Q_26-50

Question 1

//-img—/Question #26 Topic 1
If the firewall has the following link monitoring configuration, what will cause a failover?
A. ethernet1/3 and ethernet1/6 going down
B. ethernet1/3 going down
C. ethernet1/3 or ethernet1/6 going down
D. ethernet1/6 going down
Correct

Answer 1

A. ethernet1/3 and ethernet1/6 going down

Question 2

/—-img—-/Question #27 Topic 1
In the image, what caused the commit warning?
A. The CA certificate for FWDtrust has not been imported into the firewall.
B. The FWDtrust certificate has not been flagged as Trusted Root CA.
C. SSL Forward Proxy requires a public certificate to be imported into the firewall.
D. The FWDtrust certificate does not have a certificate chain.
Correct

Answer 2

(cannot find copmplete chain for FWDTrusty image)

A. The CA certificate for FWDtrust has not been imported into the firewall.

Question 3

Question #28 Topic 1
Which method does an administrator use to integrate all non-native MFA platforms in PAN-OS®ֲ software?
A. Okta
B. DUO
C. RADIUS
D. PingID

Answer 3

C. RADIUS

Question 4

Question #29 Topic 1
How would an administrator monitor/capture traffic on the management interface of the Palo Alto Networks NGFW?
A. Use the debug dataplane packet-diag set capture stage firewall file command.
B. Enable all four stages of traffic capture (TX, RX, DROP, Firewall).
C. Use the debug dataplane packet-diag set capture stage management file command.
D. Use the tcpdump command.

Answer 4

D. Use the tcpdump command.

Question 5

Question #30 Topic 1
An administrator needs to optimize traffic to prefer business-critical applications over non-critical applications.
QoS natively integrates with which feature to provide service quality?
A. Port Inspection
B. Certificate revocation
C. Content-ID
D. App-ID

Answer 5

D. App-ID

Question 6

Question #31 Topic 1
A session in the Traffic log is reporting the application as incomplete.
What does incomplete mean?
A. The three-way TCP handshake was observed, but the application could not be identified.
B. The three-way TCP handshake did not complete.
C. The traffic is coming across UDP, and the application could not be identified.
D. Data was received but was instantly discarded because of a Deny policy was applied before App-ID could be applied.

Answer 6

B. The three-way TCP handshake did not complete.

Question 7

/—-img—-/Question #32 Topic 1
Refer to the exhibit.
An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the specific server based on the
application, where Host
A (10.1.1.100) receives HTTP traffic and Host B (10.1.1.101) receives SSH traffic.
Which two Security policy rules will accomplish this configuration? (Choose two.)
A. Untrust (Any) to Untrust (10.1.1.1), web-browsing ג€” Allow
B. Untrust (Any) to Untrust (10.1.1.1), ssh Allow
C. Untrust (Any) to DMZ (1.1.1.100), web-browsing ג€” Allow
D. Untrust (Any) to DMZ (1.1.1.100), ssh ג€” Allow
E. Untrust (Any) to DMZ (10.1.1.100, 10.1.1.101), ssh, web-browsing ג€” Allow

Answer 7

READ context and NAT rule at top…Public (prte-nat IPS are 1.1.1.100

C. Untrust (Any) to DMZ (1.1.1.100), web-browsing Allow
D. Untrust (Any) to DMZ (1.1.1.100), ssh Allow

Question 8

/—img—/An administrator needs to determine why users on the trust zone cannot reach certain websites. The only information available is shown on the
following image.
Which configuration change should the administrator make?
A.

Answer 8

answer is BO form v9 exam - possilbe

changing site access to category gambling to allow…

Question 9

Question #34 Topic 1
Which three settings are defined within the Templates object of Panorama? (Choose three.)
A. Setup
B. Virtual Routers
C. Interfaces
D. Security
E. Application Override

Answer 9

A. Setup
B. Virtual Routers
C. Interfaces

Question 10

Question #35 Topic 1
A customer has an application that is being identified as unknown-tcp for one of their custom PostgreSQL database connections.
Which two configuration options can be used to correctly categorize their custom database application? (Choose two.)
A. Application Override policy.
B. Security policy to identify the custom application.
C. Custom application.
D. Custom Service object.

Answer 10

Choose two.)
A. Application Override policy.

C. Custom application.

Question 11

Question #36 Topic 1
An administrator logs in to the Palo Alto Networks NGFW and reports that the WebUI is missing the Policies tab.
Which profile is the cause of the missing Policies tab?
A. Admin Role
B. WebUI
C. Authentication
D. Authorization

Answer 11

A. Admin Role

Question 12

Question #37 Topic 1
An administrator has left a firewall to use the default port for all management services.
Which three functions are performed by the dataplane? (Choose three.)
A. WildFire updates
B. NAT
C. NTP
D. antivirus
E. file blocking

Answer 12

B. NAT

D. antivirus
E. file blocking

misdirection - dataplane vs mgt plane

Question 13

Question #38 Topic 1
An administrator is using Panorama and multiple Palo Alto Networks NGFWs. After upgrading all devices to the latest PAN-OS®ֲ software, the
administrator enables log forwarding from the firewalls to Panorama. Pre-existing logs from the firewalls are not appearing in Panorama.
Which action would enable the firewalls to send their pre-existing logs to Panorama?
A. Use the import option to pull logs into Panorama.
B. A CLI command will forward the pre-existing logs to Panorama.
C. Use the ACC to consolidate pre-existing logs.
D. The log database will need to exported form the firewalls and manually imported into Panorama.

Answer 13

B. A CLI command will forward the pre-existing logs to Panorama.

CLI commands:
request logdb migrate-to-panorama start end-timestart-timetype

Question 14

Question #39 Topic 1
A firewall just submitted a file to WildFire for analysis. Assume a 5-minute window for analysis. The firewall is configured to check for verdicts
every 5 minutes.
How quickly will the firewall receive back a verdict?
A. More than 15 minutes
B. 5 minutes
C. 10 to 15 minutes
D. 5 to 10 minutes

Answer 14

D. 5 to 10 minutes

Question 15

/—-?—-/Question #40 Topic 1
What are the differences between using a service versus using an application for Security Policy match?
A. Use of aservice enables the firewall to take immediate action with the first observed packet based on port numbers. Use of an
application allows the firewall to take immediate action if the port being used is a member of the application standard port list.
B. There are no differences between service or application. Use of an pplication simplifies configuration by allowing use of a
friendly application name instead of port numbers.
C. Use of a service enables the firewall to take immediate action with the first observed packet based on port numbers. Use of an
application allows the firewall to take action after enough packets allow for App-ID identification regardless of the ports being used
D. Use of a service enables the firewall to take action after enough packets allow for App-ID identification

Answer 15

C. Use of a service enables the firewall to take immediate action with the first observed packet based on port numbers. Use of an
application allows the firewall to take action after enough packets allow for App-ID identification regardless of the ports being used

Question 16

Question #41 Topic 1
Which Palo Alto Networks VM-Series firewall is valid?
A. VM-25
B. VM-800
C. VM-50
D. VM-400

Answer 16

C. VM-50

Question 17

Question #42 Topic 1
An administrator wants multiple web servers in the DMZ to receive connections initiated from the internet. Traffic destined for 206.15.22.9 port
80/TCP needs to be forwarded to the server at 10.1.1.22
Based on the information shown in the image, which NAT rule will forward web-browsing traffic correctly?
GRAPHIC

Answer 17

graphic

c Internet to Internet sport 80/tcp

Question 18

Question #43 Topic 1
An administrator creates a custom application containing Layer 7 signatures. The latest application and threat dynamic update is downloaded to
the same NGFW.
The update contains an application that matches the same traffic signatures as the custom application.
Which application should be used to identify traffic traversing the NGFW?
A. Custom application
B. System logs show an application error and neither signature is used.
C. Downloaded application
D. Custom and downloaded application signature files are merged and both are used

Answer 18

A. Custom application

Question 19

Question #44 Topic 1
Starting with PAN-OS version 9.1, GlobalProtect logging information is now recorded in which firewall log?
A. GlobalProtect
B. System
C. Authentication
D. Configuration

Answer 19

A. GlobalProtect

Question 20

/—img—/Question #45 Topic 1
Refer to the exhibit. routing fib…
Which will be the egress interface if the traffic’s ingress interface is ethernet1/7 sourcing from 192.168.111.3 and to the destination
10.46.41.113?
A. ethernet1/6
B. ethernet1/3
C. ethernet1/7
D. ethernet1/5

Answer 20

D. ethernet1/5

Question 21

Question #46 Topic 1
Which three authentication services can an administrator use to authenticate admins into the Palo Alto Networks NGFW without defining a
corresponding admin account on the local firewall? (Choose three.)
A. Kerberos
B. PAP
C. SAML
D. TACACS+
E. RADIUS
F. LDAP

Answer 21

C. SAML
D. TACACS+
E. RADIUS

Question 22

Question #47 Topic 1
Which event will happen if an administrator uses an Application Override Policy?
A. Threat-ID processing time is decreased.
B. The Palo Alto Networks NGFW stops App-ID processing at Layer 4.
C. The application name assigned to the traffic by the security rule is written to the Traffic log.
D. App-ID processing time is increased.

Answer 22

B. The Palo Alto Networks NGFW stops App-ID processing at Layer 4.

Question 23

Question #48 Topic 1
Which Security policy rule will allow an admin to block facebook chat but allow Facebook in general?
A. Deny application facebook-chat before allowing application facebook
B. Deny application facebook on top
C. Allow application facebook on top
D. Allow application facebook before denying application facebook-chat

Answer 23

A. Deny application facebook-chat before allowing application facebook

Question 24

Question #49 Topic 1
A client is concerned about resource exhaustion because of denial-of-service attacks against their DNS servers.
Which option will protect the individual servers?
A. Enable packet buffer protection on the Zone Protection Profile.
B. Apply an Anti-Spyware Profile with DNS sinkholing.
C. Use the DNS App-ID with application-default.
D. Apply a classified DoS Protection Profile.

Answer 24

D. Apply a classified DoS Protection Profile.

Question 25

Question #50 Topic 1
If the firewall is configured for credential phishing prevention using the Domain Credential Filter method, which login will be detected as credential theft?
A. Mapping to the IP address of the logged-in user.
B. First four letters of the username matching any valid corporate username.
C. Using the same user’s corporate username and password.
D. Matching any valid corporate username.

Answer 25

C. Using the same user’s corporate username and password.