PCNSA Exam 132 Questions with Verified Answers
Which two actions are available for antivirus security profiles? (Choose two.)
A. continue
B.
... [Show More] allow
C. block IP
D. alert - CORRECT ANSWER B. allow
D. alert
Which two HTTP Header Logging options are within a URL filtering profile? (Choose two.)
A. User‐Agent
B. Safe Search
C. URL redirection
D. X‐Forward‐For - CORRECT ANSWER A. User‐Agent
D. X‐Forward‐For
What are the two components of Denial‐of‐Service Protection? (Choose two.)
A. zone protection profile
B. DoS protection profile and policy rules
C. flood protection
D. reconnaissance protection - CORRECT ANSWER A. zone protection profile
B. DoS protection profile and policy rules
Which two types of attacks does the PAN‐DB prevent? (Choose two.)
A. phishing sites
B. HTTP based command‐and‐control
C. infected JavaScript
D. flood attacks - CORRECT ANSWER A. phishing sites
B. HTTP based command‐and‐control
Which two valid URLs can be used in a custom URL category? (Choose two.)
A. ww.youtube.**
B. www.**.com
C. www.youtube.com
D. *.youtube.com - CORRECT ANSWER C. www.youtube.com
D. *.youtube.com
What are three methods of mapping usernames to IP addresses? (Choose three.)
A. Server Monitoring
B. Traps
C. Minemeld
D. syslog
E. AutoFocus
F. port mapping - CORRECT ANSWER A. Server Monitoring
D. syslog
F. port mapping
Which type of server profile is used to create group mappings?
A. RADIUS
B. TACACS+
C. Kerberos
D. LDAP - CORRECT ANSWER D. LDAP
The Server Monitoring user mapping method can monitor which three types of
servers? (Choose three.)
A. RADIUS
B. Microsoft Domain Controllers
C. Exchange Servers
D. Novell eDirectory Servers - CORRECT ANSWER B. Microsoft Domain Controllers
C. Exchange Servers
D. Novell eDirectory Servers
The Port Mapping user mapping method can monitor which two types of
environments? (Choose two.)
A. Citrix
B. Microsoft terminal servers
C. Exchange Servers
D. Linux servers - CORRECT ANSWER A. Citrix
B. Microsoft terminal servers
The Windows User‐ID Agent can be installed on which two operating systems?
(Choose two.)
A. Linux
B. Server 2016
C. XP
D. Server 2008 - CORRECT ANSWER B. Server 2016
D. Server 2008
A Heatmap provides an adoption rate for which three features? (Choose three.)
A. WildFire
B. Traps
C. File Blocking
D. User‐ID
E. SSL certificates
F. authentication profiles - CORRECT ANSWER A. WildFire
C. File Blocking
D. User‐ID
What are three Best Practice Assessment tool primary categories? (Choose
three.)
A. User‐ID
B. Logging
C. Vulnerability Protection
D. Security
E. Decryption
F. DoS Protection - CORRECT ANSWER D. Security
E. Decryption
F. DoS Protection
Which two security features normally do not achieve an adoption rate of 100%?
(Choose two.)
A. URL Filtering
B. App‐ID
C. Logging
D. DNS Sinkhole - CORRECT ANSWER D. DNS Sinkhole
A. URL Filtering
Which type of file is used to generate the Heatmap report and the BPA report?
A. Technical Support
B. Configuration
C. Statistics
D. XML - CORRECT ANSWER A. Technical Support
What are two components of the BPA tool? (Choose two.)
A. Security Policy Adoption Heatmap
B. BPA
C. XML
D. Security Policy - CORRECT ANSWER A. Security Policy Adoption Heatmap
B. BPA
The Palo Alto Networks Security Operating Platform is designed for which three
purposes? (Choose three.)
A. consume innovations quickly
B. ensure compliance
C. focus on what matters
D. prevent successful cyberattacks - CORRECT ANSWER A. consume innovations quickly
C. focus on what matters
D. prevent successful cyberattacks
Which item is not one of the six primary components of the Palo Alto Networks
Security Operating Platform?
A. Applications (Palo Alto Networks apps, third‐party apps, customer apps)
B. Cloud‐Delivered Security Services
C. WildFire
D. Application Framework and Logging Service
E. Network Security
F. Advanced Endpoint Protection
G. Cloud Security - CORRECT ANSWER C. WildFire
Which cloud‐delivered security service provides instant access to community‐based threat data?
A. Aperture
B. AutoFocus
C. Threat 42
D. Magnifier - CORRECT ANSWER B. AutoFocus - It provides
instant access to community‐based threat data, enhanced with deep context and
attribution from the Unit 42 threat research team
A. Aperture
C. Threat 42 - Unit 42 threat research team
D. Magnifier - Magnifier behavioral analytics applies
machine learning at a cloud scale to network, endpoint, and cloud data so
that you can quickly find and stop targeted attacks, insider abuse, and
compromised endpoints
Which cloud‐delivered security services provides security for branches and mobile users?
A. MineMeld
B. Magnifier
C. Traps
D. Global Protect - CORRECT ANSWER D. Global Protect
Which Palo Alto Networks Security Operating Platform component provides access to
apps from Palo Alto Networks, third parties, and customers?
A. Applications (Palo Alto Networks apps, third‐party apps, customer apps)
B. Cloud‐Delivered Security Services
C. WildFire
D. Application Framework
E. Network Security
F. Advanced Endpoint Protection
G. Cloud Security - CORRECT ANSWER D. Application Framework
Which Palo Alto Networks firewall feature provides all of the following abilities?
Stops malware, exploits, and ransomware before they can compromise endpoints
Provides protection while endpoints are online and offline, on network and off
Coordinates enforcement with network and cloud security to prevent
successful attacks
Detects threats and automates containment to minimize impact
Includes WildFire cloud‐based threat analysis service with your Traps subscription
Integrates with the Palo Alto Networks Security Operating Platform
A. Traps
B. Aperture
C. URL Filtering
D. WildFire
E. GlobalProtect
F. AutoFocus - CORRECT ANSWER A. Traps
Which management features does the control plane provide? (Choose three.)
A. security processing
B. logging
C. reporting
D. firewall configuration
E. signature matching
F. network processing - CORRECT ANSWER B. logging
C. reporting
D. firewall configuration
Which three data processing features does the data plane provide? (Choose three.)
A. network processing
B. security processing
C. signature matching
D. firewall configuration
E. logging
F. reporting - CORRECT ANSWER A. network processing
B. security processing
C. signature matching
What are three components of the Network Processing module? (Choose three.)
A. QoS
B. NAT
C. App‐ID
D. flow control
E. url match
F. spyware - CORRECT ANSWER A. QoS
B. NAT
D. flow control
Which approach most accurately defines the Palo Alto Networks SP3 architecture?
A. prioritize first
B. sequential processing
C. scan it all, scan it once
D. zero trust segmentation platform - CORRECT ANSWER C. scan it all, scan it once
What is the result of using a stream‐based design of architecture?
A. superior performance
B. increased latency
C. superior latency
D. increased functionality - CORRECT ANSWER A. superior performance
Palo Alto Networks has reduced latency enormously, using the Single‐Pass Parallel Processing (SP3)
architecture, which combines two complementary components: - CORRECT ANSWER Single‐Pass Software
Parallel Processing Hardware
Which security model does Palo Alto Networks recommend that you deploy?
A. separation‐of‐trust
B. Zero Trust
C. trust‐then‐verify
D. never trust - CORRECT ANSWER B. Zero Trust
The Zero Trust model is implemented to specifically address which type of traffic?
A. east‐west
B. north‐south
C. left‐right
D. up‐down - CORRECT ANSWER A. east‐west
What are the three main concepts of Zero Trust? (Choose three.)
A. All resources are accessed in a secure manner, regardless of location.
B. Access control is on a "need‐to‐know" basis and is strictly enforced.
C. Credentials need to be verified.
D. All traffic is logged and inspected.
E. Internal users are trusted implicitly.
F. External users are trusted explicitly. - CORRECT ANSWER A. All resources are accessed in a secure manner, regardless of location.
B. Access control is on a "need‐to‐know" basis and is strictly enforced.
D. All traffic is logged and inspected.
Which two statements are true about the Zero Trust model? (Choose two.)
A. Traffic is inspected laterally.
B. Traffic is inspected east‐west.
C. Internal traffic is implicitly trusted.
D. External traffic is implicitly trusted. - CORRECT ANSWER A. Traffic is inspected laterally.
B. Traffic is inspected east‐west.
Which three Palo Alto Networks products secure your network? (Choose three.)
A. MineMerge
B. Aperture
C. URL filtering
D. AutoMagnifier
E. TrapContent
F. WildFire - CORRECT ANSWER B. Aperture
C. URL filtering
F. WildFire
True or false: Blocking just one stage in the Cyber‐Attack Lifecycle is all that is
needed to protect a company's network from attack.
A. True
B. False - CORRECT ANSWER B. False
What are two stages of the Cyber‐Attack Lifecycle? (Choose two.)
A. Weaponization and delivery
B. Manipulation
C. Extraction
D. Command and Control - CORRECT ANSWER A. Weaponization and delivery
D. Command and Control
Command and control be prevented through which two methods? (Choose two.)
A. exploitation
B. DNS Sinkholing
C. URL filtering
D. reconnaissance - CORRECT ANSWER B. DNS Sinkholing
C. URL filtering
Exploitation can be mitigated by which two actions? (Choose two.)
A. keeping systems patched
B. using local accounts
C. blocking known and unknown vulnerability exploits on the endpoint
D. providing admin credentials - CORRECT ANSWER A. keeping systems patched
C. blocking known and unknown vulnerability exploits on the endpoint
What are two firewall management methods? (Choose two.)
A. CLI
B. RDP
C. VPN
D. XML API - CORRECT ANSWER A. CLI
D. XML API
Which two devices are used to can connect a computer to the firewall for management purposes?
(Choose two.)
A. rollover cable
B. serial cable
C. RJ‐45 Ethernet cable
D. USB cable - CORRECT ANSWER B. serial cable
C. RJ‐45 Ethernet cable
What is the default IP address on the MGT interfaces of a Palo Alto Networks firewall?
A. 192.168.1.1
B. 192.168.1.254
C. 10.0.0.1
D. 10.0.0.254 - CORRECT ANSWER A. 192.168.1.1
What are the two default services that are available on the MGT interface? (Choose two.)
A. HTTPS
B. SSH
C. HTTP
D. Telnet - CORRECT ANSWER A. HTTPS
B. SSH
True or false. Service route traffic has Security policy rules applied against it.
A. True
B. False - CORRECT ANSWER A. True
By default, the firewall uses the management interface to communicate with various servers including
those for External Dynamic Lists, DNS, email, and Palo Alto Networks updates servers. Service routes are used so that the communication
between the firewall and servers goes through the data ports on the data plane. These data ports require
appropriate security policies before external servers can be accessed.
Service routes may be used to forward which two traffic types out a data port? Choose two.)
A. External Dynamic Lists
B. MineMeld
C. Skype
D. Palo Alto Networks updates - CORRECT ANSWER A. External Dynamic Lists
D. Palo Alto Networks updates
Which plane does the running‐config reside on?
A. Management
B. Control
C. Data
D. Security - CORRECT ANSWER C. Data
All configuration changes in a Palo Alto Networks firewall are done to a candidate configuration, which
resides in memory on the control plane. A commit activates the changes since the last commit and installs
the running configuration on the data plane, where it will become the running configuration.
Which plane does the candidate config reside on?
A. Management
B. Control
C. Data
D. Security - CORRECT ANSWER B. Control
All configuration changes in a Palo Alto Networks firewall are done to a candidate configuration, which
resides in memory on the control plane. A commit activates the changes since the last commit and installs
the running configuration on the data plane, where it will become the running configuration.
Candidate config and running config files are saved as which file type?
A. EXE
B. TXT
C. HTML
D. XML
E. RAR - CORRECT ANSWER D. XML
Which command must be performed on the firewall to activate any changes?
A. commit
B. save
C. load
D. save named
E. import
F. copy - CORRECT ANSWER A. commit
Which command backs up configuration files to a remote network device?
A. import
B. load
C. copy
D. export - CORRECT ANSWER D. export
The command load named configuration snapshot overwrites the current candidate
configuration with which three items? (Choose three.)
A. custom‐named candidate configuration snapshot (instead of the default snapshot)
B. custom‐named running configuration that you imported
C. snapshot.xml
D. current running configuration (running‐config.xml)
E. Palo Alto Networks updates - CORRECT ANSWER A. custom‐named candidate configuration snapshot (instead of the default snapshot)
B. custom‐named running configuration that you imported
D. current running configuration (running‐config.xml)
This option overwrites the current candidate configuration with one of the following:
Custom‐named candidate configuration snapshot (instead of the default snapshot)
Custom‐named running configuration that you imported
Current running configuration (running‐config.xml)
What is the shortest time interval that you can configure a Palo Alto Networks
firewall to download WildFire updates?
A. 1 minute
B. 5 minutes
C. 15 minutes
D. 60 minutes - CORRECT ANSWER A. 1 minute
What is the publishing interval for WildFire updates, with a valid WildFire
license?
A. 1 minute
B. 5 minutes
C. 15 minutes
D. 60 minutes - CORRECT ANSWER B. 5 minutes
True or false. A Palo Alto Networks firewall automatically provides a backup of
the config during a software upgrade.
A. True
B. False - CORRECT ANSWER A. True
Although the firewall automatically creates a configuration backup, a best
practice is to create and externally store a backup before you upgrade
If you have a Threat Prevention subscription and not a WildFire subscription,
how long must you wait for the WildFire signatures to be added into the
antivirus update?
A. 1 to 2 hours
B. 2 to 4 hours
C. 10 to 12 hours
D. 12 to 48 hours - CORRECT ANSWER D. 12 to 48 hours
Which three actions should you complete before you upgrade to a newer
version of software? (Choose three.)
A. Review the release notes to determine any impact of upgrading to a newer version of
software.
B. Ensure the firewall is connected to a reliable power source.
C. Export the device state.
D. Create and externally store a backup before you upgrade. - CORRECT ANSWER A. Review the release notes to determine any impact of upgrading to a newer version of
software.
B. Ensure the firewall is connected to a reliable power source.
D. Create and externally store a backup before you upgrade.
What are five ways to download software? (Choose five.)
A. over the MGT interface on the control plane
B. over a data interface on the data plane
C. upload from a computer
D. from the Palo Alto Networks Customer Support Portal
E. from the PAN‐DB database
F. from Panorama - CORRECT ANSWER A. over the MGT interface on the control plane
B. over a data interface on the data plane
C. upload from a computer
D. from the Palo Alto Networks Customer Support Portal
F. from Panorama
Which two statements are true about an admin role profile role? (Choose two.)
A. It is a built‐in role.
B. It can be used for CLI commands.
C. It can be used for XML API.
D. Superuser is an example. - CORRECT ANSWER B. It can be used for CLI commands.
C. It can be used for XML API.
These are custom roles you can configure for more granular
access control over the functional areas of the web interface, CLI, and XML API.
PAN‐OS® software supports which two authentication types? (Choose two.)
A. RADIUS
B. SMB
C. TACACS+
D. AWS - CORRECT ANSWER A. RADIUS
C. TACACS+
Which two dynamic role types are available on the PAN‐OS software? (Choose two.)
A. Superuser
B. Superuser (write only)
C. Device user
D. Device administrator (read‐only) - CORRECT ANSWER A. Superuser
D. Device administrator (read‐only)
o Superuser: Full access to the firewall, including defining new administrator
accounts and virtual systems
o Superuser (read‐only): Read‐only access to the firewall
o Virtual system administrator: Full access to a selected virtual system (vsys) on the firewall
o Virtual system administrator (read‐only): Read‐only access to a selected vsys on the firewall
o Device administrator: Full access to all firewall settings except for defining new
accounts or virtual systems
o Device administrator (read‐only): Read‐only access to all firewall settings except
password profiles (no access) and administrator accounts (only the logged‐in
account is visible)
Which type of profile does an Authentication Sequence include?
A. Security
B. Authorization
C. Admin
D. Authentication - CORRECT ANSWER D. Authentication
An authentication profile includes which other type of profile?
A. Server
B. Admin
C. Customized
D. Built‐in - CORRECT ANSWER A. Server
True or False: Dynamic roles are called "dynamic" because you can customize them.
A. True
B. False - CORRECT ANSWER B. False
These are dynamic because they are predefined roles that update with the firewall during updates
What is used to override global Minimum Password Complexity Requirements?
A. authentication profile
B. local profile
C. password role
D. password profile - CORRECT ANSWER D. password profile
Which two default zones are included with the PAN‐OS® software? (Choose two.)
A. Interzone
B. Extrazone
C. Intrazone
D. Extranet - CORRECT ANSWER A. Interzone
C. Intrazone
Which two zone types are valid? (Choose two.)
A. Trusted
B. Tap
C. Virtual Wire
D. Untrusted
E. DMZ - CORRECT ANSWER B. Tap
C. Virtual Wire
There are five primary zone types (Tap, Layer 2, Layer 3, Tunnel, and Virtual
Wire)
A sixth zone type named External is a special zone that is available only on some firewall models.
What is the zone of type External used to pass traffic between?
A. Layer 2 interfaces
B. Layer 3 interfaces
C. virtual routers
D. virtual systems - CORRECT ANSWER D. virtual systems
A sixth zone type named External is a special zone that is available only on some firewall models.
Which two statements are correct? (Choose two.)
A. Interfaces must be configured before you can create a zone.
B. Interfaces do not have to be configured before you can create a zone.
C. An interface can belong to only one zone.
D. An interface can belong to multiple zones. - CORRECT ANSWER B. Interfaces do not have to be configured before you can create a zone.
C. An interface can belong to only one zone.
Which three interface types can belong in a Layer 3 zone? (Choose three.)
A. loopback
B. Layer 3
C. tunnel
D. virtual wire - CORRECT ANSWER A. loopback
B. Layer 3
C. tunnel
Layer 3 Zone allows four interface types: Layer 3 (Ethernet1/6),
loopback, tunnel, and vlan:
What are used to control traffic through zones?
A. access lists
B. security policy lists
C. security policy rules
D. access policy rules - CORRECT ANSWER C. security policy rules
Which two actions can be done with a Tap interface? (Choose two.)
A. encrypt traffic
B. decrypt traffic
C. allow or block traffic
D. log traffic - CORRECT ANSWER B. decrypt traffic
D. log traffic
Which two actions can be done with a Virtual Wire interface? (Choose two.)
A. NAT
B. route
C. switch
D. log traffic - CORRECT ANSWER A. NAT
D. log traffic
A Virtual Wire interface is used to simply pass traffic through a firewall by binding two Ethernet interfaces,
allowing traffic to pass between them. Virtual Wire interfaces are often placed between an existing
firewall and a secured network to allow analysis of the traffic before actually migrating from a legacy
firewall to a Palo Alto Networks firewall.
Which two actions can be done with a Layer 3 interface? (Choose two.)
A. NAT
B. route
C. switch
D. create a Virtual Wire object - CORRECT ANSWER A. NAT
B. route
Layer 3 interfaces support which two items? (Choose two.)
A. NAT
B. IPv6
C. switching
D. spanning tree - CORRECT ANSWER A. NAT
B. IPv6
What are some examples of Layer 3 loopback interfaces? - CORRECT ANSWER They can be
destination configurations for DNS sinkholes, GlobalProtect service interfaces (portals and gateways),
routing identification, and more.
What is required for a complete Virtual Wire configuration - CORRECT ANSWER 2 virtual wire interfaces, each in a virtual wire zone, and a virtual wire object
True or false, route and switching are done on a virtual wire interface? - CORRECT ANSWER False
A virtual wire interface that receives a frame or
packet ignores any Layer 2 or Layer 3 addresses for switching or routing purposes, but
applies your security or NAT policy rules before passing an allowed frame or packet
over the virtual wire to the second Virtual Wire interface and on to the network device
connected to it.
Layer 3 interfaces support which three advance settings? (Choose three.)
A. IPv4 addressing
B. IPv6 addressing
C. NTP configuration
D. NDP configuration
E. link speed configuration
F. link duplex configuration - CORRECT ANSWER D. NDP configuration
E. link speed configuration
F. link duplex configuration
Layer 2 interfaces support which three items? (Choose three.)
A. spanning tree blocking
B. traffic examination
C. forwarding of spanning tree BPDUs
D. traffic shaping via QoS
E. firewall management
F. routing - CORRECT ANSWER B. traffic examination
C. forwarding of spanning tree BPDUs
D. traffic shaping via QoS
Note that Layer
2 interfaces do not participate in spanning tree other than forward BPDUs.
Which two interface types support subinterfaces? (Choose two.)
A. Virtual Wire
B. Layer 2
C. Loopback
D. Tunnel - CORRECT ANSWER A. Virtual Wire
B. Layer 2
Which two statements are true regarding Layer 3 interfaces? (Choose two.)
A. You can configure a Layer 3 interface with one or more as a DHCP client.
B. You can assign only one IPv4 addresses to the same interface.
C. You can enable an interface to send IPv4 Router Advertisements by selecting the
Enable Router Advertisement check box on the Router Advertisement tab.
D. You can apply an interface management profile to the interface. - CORRECT ANSWER A.You can configure a Layer 3 interface with one or more as a DHCP client.
D.You can apply an interface management profile to the interface.
Dynamic routing protocols available on a Palo Alto Networks firewall are as follows: - CORRECT ANSWER BGP4
OSPFv2
OSPVv3
RIPv2
Multicast routing protocols available on a Palo Alto Networks firewall are as follows: - CORRECT ANSWER IGMPv1, IGMPv2, IGMPv3
PIM‐SM, PIM‐ASM, PIM‐SSM
What is the firewall's RIB? (Virtual Router) - CORRECT ANSWER Routing Information Base
The firewall initially populates its learned routes into the firewall's IP routing information base (RIB
What is a firewall's FIB (Virtual Router) - CORRECT ANSWER Forwarding Information Base
The
virtual router obtains the best route from the RIB, and then places it in the forwarding information base
(FIB). Packets then are forwarded to the next hop router defined in the FIB.
What is the default administrative distance of a static route within the PAN‐OS ® software?
A. 1
B. 5
C. 10
D. 100 - CORRECT ANSWER C. 10
Which two dynamic routing protocols are available in the PAN‐OS ® software? (Choose two.)
A. RIP1
B. RIPv2
C. OSPFv3
D. EIGRP - CORRECT ANSWER B. RIPv2
C. OSPFv3
Which value is used to distinguish the preference of routing protocols?
A. Metric
B. Weight
C. Distance
D. Cost
E. Administrative Distance - CORRECT ANSWER A. Metric
In path monitoring, what is used to monitor remote network devices?
A. Ping
B. SSL
C. HTTP
D. HTTPS
E. Link State - CORRECT ANSWER A. Ping
What are the two default (predefined) security policy types in PAN‐OS ® software?
(Choose two.)
A. Universal
B. Interzone
C. Intrazone
D. Extrazone - CORRECT ANSWER B. Interzone
C. Intrazone
True or false. Because the first rule that matches the traffic is applied, the more
specific rules must follow the more general ones.
A. True
B. False - CORRECT ANSWER B. False
Which statement is true?
A. For Intrazone traffic, traffic logging is enabled by default.
B. For Interzone traffic, traffic logging is enabled by default.
C. For Universal traffic, traffic logging is enabled by default.
D. none of the above - CORRECT ANSWER C. For Universal traffic, traffic logging is enabled by default.
What are the two default (predefined) security policy types in PAN‐OS ® software? (Choose two.)
A. Universal
B. Interzone
C. Intrazone
D. Extrazone - CORRECT ANSWER B. Interzone
C. Intrazone
True or false? Best practice is to enable logging for the two predefined security policy rules.
A. True
B. False - CORRECT ANSWER A. True
What will be the result of one or more occurrences of shadowing?
A. a failed commit
B. an invalid configuration
C. a warning
D. none of the above - CORRECT ANSWER C. a warning
Which type of security policy rules always exist above the two predefined security policies?
A. intrazone
B. interzone
C. universal
D. global - CORRECT ANSWER C. universal
What are two source NAT types? (Choose two.)
A. universal
B. static
C. dynamic
D. extrazone - CORRECT ANSWER B. static
C. dynamic
A simple way to remember how to configure security policies where NAT was implemented is to
memorize the following:
A. post‐NAT zone, post‐NAT zone
B. post‐NAT IP, post‐NAT zone
C. pre‐NAT IP, post‐NAT zone
D. pre‐NAT IP, pre‐NAT zone - CORRECT ANSWER C. pre‐NAT IP, post‐NAT zone
When you
add an IP address to a security policy, you must add the IP address value that existed before NAT was
implemented, which is called the pre‐NAT IP. After the IP address is translated (post‐NAT IP), determine
the zone where the post‐NAT IP address would exist. This post‐NAT zone is used in the Security Policy
Rule.
What are two types of destination NAT? (Choose two.)
A. dynamic IP (with session distribution)
B. DIPP
C. global
D. static - CORRECT ANSWER A. dynamic IP (with session distribution)
D. static
Destination NAT (DNAT) typically is used to allow an external client to initiate access to an internal host
such as a web server
What are two possible values for DIPP NAT oversubscription? (Choose two.)
A. 1x
B. 4x
C. 16x
D. 32x - CORRECT ANSWER A. 1x
B. 4x
Platform Default turns off oversubscription, whereby the default rate of the firewall model applies:
1x: means no oversubscription, where each IP address and port pair can be used only
one time
2x: oversubscribed two times
4x: oversubscribed three times
8x: oversubscribed eight times
Which statement is true regarding bidirectional NAT?
A. For static translations, bidirectional NAT allows the firewall to create a corresponding
translation in the opposite direction of the translation you configure.
B. For static translations, bidirectional NAT allows the firewall to create a corresponding
translation in the same direction of the translation you configure.
C. For dynamic translations, bidirectional NAT allows the firewall to create a corresponding
translation in the opposite direction of the translation you configure.
D. For dynamic translations, bidirectional NAT allows the firewall to create a corresponding
translation in the same direction of the translation you configure. - CORRECT ANSWER A. For static translations, bidirectional NAT allows the firewall to create a corresponding
translation in the opposite direction of the translation you configure.
If you are configuring static source NAT, bidirectional
NAT allows you to eliminate the need to create an additional NAT policy rule for the incoming traffic.
What are two application dependencies for icloud‐mail? (Choose two.)
A. ssl
B. skype
C. google‐base
D. icloud‐base - CORRECT ANSWER A. ssl
D. icloud‐base
What does an application filter enable an administrator to do?
A. manually categorize multiple service filters
B. dynamically categorize multiple service filters
C. dynamically categorize multiple applications
D. manually categorize multiple applications - CORRECT ANSWER C. dynamically categorize multiple applications
An administrator can dynamically categorize multiple applications into an application filter based on the
specific attributes Category, Subcategory, Technology, Risk, and Characteristic.
Which two items can be added to an application group? (Choose two.)
A. application groups
B. application services
C. application filters
D. admin accounts - CORRECT ANSWER A. application groups
C. application filters
What does the TCP Half Closed setting mean?
A. maximum length of time that a session remains in the session table between
receiving the first FIN and receiving the third FIN or RST.
B. minimum length of time that a session remains in the session table between
receiving the first FIN and receiving the second FIN or RST.
C. maximum length of time that a session remains in the session table between receiving the
first FIN and receiving the second FIN or RST.
D. minimum length of time that a session remains in the session table between
receiving the first FIN and receiving the third FIN or RST - CORRECT ANSWER C. maximum length of time that a session remains in the session table between receiving the
first FIN and receiving the second FIN or RST.
What are two application characteristics? (Choose two.)
A. stateful
B. excessive bandwidth use
C. intensive
D. evasive - CORRECT ANSWER B. excessive bandwidth use
D. evasive
What is a TCP Timeout (Application Timeouts) - CORRECT ANSWER Number of seconds before an idle TCP application flow is terminated. A zero
indicates that the default timeout of the application is used.
What is a UDP Timeout (Application Timeouts) - CORRECT ANSWER Number of seconds before an idle UDP application flow is terminated. A zero
indicates that the default timeout of the application is used.
What is a TCP Time Wait (Application Timeouts) - CORRECT ANSWER Maximum length of time that a session remains in the session table after
receiving the second FIN or RST. If the timer expires, the session is closed. If this
time is not configured at the application level, the global setting is used (range is
1 to 600 seconds). If this value is configured at the application level, it overrides
the global TCP Time Wait setting.
Which column in the Applications and Threats screen includes the options Review Apps and
Review Policies?
A. Features
B. Type
C. Version
D. Action - CORRECT ANSWER D. Action
What can you select to minimize the risk using of installing new App‐ID updates?
A. Enable new apps in content
B. Disable new apps in app‐id database
C. Disable new apps in content
D. Enable new apps in App‐ID database - CORRECT ANSWER C. Disable new apps in content
Installation of new App‐IDs included in a content release
version sometimes can cause a change in policy enforcement for the application that now is uniquely
identified.
What are two benefits of vulnerability protection security profiles? (Choose two.)
A. prevent compromised hosts from trying to communicate with external
command‐and‐ control (C2) servers
B. protect against viruses, worms, and Trojans
C. prevent exploitation of system flaws
D. prevent unauthorized access to systems - CORRECT ANSWER D. prevent unauthorized access to systems
C. prevent exploitation of system flaws
(True or false) - Sometimes you do not have to explicitly allow access to the dependent applications for the traffic to flow because the firewall can determine the dependencies and allow them implicitly. - CORRECT ANSWER True
Which Layer 2 interfaces used to switch traffic between? - CORRECT ANSWER other Layer 2 interfaces
How often are new and modified threat signatures and modified applications signatures published? - CORRECT ANSWER Weekly
The Application Framework consists of which two components? (Choose two.) - CORRECT ANSWER The Application Framework consists of the following components:
Infrastructure: A suite of cloud APIs, services, compute, and native access to
customer‐specific data stores
Customer‐specific data store: The Palo Alto Networks Logging Service
Apps: Apps that are delivered from the cloud to extend the capabilities of the platform,
including the ability to effortlessly collaborate between different apps, share threat
context and intelligence, and drive automated response and enforcement.
For more information, see https://www.paloaltonetworks.com/products/application‐framewor
Cloud security is delivered in which three ways? (Choose three.) - CORRECT ANSWER Auto Focus contextual threat intel, Global Protect Cloud, URL Filtering Web Security, Threat Prevention (IPS), Wildfire, MineMeld Threat Intel Sharing
Which three items are part of the Palo Alto Networks Security Operating Platform? (Choose three.) - CORRECT ANSWER Network Security
Advanced Endpoint Protection
Cloud Security
Cloud‐Delivered Security Services
Application Framework and Logging Service
Palo Alto Networks Apps, Third‐Party Apps, and Customer Apps
What are the 6 stages of the cyber attack life cycle?
RCC LTE - CORRECT ANSWER Phase 1: Reconnaissance -
Phase 2: Initial compromise -
Phase 3: Command & control -
Phase 4: Lateral movement -
Phase 5: Target attainment -
Phase 6: Exfiltration, corruption, and disruption -
What are some of the common Service Route options? - CORRECT ANSWER DNS, Email, NTP, NetFlow, Palo Updates, Proxy, Radius, SNMP, SYSLOG, URL Updates, WildFire
What is the difference between Palo Alto URL Filtering and BrightCloud URL Filtering Settings? - CORRECT ANSWER BrightCloud URL Filtering is updated once a day, where Palo Alto URL Filtering is updated every 5-10 minutes
Under the Application and Threats updates configuration, what does Review Policies do? - CORRECT ANSWER Displays policy rules that might enforce traffic different if the app is modified on a content update and lets you add or remove apps from those policies.
What are data filtering profile matches logged as? - CORRECT ANSWER Low
What are url profile matches logged as? - CORRECT ANSWER Informational
How often are antivirus signatures downloaded? - CORRECT ANSWER Daily for Threat Prevention subscribers, sub hourly for Wildfire subscribers
Antispyware policies primarily do what? - CORRECT ANSWER Detect C2 activity
What is user credential submission? - CORRECT ANSWER Url filtering option that controls users ability to submit corporate credentials to a url category
True or false: packets must meet all of the criteria in a security policy to match it? - CORRECT ANSWER True
What are the primary security profile actions? - CORRECT ANSWER Default
Allow
Alert
Drop
Reset client
Reset server
Reset both
What are the default protocols identified by the Antivirus Security Profile and their actions? - CORRECT ANSWER Alert - smtp, imap, pop3
Block - ftp, http, smb
What are the two pre defined anti-spyware policies? - CORRECT ANSWER Default - uses the default option for all matches
Strict - overrides critical, high, and medium matches and sets to block
What are the three HTTP header logging attributes? - CORRECT ANSWER User agent - identifier of the browser that accessed
Referrer - url that linked to another url
X forward to - preserves ip if user that connected to page
What zone are zone protection profiles applied to? - CORRECT ANSWER Ingress
What protections does a zone policy offer? - CORRECT ANSWER Protection against floods, reconnaissance attacks, and other packet based attacks
What are the five types of floods in zone protection? - CORRECT ANSWER Syn, udp, icmp, icmp6, other ip [Show Less]