NEW QUESTION 1
Which Security Policy Rule configuration option disables antivirus and anti-spyware scanning of server-to-client flows only?

• A. Disable Server Response Inspection
• B. Apply an Application Override
• C. Disable HIP Profile
• D. Add server IP Security Policy exception

Answer: A

NEW QUESTION 2
Which CLI command enables an administrator to view details about the firewall including uptime, PAN-OS® version, and serial number?

• A. debug system details
• B. show session info
• C. show system info
• D. show system details

Answer: C

Explanation: Reference: https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/technical-documentation/pan-os-60/PAN-OS-6.0-CLI-ref.pdf

NEW QUESTION 3
Which two virtualized environments support Active/Active High Availability (HA) in PAN-OS 8.0? (Choose two.)

• A. KVM
• B. VMware ESX
• C. VMware NSX
• D. AWS

Answer: AB

NEW QUESTION 4
An administrator wants to upgrade an NGFW from PAN-OS® 7 .1. 2 to PAN-OS® 8 .0.2 The firewall is not a part of an HA pair. What needs to be updated first?

• A. XML Agent
• B. Applications and Threats
• C. WildFire
• D. PAN-OS® Upgrade Agent

Answer: B

NEW QUESTION 5
YouTube videos are consuming too much bandwidth on the network, causing delays in mission- critical traffic. The administrator wants to throttle YouTube traffic. The following interfaces and zones are in use on the firewall:
* ethernet1/1, Zone: Untrust (Internet-facing)
* ethernet1/2, Zone: Trust (client-facing)
A QoS profile has been created, and QoS has been enabled on both interfaces. A QoS rule exists to put the YouTube application into QoS class 6. Interface Ethernet1/1 has a QoS profile called Outbound, and interface Ethernet1/2 has a QoS profile called Inbound.
Which setting for class 6 with throttle YouTube traffic?

• A. Outbound profile with Guaranteed Ingress
• B. Outbound profile with Maximum Ingress
• C. Inbound profile with Guaranteed Egress
• D. Inbound profile with Maximum Egress

Answer: D

NEW QUESTION 6
Which Panorama administrator types require the configuration of at least one access domain? (Choose two)

• A. Dynamic
• B. Custom Panorama Admin
• C. Role Based
• D. Device Group E.Template Admin

Answer: D

NEW QUESTION 7
Based on the image, what caused the commit warning?

• A. The CA certificate for FWDtrust has not been imported into the firewall.
• B. The FWDtrust certificate has not been flagged as Trusted Root CA.
• C. SSL Forward Proxy requires a public certificate to be imported into the firewall.
• D. The FWDtrust certificate does not have a certificate chain.

Answer: D

NEW QUESTION 8
An administrator has enabled OSPF on a virtual router on the NGFW. OSPF is not adding new routes
to the virtual router. Which two options enable the administrator to troubleshoot this issue? (Choose two.)

• A. View Runtime Stats in the virtual router.
• B. View System logs.
• C. Add a redistribution profile to forward as BGP updates.
• D. Perform a traffic pcap at the routing stage.

Answer: AB

NEW QUESTION 9
A network design calls for a "router on a stick" implementation with a PA-5060 performing inter- VLAN routing All VLAN-tagged traffic will be forwarded to the PA-5060 through a single dot1q trunk interface
Which interface type and configuration setting will support this design?

• A. Trunk interface type with specified tag
• B. Layer 3 interface type with specified tag
• C. Layer 2 interface type with a VLAN assigned
• D. Layer 3 subinterface type with specified tag

Answer: D

NEW QUESTION 10
What are the differences between using a service versus using an application for Security Policy match?

• A. Use of a "service" enables the firewall to take action after enough packets allow for App-IDidentification
• B. Use of a "service" enables the firewall to take immediate action with the first observed packet based on port numbers Use ofan "application" allows the firewall to take action after enough packets allow for App-ID identification regardless of the portsbeing used.
• C. There are no differences between "service" or "application” Use of an "application" simplifies configuration by allowing use ofa friendly application name instead of port numbers.
• D. Use of a "service" enables the firewall to take immediate action with the first observed packet based on port number
• E. Use ofan "application" allows the firewall to take immediate action it the port being used is a member of the application standardport list

Answer: B

NEW QUESTION 11
What are two prerequisites for configuring a pair of Palo Alto Networks firewalls in an active/passive High Availability (HA) pair? (Choose two.)

• A. The firewalls must have the same set of licenses.
• B. The management interfaces must to be on the same network.
• C. The peer HA1 IP address must be the same on both firewalls.
• D. HA1 should be connected to HA1. Either directly or with an intermediate Layer 2 device.

Answer: AD

NEW QUESTION 12
Which User-ID method maps IP address to usernames for users connecting through a web proxy that has already authenticated the user?

• A. Client Probing
• B. Port mapping
• C. Server monitoring
• D. Syslog listening

Answer: D

NEW QUESTION 13
Which tool provides an administrator the ability to see trends in traffic over periods of time, such as threats detected in the last 30 days?

• A. Session Browser
• B. Application Command Center
• C. TCP Dump
• D. Packet Capture

Answer: B

Explanation: Reference: https://live.paloaltonetworks.com/t5/Management-Articles/Tips-amp-Tricks-How-to-Use-the-Application-Command-Center-ACC/ta-p/67342

NEW QUESTION 14
A network security engineer is asked to perform a Return Merchandise Authorization (RMA) on a firewall
Which part of files needs to be imported back into the replacement firewall that is using Panorama?

• A. Device state and license files
• B. Configuration and serial number files
• C. Configuration and statistics files
• D. Configuration and Large Scale VPN (LSVPN) setups file

Answer: A

NEW QUESTION 15
An administrator logs in to the Palo Alto Networks NGFW and reports that the WebUI is missing the Policies tab. Which profile is the cause of the missing Policies tab?

• A. Admin Role
• B. WebUI
• C. Authentication
• D. Authorization

Answer: A

NEW QUESTION 16
A network security engineer is asked to provide a report on bandwidth usage. Which tab in the ACC provides the information needed to create the report?

• A. Blocked Activity
• B. Bandwidth Activity
• C. Threat Activity
• D. Network Activity

Answer: D