution)
b. DIPP
c. Global
d. Static IP

Answer 12

a. Dynamic IP (with session distribution)
d. Static IP

Question 13

The Policy Optimizer does not analyze which statistics?

a. Applications allowed through port-based Security policy rules
b. The usage of existing App-IDs in Security policy rules
c. Which users matched Security policies
d. Existing Security policy rule App-IDs that have not matched processed traffic
e. Days since the latest new application discovery in a port-based Security policy rule.

Answer 13

c. Which users matched Security policies