NEW QUESTION 1
What can missing SSL packets when performing a packet capture on dataplane interfaces?

• A. The packets are hardware offloaded to the offloaded processor on the dataplane
• B. The missing packets are offloaded to the management plane CPU
• C. The packets are not captured because they are encrypted
• D. There is a hardware problem with offloading FPGA on the management plane

Answer: A

NEW QUESTION 2
An administrator sees several inbound sessions identified as unknown-tcp in the traffic logs. The administrator determines that these sessions are from external users accessing the company’s proprietary accounting application. The administrator wants to reliably identify this as their accounting application and to scan this traffic for threats. Which option would achieve this result?

• A. Create an Application Override policy and a custom threat signature for the application
• B. Create an Application Override policy
• C. Create a custom App-ID and use the "ordered conditions" check box
• D. Create a custom App ID and enable scanning on the advanced tab

Answer: A

NEW QUESTION 3
Where can an administrator see both the management plane and data plane CPU utilization in the WebUI?

• A. System log
• B. CPU Utilization widget
• C. Resources widget
• D. System Utilization log

Answer: C

NEW QUESTION 4
When is the content inspection performed in the packet flow process?

• A. after the application has been identified
• B. before session lookup
• C. before the packet forwarding process
• D. after the SSL Proxy re-encrypts the packet

Answer: A

Explanation: Reference:
https://live.paloaltonetworks.com/t5/Learning-Articles/Packet-Flow-Sequence-in-PAN-OS/ta- p/56081

NEW QUESTION 5
Which three rule types are available when defining policies in Panorama? (Choose three.)

• A. Pre Rules
• B. Post Rules
• C. Default Rules
• D. Stealth Rules
• E. Clean Up Rules

Answer: ABC

Explanation: https://www.paloaltonetwoHYPERLINK "https://www.paloaltonetworks.com/documentation/71/pan-os/web-interface-help/panorama- web-interface/defining-policies-on-panorama"rks.com/documentation/71/pan-os/web-
interHYPERLINK "https://www.paloaltonetworks.com/documentation/71/pan-os/web-interface- help/panorama-web-interface/defining-policies-on-panorama"face-help/panorama-web- interface/defining-policies-on-panorama

NEW QUESTION 6
A company wants to install a PA-3060 firewall between two core switches on a VLAN trunk link. They need to assign each VLAN to its own zone and to assign untagged (native) traffic to its own zone which options differentiates multiple VLAN into separate zones?

• A. Create VLAN objects for each VLAN and assign VLAN interfaces matching each VLAN I
• B. Repeat forevery additional VLANand use a VLAN ID of 0 for untagged traffi
• C. Assign each interface/subinterface to a unique zone.
• D. Create V-Wire objects with two V-Wire sub interface and assign only a single VLAN ID to the "Tag Allowed field one of the V-Wire object Repeat for every additional VLAN and use a VIAN ID of 0 for untagged traffi
• E. Assign each interface/subinterfaceto a unique zone.
• F. Create V-Wire objects with two V-Wire interfaces and define a range “0- 4096" in the 'Tag Allowed filed of the V-Wire object.
• G. Create Layer 3 sub interfaces that are each assigned to a single VLAN ID and a common virtual route
• H. The physical Layer 3interface would handle untagged traffi
• I. Assign each interface /subinterface to a unique zon
• J. Do not assign any interface anIP address

Answer: C

NEW QUESTION 7
Refer to the exhibit.

An administrator is using DNAT to map two servers to a single public IP address. Traffic will be
steered to the specific server based on the application, where Host A (10.1.1.100) received HTTP traffic and host B(10.1.1.101) receives SSH traffic.
Which two security policy rules will accomplish this configuration? (Choose two)

• A. Untrust (Any) to Untrust (10.1.1.1) Ssh-Allow
• B. Untrust (Any) to DMZ (1.1.1.100) Ssh-Allow
• C. Untrust (Any) to DMZ (1.1.1.100) Web-browsing -Allow
• D. Untrust (Any) to Untrust (10.1.1.1) Web-browsing -Allow

Answer: CD

NEW QUESTION 8
An administrator just submitted a newly found piece of spyware for WildFire analysis. The spyware passively monitors behavior without the user’s knowledge.
What is the expected verdict from WildFire?

• A. Gray ware
• B. Malware
• C. Spyware
• D. Phishing

Answer: A

NEW QUESTION 9
A host attached to ethernet1/3 cannot access the internet. The default gateway is attached to ethernet1/4. After troubleshooting. It is determined that traffic cannot pass from the ethernet1/3 to ethernet1/4. What can be the cause of the problem?

• A. DHCP has been set to Auto.
• B. Interface ethernet1/3 is in Layer 2 mode and interface ethernet1/4 is in Layer 3 mode.
• C. Interface ethernet1/3 and ethernet1/4 are in Virtual Wire Mode.
• D. DNS has not been properly configured on the firewall

Answer: B

NEW QUESTION 10
Which Device Group option is assigned by default in Panorama whenever a new device group is created to manage a Firewall?

• A. Master
• B. Universal
• C. Shared
• D. Global

Answer: C

NEW QUESTION 11
Which User-ID method should be configured to map IP addresses to usernames for users connected through a terminal server?

• A. port mapping
• B. server monitoring
• C. client probing
• D. XFF headers

Answer: A

Explanation: Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/user-id/configure-user-mapping-for-terminal-server-users

NEW QUESTION 12
Which logs enable a firewall administrator to determine whether a session was decrypted?

• A. Correlated Event
• B. Traffic
• C. Decryption
• D. Security Policy

Answer: B

NEW QUESTION 13
A file sharing application is being permitted and no one knows what this application is used for. How should this application be blocked?

• A. Block all unauthorized applications using a security policy
• B. Block all known internal custom applications
• C. Create a WildFire Analysis Profile that blocks Layer 4 and Layer 7 attacks
• D. Create a File blocking profile that blocks Layer 4 and Layer 7 attacks

Answer: D

NEW QUESTION 14
Which two logs on the firewall will contain authentication-related information useful for troubleshooting purpose (Choose two)

• A. ms.log
• B. traffic.log
• C. system.log
• D. dp-monitor.log
• E. authd.log

Answer: CE

NEW QUESTION 15
Which feature prevents the submission of corporate login information into website forms?

• A. Data filtering
• B. User-ID
• C. File blocking
• D. Credential phishing prevention

Answer: D

Explanation: Reference: https://www.paloaltonetworks.com/cyberpedia/how-the-next-generation-security-platform-contributes-to-gdpr-compliance

NEW QUESTION 16
What should an administrator consider when planning to revert Panorama to a pre-PAN-OS 8.1 version?

• A. Panorama cannot be reverted to an earlier PAN-OS release if variables are used in templates or template stacks.
• B. An administrator must use the Expedition tool to adapt the configuration to the pre-PAN-OS 8.1 state.
• C. When Panorama is reverted to an earlier PAN-OS release, variables used in templates or template stacks will be removed automatically.
• D. Administrators need to manually update variable characters to those used in pre-PAN-OS 8.1.

Answer: A