Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

PCNSE_10 > Exam Domain 2 — Deploy and Configure > Flashcards

Exam Domain 2 — Deploy and Configure Flashcards

1
Q 
67. An application using which protocol can receive an incomplete value in the Application field in the Traffic log?
A. UDP
B. TCP
C. ICMP
D. GRE
A

B. TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. Session traffic being evaluated by a firewall is encrypted with SSL. If the firewall does not decrypt the traffic, how can the firewall make an App-ID determination?
    A. evaluate the HTTP headers
    B. evaluate the SSL Hello exchange
    C. evaluate certificate contents used for encryption
    D. use information in the SSL Decryption Exclusion cache
A

C. evaluate certificate contents used for encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. While a firewall is scanning an active session, how does it respond when it detects a change of application?
    A. closes the session, opens a new one, and evaluates all Security policy rules again
    B. closes the session, opens a new one, and evaluates the original matching Security policy
    rule only
    C. updates the application in the existing session and evaluates all Security policy rules again
    D. updates the application in the existing session and continues to use the original action
    from the first Security policy rule match
A

C. updates the application in the existing session and evaluates all Security policy rules again

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q 
70. Which profile do you use for DLP based on file content?
A. Antivirus
B. Anti-Spyware
C. Vulnerability Protection
D. URL Filtering
E. File Blocking
F. WildFire Analysis
G. Data Filtering
A

G. Data Filtering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q 
71. Which profile do you use to monitor DNS resolution lookups for sites associated with threat activity?
A. Antivirus
B. Anti-Spyware
C. Vulnerability Protection
D. URL Filtering
E. File Blocking
F. WildFire Analysis
G. Data Filtering
A

B. Anti-Spyware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q 
72. Which profile do you use to analyze files for zero-day malware?
A. Antivirus
B. Anti-Spyware
C. Vulnerability Protection
D. URL Filtering
E. File Blocking
F. WildFire Analysis
G. Data Filtering
A

F. WildFire Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q 
73. Which profile do you use to examine browsing traffic for appropriate browsing policy
enforcement?
A. Antivirus
B. Anti-Spyware
C. Vulnerability Protection
D. URL Filtering
E. File Blocking
F. WildFire Analysis
G. Data Filtering
A

D. URL Filtering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q 
74. Which profile do you use to detect and block an executable file from being transferred
through the firewall?
A. Antivirus
B. Anti-Spyware
C. Vulnerability Protection
D. URL Filtering
E. File Blocking
F. WildFire Analysis
G. Data Filtering
A

E. File Blocking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q 
75. Which credential phishing prevention action allows users to choose to submit credentials to a site anyway?
A. alert
B. allow
C. block
D. continue
A

D. continue

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q 
76. Which user credential detection method would work if multiple users share the same client IP address (for example, because of dynamic address translation done by a device on the internal side of the firewall)?
A. IP-to-user mapping
B. group mapping
C. domain credential filter
D. IP-and-port-to-user mapping
A

C. domain credential filter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q 
77. Which type of user credential detection must be used by a firewall administrator that wants to enable credential phishing prevention that blocks an attempt by a user to enter the organization’s user ID and password?
A. IP-to-user mapping
B. domain credential filter
C. group mapping
D. Citrix mapping
A

B. domain credential filter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. Which security risk is elevated when port-based Security policy rules are used?
    A. The firewall’s resources will be negatively impacted by processing unwanted traffic.
    B. Unwanted applications can get through the firewall, bringing their vulnerabilities with
    them.
    C. The network is more vulnerable to TCP DoS attacks.
    D. The firewall is more vulnerable to UDP DoS attacks.
A

B. Unwanted applications can get through the firewall, bringing their vulnerabilities with
them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. What is the Palo Alto Networks suggested process for converting port-based Security policy rules to use App-ID?
    A. Use the Expedition tool to analyze Traffic logs against Security policy to suggest policy changes.
    B. Use the built-in firewall reports to identify applications found in the traffic and update policy based on desired traffic.
    C. Use the Policy Optimizer feature of the firewall to identify applications and update policy rules.
    D. Use the firewall’s New Applications Seen feature to identify applications and update policy rules.
A

C. Use the Policy Optimizer feature of the firewall to identify applications and update policy rules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. If App-ID is implemented in Security policy rules, should port numbers also be included?
    A. No, App-ID-based Security policy rules detect and allow or block any desired application
    using the included port number values in the App-ID database.
    B. Yes, including the port numbers as a service-matching condition can eliminate some
    traffic before App-ID processing, thus conserving firewall resources.
    C. Yes, including an application-default setting in the service-matching condition requires
    that applications use only known or typical port numbers.
    D. No, App-ID based Security policy rules detect and allow or block any desired application
    using the edited port number values in the App-ID database.
A

C. Yes, including an application-default setting in the service-matching condition requires that applications use only known or typical port numbers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. Which firewall tool provides settings and tools to convert policies from port-based to App-ID?
    A. Network Monitor display under App Scope
    B. Policy Optimizer under Policies
    C. Application Hit Count under Policies
    D. View Applications as Groups under Policies
A

B. Policy Optimizer under Policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. An administrator creates a Security policy rule that allows office-on-demand traffic through the firewall. After the change is committed, the firewall issues the following warning:
    “vsys1: Rule ‘Allow Office apps’ application dependency warning:
    Application ‘office-on-demand’ requires ‘ms-office365-base’ be allowed
    Application ‘office-on-demand’ requires ‘sharepoint-online’ be allowed
    Application ‘office-on-demand’ requires ‘ssl’ be allowed
    Application ‘office-on-demand’ requires ‘web-browsing’ be allowed”
    Which action should the administrator take?
    A. create an application chain that include the dependencies
    B. add the listed applications to the same Security policy rule
    C. set the Service action of the rule to “dependent application default”
    D. create a new Security policy rule for each listed application with an “allow” action higher in the rule list
A

B. add the listed applications to the same Security policy rule

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
  1. The use of Dedicated Log Collectors instead of a mixed-mode Panorama for log collection provides which benefit?
    A. Log processing is offloaded from the Panorama(s) that are managing firewalls.
    B. Dedicated Log Collectors can forward logs to external sources which Panorama cannot do.
    C. Dedicated Log Collectors can have more disk drives installed to increase log storage and Panorama cannot.
    D. Dedicated Log Collectors provide store-and-forward support of logging data being sent to Panorama.
A

A. Log processing is offloaded from the Panorama(s) that are managing firewalls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q
  1. Which statement is true about the Dedicated Log Collector’s processing of firewall log data?
    A. Dedicated Log Collectors receive, compress, and batch log data transmission to
    Panorama.
    B. Dedicated Log Collectors process firewall logging data and send summary data to
    Panorama summary reporting databases.
    C. Dedicated Log Collectors filter collected log data and forward desired alerts to Panorama.
    D. Dedicated Log Collectors store firewall log data and provide query responses from Panorama on demand.
A

D. Dedicated Log Collectors store firewall log data and provide query responses from Panorama on demand.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q
  1. Which two options will provide an enterprise-wide log that can be viewed from Panorama? (Choose two.)
    A. Select firewalls are designated as Log Collectors and add logs forwarded from other firewalls to their own.
    B. Panorama devices are configured as Dedicated Log Collectors that then are added to Log Collector Groups. Firewalls forward logs to a designated Log Collector within a Collector Group.
    C. Cortex Data Lake is configured as a Log Collector in Panorama. Firewalls forward logs to Cortex Data Lake.
    D. A Panorama device is configured in Management Mode and a Log Collector is defined on the Panorama appliance, which then is added to a Log Collector Group. Firewalls forward logs to a designated Log Collector within a Collector Group.
A

B. Panorama devices are configured as Dedicated Log Collectors that then are added to Log Collector Groups. Firewalls forward logs to a designated Log Collector within a Collector Group.

C. Cortex Data Lake is configured as a Log Collector in Panorama. Firewalls forward logs to
Cortex Data Lake.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q 
86. Which configuration is performed first on a firewall with factory default settings, according to Palo Alto Networks best practices?
A. add licenses
B. update PAN-OS software
C. configure the management network port
D. update dynamic update files
A

C. configure the management network port

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q
  1. You finished configuring the firewall’s basic connectivity in the lab and are ready to put it in the data center. What do you have to remember to do before you power down the firewall?
    A. Save the changes.
    B. Commit the changes.
    C. Create a restore thumb drive in case the configuration is deleted.
    D. Verify that the configuration is correct. You do not need to do anything else if it is
    correct; the configuration is updated automatically.
A

B. Commit the changes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q 
88. The firewall’s MGT port can be configured as which type of interface?
A. Layer 2
B. Layer 3
C. virtual wire
D. serial
A

B. Layer 3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q 
89. Which CLI command provides High Availability active/passive status of a firewall?
A. show high-availability all
B. show high-availability status
C. show system state
D. show system high-availability all
A

A. show high-availability all

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q 
90. Which function can be performed directly in the High Availability widget?
A. synchronize dynamic update files
B. synchronize log files
C. synchronize firewall configurations
D. trigger an immediate failover
A

C. synchronize firewall configurations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q
  1. Which two steps must be completed to enable the display of the Dashboard’s High Availability widget?
    A. log in to the firewall management web interface and configure HA for active/active or active/passive
    B. log in to the firewall management web interface and click the Sync to peer link in the firewall HA configuration settings
    C. log in to the firewall’s CLI and enter the get management-server logging on command
    D. select and enable the High Availability widget in the firewall’s management web interface Dashboard display
A

A. log in to the firewall management web interface and configure HA for active/active or
active/passive
D. select and enable the High Availability widget in the firewall’s management web interface Dashboard display

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q
  1. Which firewall configuration object is used to specify more than one external authentication source for a user’s log in attempt?
    A. Multiple Server Profiles configured to failover
    B. Authentication Sequence
    C. Local User account set to failover
    D. Account Sequence
A

B. Authentication Sequence

27
Q
  1. Which object links the Captive Portal method with an Authentication Profile when multi-factor authentication is configured?
    A. Multi-Factor Authentication Server Profile
    B. Authentication policy rule
    C. Authentication Sequence
    D. Authentication Enforcement object
A

D. Authentication Enforcement object

28
Q 
94. Which four firewall Server Profiles can provide first factor authentication for multi-factor
authentication configurations? (Choose four.)
A. HTTP
B. Okta
C. PingID
D. Kerberos
E. RADIUS
F. SAML
G. LDAP
H. RSA SecureID Access
A

D. Kerberos
E. RADIUS
F. SAML
G. LDAP

29
Q
  1. How are updates made to the cache of root certificates that is used for certificate verification purposes and maintained by Palo Alto Networks?
    A. The administrator reviews certificate status and replaces them manually.
    B. The firewall automatically updates the certificates as it updates the associated CRL list.
    C. The administrator installs PAN-OS software and dynamic content updates.
    D. The firewall automatically installs new certificates using OCSP.
A

C. The administrator installs PAN-OS software and dynamic content updates.

30
Q
  1. How does a firewall administrator that creates a certificate on the firewall mark it for use in an SSL Forward Proxy configuration?
    A. add a certificate tag in the Decryption policy rule
    B. configure a trust certificate in the Decryption Profile
    C. set the Forward Trust Certificate property of the certificate itself
    D. map the certificate to the URL in the SSL/TLS Service Profile
A

C. set the Forward Trust Certificate property of the certificate itself

31
Q
  1. Administrators within the enterprise want to replace the default certificate used by the firewall to secure the management web interface traffic with a certificate generated by their existing certificate authority. Which certificate property must be set for their new certificate to function?
    A. Certificate CN set to a domain name that resolves to any traffic port address of the
    firewall.
    B. Certificate must be signed by the firewall root certificate.
    C. Certificate must have the Forward Trust Certificate property set.
    D. CN must be set to the management port of the firewall.
A

D. CN must be set to the management port of the firewall.

32
Q
  1. Which two configuration conditions must be met for a firewall to NAT between IPv4 and IPv6? (Choose two.)
    A. select NAT64 in the Session tab under Device > Setup > Session
    B. choose the NAT Type of nat64 in the General tab of a NAT policy rule
    C. add an IPv6 addresses to the Translated Packet tab
    D. add an IPv6 prefix in the nat64 configuration in the NAT policy rule
A

B. choose the NAT Type of nat64 in the General tab of a NAT policy rule
C. add an IPv6 addresses to the Translated Packet tab

33
Q
  1. Which two configuration conditions must be met for a Palo Alto Networks firewall to send and
    receive IPv6 traffic? (Choose two.)
    A. Enable IPv6 check box in the Virtual Router configuration is checked.
    B. An Ethernet interface is configured for virtual wire.
    C. An Ethernet interface is configured for Layer 3.
    D. Enable IPv6 Firewalling check box under Session Settings is turned on.
A

C. An Ethernet interface is configured for Layer 3.

D. Enable IPv6 Firewalling check box under Session Settings is turned on.

34
Q
  1. Under which condition can Layer 3 interfaces in the same firewall have the same IP
    address?
    A. They must be connected to different virtual routers.
    B. They must be connected to the same Ethernet network through a switch.
    C. They must be subinterfaces of the same physical interface.
    D. They must be in different zones.
A

A. They must be connected to different virtual routers.

35
Q
  1. How do two legacy virtual routers on a firewall forward traffic to each other?
    A. Virtual router traffic is sent to an external router that routes it back to the second virtual
    router.
    B. Both virtual routers pass traffic via a dedicated VLAN routing interface.
    C. Both virtual routers pass traffic via a configurable shared routing interface.
    D. Virtual routers forward traffic directly to each other within the firewall using routing
    table lookups.
A

D. Virtual routers forward traffic directly to each other within the firewall using routing table lookups.

36
Q 
102. A firewall’s virtual router can connect to which three types of interfaces? (Choose three.)
A. virtual wire
B. management
C. Layer 3 traffic
D. HA1
E. HA2
F. loopback
G. tunnel
A

C. Layer 3 traffic
F. loopback
G. tunnel

37
Q 
103. A Palo Alto Networks firewall can forward DHCP packets to servers connected to which
two kinds of networks? (Choose two.)
A. virtual wire
B. Layer 2
C. Layer 3
D. aggregate
A

C. Layer 3

D. aggregate

38
Q
  1. How does a Palo Alto Networks firewall configured to forward DHCP packets to multiple server destinations choose which reply to forward to the sender?
    A. The first server listed in the “Server Priority” DHCP configuration is forwarded until it fails to respond, then the next one is chosen.
    B. A request is sent to all servers on the list, and the first responder is forwarded.
    C. All DHCP server responses are forwarded, and the receiving client chooses which to
    accept.
    D. The server that is the fewest network hops from the requesting client is chosen. When more than one server has the same hop count, all packets from the servers are
    forwarded to the client.
A

B. A request is sent to all servers on the list, and the first responder is forwarded.

39
Q
  1. In a site-to-site VPN configuration, what is an alternate method to the use of pre-shared
    keys to authenticate each device during connection setup?
    A. certificates
    B. expected IP address of the partner’s interface
    C. known hexadecimal string configured in both endpoints
    D. matching Proxy ID definitions configured in both endpoints
A

A. certificates

40
Q 
106. Which type of firewall interface can be associated with a tunnel interface?
A. tap
B. virtual wire
C. Layer 2
D. Layer 3
A

D. Layer 3

41
Q
  1. A firewall administrator is deploying 50 Palo Alto Networks firewalls to protect remote
    sites. Each firewall must have a site-to-site IPsec VPN tunnel to each of three campus
    locations. Which configuration function is the basis for automatic site-to-site IPsec tunnels set
    up from each remote location to the three campuses?
    A. import of a settings table into the remote firewall’s IPsec tunnel config
    B. import of a settings table into the IPsec tunnel config of the three campuses
    C. configuration of the GlobalProtect satellite settings of the campus and remote firewalls
    D. entry of campus IPsec tunnel settings for each remote firewall’s IPsec Profile
A

C. configuration of the GlobalProtect satellite settings of the campus and remote firewalls\

42
Q
  1. Which GlobalProtect configuration component contains the setting that specifies when
    the agent software starts on the client system?
    A. Agent settings in the GlobalProtect Portal settings
    B. General settings in the GlobalProtect Portal settings
    C. Agent settings of the GlobalProtect Gateway
    D. General settings of the GlobalProtect Gateway
A

A. Agent settings in the GlobalProtect Portal settings

43
Q
  1. Which configuration or service is required for an iOS device using the GlobalProtect license to connect to a GlobalProtect Gateway?
    A. X-Auth configuration in the gateway settings
    B. GlobalProtect Gateway license
    C. firewall Authentication policy with an iOS setting
    D. GlobalProtect client downloaded from the GlobalProtect Portal
A

B. GlobalProtect Gateway license

44
Q
  1. A GlobalProtect Gateway is solely responsible for which function?
    A. terminating SSL tunnels
    B. authenticating GlobalProtect users
    C. creating on-demand certificates to encrypt SSL
    D. managing and updating GlobalProtect client configurations
    E. managing GlobalProtect Gateway configurations
A

A. terminating SSL tunnels

45
Q 
111. Which two source address translation types can use a single IP address to NAT multiple IP addresses? (Choose two.)
A. Static IP
B. Dynamic IP
C. Dynamic IP and Port
D. Translated Address
E. Address Override
A

B. Dynamic IP

C. Dynamic IP and Port

46
Q 
112. Which NAT type can be used to translate between IPv4 and IPv6?
A. ipv4
B. nat64
C. nptv6
D. ipv6
A

B. nat64

47
Q
  1. How does a firewall process a packet that has more than one NAT policy rule that matches
    a packet?
    A. Each matching rule in the list is applied from the top down, with cumulative changes
    being processed at the end of the list.
    B. The first rule matching the packet is applied and processed, skipping the others.
    C. The firewall issues an error when committing NAT policy rules that can affect the same
    packet.
    D. The last matching rule in the list is applied and processed.
    2.19
A

B. The first rule matching the packet is applied and processed, skipping the others.

48
Q
  1. A server on the DMZ with a private NIC address has network access provided by a NAT
    policy rule whose Bi-directional check box is selected in the Translated Packet settings for
    static IP source address translation. Which Security policy rule must be created to allow
    bidirectional traffic to and from the DMZ server?
    A. a rule for each direction of travel using the pre-NAT server IP address
    B. a rule with the post-NAT source IP address
    C. a rule for each direction of travel using the post-NAT server IP address
    D. a rule with the pre-NAT source IP address
A

A. a rule for each direction of travel using the pre-NAT server IP address

49
Q
  1. An internal web browser sends a packet to a server. The browser’s connection has the
    source IP address 192.168.5.3, port 31415. The destination is 209.222.23.245, port 80. The
    firewall translates the source to 75.22.21.54, port 27182. Which three of these source IP
    addresses would cause a NAT policy rule to apply to this traffic? (Choose three.)
    A. 192.168.5.0/24
    B. 75.22.21.0/24
    C. 192.168.4.0/23
    D. 192.168.0.0/16
    E. 75.22.0.0/17
    F. 75.22.128.0/17
A

A. 192.168.5.0/24

C. 192.168.4.0/23
D. 192.168.0.0/16

50
Q
  1. A NAT policy rule is created to change the destination address of any packets with a
    source of any address and a destination address of 10.10.10.10 (in the DMZ zone) to
    192.168.3.45 (in the Trust zone). Which Security policy rule components are required for a packet that has this rule applied to match and allow this traffic?
    A. source address any, source zone any, destination address 192.168.3.45, destination zone
    Trust, action = allow
    B. source address any, source zone any, destination address 10.10.10.10, destination zone
    Trust, action = allow
    C. source address any, source zone any, destination address 192.168.3.45, destination zone DMZ, action = allow
    D. source address any, source zone any, destination address 10.10.10.10, destination zone DMZ, action = allow
A

B. source address any, source zone any, destination address 10.10.10.10, destination zone
Trust, action = allow

51
Q 
117. Which protocol is supported for traffic decryption matching a Decryption policy rule?
A. IPsec
B. SP3
C. SSH
D. NLSP
A

C. SSH

52
Q 
118. Where do you specify that a certificate is to be used for SSL Forward Proxy?
A. Certificate properties
B. Decryption Profile
C. Decryption policy
D. Security policy
A

A. Certificate properties

53
Q
  1. Which feature must be configured to exclude sensitive traffic from decryption?
    A. Security policy rule that includes the specific URL with an “allow” action
    B. Decryption policy rule with the specific URL and “no decrypt” action
    C. Application Override policy that matches the application URL and port number
    D. Decryption Profile that includes the site’s URL
A

B. Decryption policy rule with the specific URL and “no decrypt” action

54
Q 
120. Which option is not a parameter used to identify applications in an Application Override
policy?
A. protocol
B. port number
C. first characters in the payload
D. destination IP address
A

C. first characters in the payload

55
Q
  1. How does the firewall resolve conflicting App-ID assignments to the same traffic between
    an Application Override policy rule and the firewall’s built-in App-ID?
    A. The firewall’s regular App-ID is assigned.
    B. The Application Override’s App-ID is assigned.
    C. The App-ID is set to duplicate definitions.
    D. The App-ID is set to not available.
A

B. The Application Override’s App-ID is assigned.

56
Q 
122. Which firewall process is bypassed when an Application Override policy matches traffic
and assigns an App-ID?
A. QoS
B. IPsec
C. Content-ID
D. User-ID
A

C. Content-ID

57
Q 
123. Which virtual interface is the management on a VM-Series firewall running on ESXi?
A. vNIC #1
B. vNIC #2
C. vNIC #9
D. vNIC #10
A

A. vNIC #1

58
Q
  1. Which three items of information are required at a minimum to install and configure VMSeries
    firewalls? (Choose three.)
    A. VLANs to be connected through the firewall
    B. management port IP address
    C. IP addresses for the data interfaces
    D. management port default gateway
    E. management port netmask
    F. IP address for the external (internet-facing) interface
A

B. management port IP address

D. management port default gateway
E. management port netmask

59
Q 
125. Compared to a physical firewall, VM-Series firewalls require you to apply which additional
license?
A. Base Capacity
B. Cloud Services
C. Site License
D. VM Update
A

A. Base Capacity

60
Q
  1. A VM-Series firewall being deployed in Azure can be automatically configured by
    bootstrapping. Azure requires which features for Bootstrapping to work?
    A. Storage Account configured for Azure Files Service
    B. PowerShell script that feeds a configuration file to the firewall
    C. XML configuration file included in the base firewall provisioning
    D. Azure Backup services configured with a config file and included in the firewall
    provisioning
A

A. Storage Account configured for Azure Files Service

61
Q
  1. Dynamic tags can be assigned to which kind of data in a log event?
    A. source and destination address, source and destination zone name
    B. source and destination address
    C. interface, zone name
    D. DNS name, zone name
A

B. source and destination address

62
Q
  1. How can the firewall use dynamically tagged objects to block traffic?
    A. Add the object to an enforcement list of a Data Filtering object that then is attached to a
    Security policy rule.
    B. Assign the object to a dynamic list, which then is included in the destination address
    matching condition of a Security policy rule.
    C. Assign the object to a Dynamic Address Group object, which then is added to the
    destination address matching condition of a Security policy rule.
    D. Add the object to an Application Group and use it in Security policy rules.
A

C. Assign the object to a Dynamic Address Group object, which then is added to the destination address matching condition of a Security policy rule.

63
Q 
129. A tag can be dynamically assigned to data in which four types of logs? (Choose four.)
A. Traffic
B. Threat
C. URL Filtering
D. HIP Match
E. Tunnel Inspection
F. Configuration
G. System
A
  1. A tag can be dynamically assigned to data in which four types of logs? (Choose four.)
    A. Traffic
    B. Threat
    C. URL Filtering

E. Tunnel Inspection

64
Q 
130. Dynamic tagging activity is recoded in which log?
A. System
B. Configuration
C. IP-Tag
D. Data Filtering
A

C. IP-Tag

PCNSE_10 (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions