NEW QUESTION 1
A network security engineer has been asked to analyze Wildfire activity. However, the Wildfire Submissions item is not visible form the Monitor tab.
What could cause this condition?

• A. The firewall does not have an active WildFire subscription.
• B. The engineer's account does not have permission to view WildFire Submissions.
• C. A policy is blocking WildFire Submission traffic.
• D. Though WildFire is working, there are currently no WildFire Submissions log entries.

Answer: B

NEW QUESTION 2
What will be the source address in the ICMP packet?

• A. 10.30.0.93
• B. 10.46.72.93
• C. 10.46.64.94
• D. 192.168.93.1

Answer: C

NEW QUESTION 3
Which operation will impact the performance of the management plane?

• A. WildFire Submissions
• B. DoS Protection
• C. decrypting SSL Sessions
• D. Generating a SaaS Application Report.

Answer: C

NEW QUESTION 4
Which is the maximum number of samples that can be submitted to WildFire per day, based on wildfire subscription?

• A. 15,000
• B. 10,000
• C. 75,00
• D. 5,000

Answer: B

NEW QUESTION 5
Which three log-forwarding destinations require a server profile to be configured? (Choose three)

• A. SNMP Trap
• B. Email
• C. RADIUS
• D. Kerberos
• E. Panorama
• F. Syslog

Answer: ABF

NEW QUESTION 6
Which three split tunnel methods are supported by a globalProtect gateway? (Choose three.)

• A. video streaming application
• B. Client Application Process
• C. Destination Domain
• D. Source Domain
• E. Destination user/group
• F. URL Category

Answer: ABC

NEW QUESTION 7
A company has a policy that denies all applications it classifies as bad and permits only application it classifies as good. The firewall administrator created the following security policy on the company's
firewall.

Which interface configuration will accept specific VLAN IDs?
Which two benefits are gained from having both rule 2 and rule 3 presents? (choose two)

• A. A report can be created that identifies unclassified traffic on the network.
• B. Different security profiles can be applied to traffic matching rules 2 and 3.
• C. Rule 2 and 3 apply to traffic on different ports.
• D. Separate Log Forwarding profiles can be applied to rules 2 and 3.

Answer: BD

NEW QUESTION 8
Which CLI command enables an administrator to check the CPU utilization of the dataplane?

• A. show running resource-monitor
• B. debug data-plane dp-cpu
• C. show system resources
• D. debug running resources

Answer: A

NEW QUESTION 9
Refer to exhibit.

An organization has Palo Alto Networks NGFWs that send logs to remote monitoring and security
management platforms. The network team has reported excessive traffic on the corporate WAN.
How could the Palo Alto Networks NGFW administrator reduce WAN traffic while maintaining support for all existing monitoring/ security platforms?

• A. Forward logs from firewalls only to Panorama and have Panorama forward logs to other external services.
• B. Forward logs from external sources to Panorama for correlation, and from Panorama send them to the NGFW.
• C. Configure log compression and optimization features on all remote firewalls.
• D. Any configuration on an M-500 would address the insufficient bandwidth concerns.

Answer: A

NEW QUESTION 10
Palo Alto Networks maintains a dynamic database of malicious domains.
Which two Security Platform components use this database to prevent threats? (Choose two)

• A. Brute-force signatures
• B. BrightCloud Url Filtering
• C. PAN-DB URL Filtering
• D. DNS-based command-and-control signatures

Answer: CD

NEW QUESTION 11
In High Availability, which information is transferred via the HA data link?

• A. session information
• B. heartbeats
• C. HA state information
• D. User-ID information

Answer: A

Explanation: Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/high-availability/ha-links-and-backup-links

NEW QUESTION 12
If the firewall is configured for credential phishing prevention using the “Domain Credential Filter” method, which login will be detected as credential theft?

• A. Mapping to the IP address of the logged-in user.
• B. First four letters of the username matching any valid corporate username.
• C. Using the same user’s corporate username and password.
• D. Marching any valid corporate username.Explanation:

Answer: A

Explanation: Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/newfeaturesguide/content-inspection-features/credential-phishing-prevention

NEW QUESTION 13
Firewall administrators cannot authenticate to a firewall GUI.
Which two logs on that firewall will contain authentication-related information useful in troubleshooting this issue? (Choose two.)

• A. ms log
• B. authd log
• C. System log
• D. Traffic log
• E. dp-monitor .log

Answer: BC

NEW QUESTION 14
Site-A and Site-B have a site-to-site VPN set up between them. OSPF is configured to dynamically create the routes between the sites. The OSPF configuration in Site-A is configured properly, but the route for the tunner is not being established. The Site-B interfaces in the graphic are using a broadcast Link Type. The administrator has determined that the OSPF configuration in Site-B is using the wrong Link Type for one of its interfaces.

Which Link Type setting will correct the error?

• A. Set tunne
• B. 1 to p2p
• C. Set tunne
• D. 1 to p2mp
• E. Set Ethernet 1/1 to p2mp
• F. Set Ethernet 1/1 to p2p

Answer: A

NEW QUESTION 15
Several offices are connected with VPNs using static IPV4 routes. An administrator has been tasked with implementing OSPF to replace static routing.
Which step is required to accoumplish this goal?

• A. Assign an IP address on each tunnel interface at each site
• B. Enable OSPFv3 on each tunnel interface and use Area ID 0.0.0.0
• C. Assign OSPF Area ID 0.0.0.0 to all Ethernet and tunnel interfaces
• D. Create new VPN zones at each site to terminate each VPN connection

Answer: C

NEW QUESTION 16
Which option would an administrator choose to define the certificate and protocol that Panorama and its managed devices use for SSL/TLS services?

• A. Configure a Decryption Profile and select SSL/TLS services.
• B. Set up SSL/TLS under Polices > Service/URL Category>Service.
• C. Set up Security policy rule to allow SSL communication.
• D. Configure an SSL/TLS Profile.

Answer: D

Explanation: Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/device/device-certificate-management-ssltls-service-profile