Exam Domain 3 – Operate Flashcards
1
Q
131. A firewall can forward log events to which two types of log formats? (Choose two.) A. XES B. SNMP C. Http D. databases using xml format E. NCSA
A
B. SNMP
C. Http
2
Q
- How does a firewall forward log events to an external destination?
A. They are sent in batches at the frequency specified in the destination’s Server Profile.
B. They are queued and sent in batches at differing intervals depending on the event
severity.
C. They are sent as quickly as the required QoS policy rule governing log event traffic allows.
D. They are sent in real time as the firewall generates them.
A
D. They are sent in real time as the firewall generates them.
3
Q
- Which two firewall logs can be exported using the Scheduled Log Export function? (Choose
two.)
A. Configuration
B. System
C. Traffic
D. URL
A
C. Traffic
D. URL
4
Q
- Which filter finds all log entries for traffic that originates from the internal device whose IP
address is 172.17.1.3 and according to the header appears to be HTTP or HTTPS?
A. ( addr.src in 172.17.1.3 ) and ( ( port.dst eq 80 ) or ( port.dst eq 443 ) )
B. ( ( addr.src in 172.17.1.3 ) and ( port.dst eq 80 ) ) or ( port.dst eq 443 )
C. ( src.addr in 172.17.1.3 ) and ( ( dst.port eq 80 ) or ( dst.port eq 443 ) )
D. ( ( src.addr in 172.17.1.3 ) and ( dst.port eq 80 ) ) or ( dst. port eq 443 )
A
A. ( addr.src in 172.17.1.3 ) and ( ( port.dst eq 80 ) or ( port.dst eq 443 ) )
5
Q
- Which two log files would you use if you suspect that a rogue administrator is modifying
the firewall’s rulebase to allow and hide illicit traffic? (Choose two.)
A. Traffic
B. Threat
C. Data Filtering
D. Configuration
E. System
A
D. Configuration
E. System
6
Q
136. Which product is required to use event correlation? A. next-generation firewall, PA-220 B. Advanced Endpoint Protection C. Panorama D. GlobalProtect
A
C. Panorama
7
Q
- How would you configure the firewall to control access to a custom DNS application that operates differently from the standard DNS application?
A. You cannot do it with the next-generation firewall. You need to manually configure a
proxy.
B. Create specific rules for the sources and destinations that run this application.
C. Create a custom DNS application and add it to separate Security policy rules.
D. Create an Application Override policy and specify the sources and destinations that run
this application.
A
C. Create a custom DNS application and add it to separate Security policy rules.
8
Q
- What are two results of using Application Override policies? (Choose two.)
A. prevent matching traffic from entering VPN tunnels
B. apply a specified App-ID label to matching traffic
C. prevent matching traffic from being logged
D. cause matching traffic to bypass Content-ID processing
A
B. apply a specified App-ID label to matching traffic
D. cause matching traffic to bypass Content-ID processing
9
Q
139. Which two types of entities can have custom signatures? (Choose two.) A. services B. URL categories C. user groups D. applications E. vulnerabilities
A
D. applications
E. vulnerabilities
10
Q
140. Match the upgrade step description with the correct step number. Upgrade PAN-OS software Step ? Reboot the firewall Step ? Update dynamic content Step ? Activate subscription licenses Step ?
A
140. Match the upgrade step description with the correct step number. Upgrade PAN-OS software Step 3 Reboot the firewall Step 4 Update dynamic content Step 2 Activate subscription licenses Step 1
11
Q
141. Match each component with the order in which the component should be upgraded to a new version of PAN-OS software. HA active firewall Step ? Panorama Step ? Log Collector Step ? HA passive firewall Step ?
A
141. Match each component with the order in which the component should be upgraded to a new version of PAN-OS software. HA active firewall Step 4 Panorama Step 1 Log Collector Step 2 HA passive firewall Step 3
12
Q
- How do you upgrade an active/passive HA firewall pair to PAN-OS 10.0 while maintaining
internet access?
A. Upgrade the active firewall first, then the passive one.
B. Upgrade the passive firewall first, then the active one.
C. Run the upgrade on the active firewall. It will manage the process and upgrade the
passive firewall.
D. You must upgrade both members of the pair at the same time, which requires an
upgrade window that allows downtime.
A
B. Upgrade the passive firewall first, then the active one.
13
Q
143. What is the format of the firewall configuration files? A. YAML B. JSON C. XML D. CSV
A
C. XML
14
Q
- Which method can be used to restore the previous configuration when a new
configuration committed on a firewall has undesired consequences?
A. Use the Load configuration version to restore the previous configuration settings, and
follow with commit.
B. Use the Rollback commit link in the commit completion message.
C. Use the Import device state to restore the pre-commit configuration.
D. Use the Load named configuration snapshot to restore the previous configuration, and
follow with a commit.
A
A. Use the Load configuration version to restore the previous configuration settings, and
follow with commit.
15
Q
145. Which CLI command do you use to move a configuration file from an external server to a firewall’s local storage? A. rdist B. ssh C. scp D. rcp
A
C. scp
16
Q
146. Which feature is an intended advantage of an active/active firewall pair versus an active/passive pair? A. increased throughput B. support of asynchronous routing C. increased session count D. shared dynamic updates
A
B. support of asynchronous routing
17
Q
- Which configuration object does a firewall use to forward HA-related events to an external monitoring technology?
A. Device > Log Settings > System Log settings
B. Objects > Log Forwarding Profile > System Log Type
C. Device > High Availability > General > Event Forwarding
D. Dashboard > High Availability widget > Notification
A
A. Device > Log Settings > System Log settings
18
Q
- Which two Panorama objects can display current HA state information about a managed firewall? (Choose two.)
A. firewall listings in Monitor > HA Status
B. firewall specific information in Managed Devices > Health
C. firewall listings in Managed Devices > Summary
D. firewall HA Status widget in Dashboard > Widgets
E. firewall HA status in Panorama > High Availability
A
B. firewall specific information in Managed Devices > Health
C. firewall listings in Managed Devices > Summary
19
Q
- Which method is used to connect a firewall to AutoFocus to query data?
A. Click the AutoFocus link in the firewall management user interface under Device >
Licenses > AutoFocus
B. Click the link found in the log events under the firewall’s Monitor > Logs > AutoFocus
C. Configure the connection using the Dashboard’s AutoFocus widget
D. Click the link found in the log event under the firewall’s Monitor > threat-related log
> threat detail
A
D. Click the link found in the log event under the firewall’s Monitor > threat-related log
> threat detail
20
Q
- What is a principle benefit of the AutoFocus product?
A. provide additional threat detection data to the firewall
B. manage access to SaaS applications through the firewall
C. provide additional context to previously discovered threats
D. examine Cortex Data Lake log data for undetected threats
A
C. provide additional context to previously discovered threats
21
Q
- After an Applications and Threats dynamic update is downloaded to the firewall, where
can information about changes to the App-IDs be found?
A. Summary link in the log event detail reporting the dynamic update file download
B. Review Policies link at the bottom of the Security policy rules display
C. Review Apps link appearing next to the downloaded Applications and Threats file
D. Details link in the dynamic file availability announcement appearing in the News Feed
widget on the dashboard
A
C. Review Apps link appearing next to the downloaded Applications and Threats file
22
Q
- The GlobalProtect Data File dynamic update contains which kinds of data?
A. GlobalProtect client package software updates for Windows and Macintosh
B. list of available connection points for Prisma Access
C. HIP check detection data for the GlobalProtect clients
D. updates to cypher suites used by the GlobalProtect client
A
C. HIP check detection data for the GlobalProtect clients
23
Q
- When application details are viewed in the App-ID database, which field indicates that a
recent change to the application might affect your Security policy rules?
A. Name
B. Depends on
C. Previously Identified As
D. App-ID Enabled
A
C. Previously Identified As
24
Q
- How are HA firewall pairs kept in sync when Panorama pushes dynamic updates?
A. Panorama delivers the dynamic update to the active firewall(s) of the HA pair and
updates the passive partner when a failover occurs in active/passive pairs.
B. Panorama delivers the update to one firewall, which syncs with its HA partner.
C. Panorama delivers the dynamic update to both firewalls simultaneously.
D. Panorama delivers the dynamic update to the active firewall, which triggers the passive
partner to request the file from Panorama.
A
C. Panorama delivers the dynamic update to both firewalls simultaneously.
25
```
155. Which type of device can receive the Antivirus content update?
A. Log Collector
B. firewall
C. AutoFocus
D. MineMeld
```
B. firewall
26
156. Which requirement must a Panorama meet to update a managed firewall’s antivirus
signatures?
A. The PAN-OS versions on the firewall and Panorama must be the same.
B. Panorama and the firewall must be able to connect to the Palo Alto Networks update
server.
C. The update must be installed on Panorama before it is installed on any firewalls.
D. Panorama must download an antivirus file version compatible with the target firewall’s
PAN-OS version.
D. Panorama must download an antivirus file version compatible with the target firewall’s
PAN-OS version.
