Exam II

Question 1

A Security policy rule displayed in italic font indicates which condition about the rule?

Answer 1

disabled

Question 2

A Server Profile enables a firewall to locate a server that provides which type of service?

Answer 2

remote user accounts

Question 3

In an Antivirus Security Profile, WildFire actions enable you to configure the firewall to perform which operation?

Answer 3

block traffic when a WildFire virus signature is detected

Question 4

An Interface Management Profile can be attached to which two interface types?

Answer 4

Layer 3

Loopback

Question 5

App-ID running on a firewall identifies applications using which three methods? (Choose three.)

Answer 5

1. ) program heuristics
2. ) application signatures
3. ) known protocol decoders

Question 6

Application block pages can be enabled for which types of applications?

Answer 6

web-based

Question 7

Because a firewall examines every packet in a session, a firewall can detect application ________?

Answer 7

shifts

Question 8

The presence of URLs matched to the not-resolved URL category in the URL Filtering log file might indicate that you should take which action?

Answer 8

Validate connectivity to the PAN-DB cloud.

Question 9

For which firewall feature should you create forward trust certificates and forward untrust certificates?

Answer 9

SSL Forward Proxy decryption

Question 10

A Security policy rule in a destination NAT configuration should be written to match which type of address and zone?

Answer 10

original pre-NAT source and destination addresses, but the post-NAT destination zone

Question 11

Which two actions does a firewall take when a Security Profile’s action is configured as Reset Server?

Answer 11

1. ) The traffic responder is reset.

2. ) For UDP sessions, the connection is dropped.

Question 12

In an HA configuration, which three functions are associated with the HA1 Control Link?

Answer 12

1. ) exchanging hellos
2. ) exchanging heartbeats
3. ) synchronizing configuration

Question 13

In an HA configuration, which two failure detection methods rely on ICMP ping?

Answer 13

heartbeats

path groups

Question 14

SSL Inbound Inspection requires that the firewall be configured with which two components?

Answer 14

server’s private key

servers digital certificate

Question 15

The firewall acts as a proxy for which two types of traffic?

Answer 15

SSH

SSH outbound

Question 16

The Threat log records events from which three Security profiles?

Answer 16

Anti-virus
Anti-spyware
Vulnerability Protection

Question 17

If there is an HA configuration mismatch between firewalls during peer negotiation, which state does the passive firewall enter?

Answer 17

NON-FUNCTIONAL

Question 18

Which two separate firewall planes comprise the PAN-OS architecture?

Answer 18

1. ) control or management plane

2. ) data plane

Question 19

What are two benefits of attaching a Decryption Profile to a Decryption policy no decrypt rule?

Answer 19

1. ) expired certificate checking

2. ) un-trusted certificate checking

Question 20

What is the result of performing a firewall Commit operation?

Answer 20

The candidate configuration becomes the running configuration.

Question 21

Which action in a File Blocking Security Profile results in the user being prompted to verify a file transfer?

Answer 21

Continue

Question 22

Which interface type does not require any configuration changes to adjacent network devices?

Answer 22

Virtual Wire

Question 23

Which interface type is not assigned to a security zone?

Answer 23

High-Availability (HA)

Question 24

Which statement describes a function provided by an Interface Management Profile?

Answer 24

It determines what firewall services are accessible FROM external devices.

Question 25

Which three objects can be sent to WildFire for analysis?

Answer 25

email attachment
URL links found in email
files traversing the firewall

Question 26

Which user mapping method is recommended for a highly mobile user base?

Answer 26

GlobalProtect (GP)

Question 27

Which file must be downloaded from the firewall to create a Heatmap and Best Practices Assessment report?

Answer 27

Tech Support File

Question 28

GlobalProtect clientless VPN provides secure remote access to web applications that use which three technologies?

Answer 28

Ruby
HTML
JavaScript (JS)

Question 29

Which three subscription services are included as part of GlobalProtect cloud service?

Answer 29

WildFire
URL Filtering
Threat Prevention

Question 30

What is the maximum number of WildFire appliances that can be grouped into a WildFire appliance cluster?

Answer 30

20

Question 31

Which statement is true about firewall HTTP header insertion?

Answer 31

applied only to egress packets

Question 32

Which two statements are true about sessions on the firewall?

Answer 32

1. ) Return traffic is allowed.

2. ) FW matches network packets to an existing session ID.

Question 33

Which three MGT port configuration settings must be configured before you can remotely access the web interface?

Answer 33

netmask
IP address
default gateway

Question 34

Which statement is true about a URL Filtering Profile’s continue password?

Answer 34

There is a single, per-firewall password.