What can be used as match criteria for creating a dynamic address group?
What are three valid information sources that can be used when tagging users to dynamic user groups? (Choose three.)
Which rule type is appropriate for matching traffic both within and between the source and destination zones?
An administrator is troubleshooting traffic that should match the interzone-default rule. However, the administrator doesn't see this traffic in the traffic logs on the firewall. The interzone-default was never changed from its default configuration.
Why doesn't the administrator see the traffic?
Which five Zero Trust concepts does a Palo Alto Networks firewall apply to achieve an integrated approach to prevent threats? (Choose five.)
Which service protects cloud-based applications such as Dropbox and Salesforce by administering permissions and scanning files for sensitive information?
What is the main function of Policy Optimizer?
Your company occupies one floor in a single building you have two active directory domain controllers on a single networks the firewall s management plane is only slightly utilized.
Which user-ID agent sufficient in your network?
An administrator wants to create a No-NAT rule to exempt a flow from the default NAT rule. What is the best way to do this?
A Security Profile can block or allow traffic at which point?
Which two rule types allow the administrator to modify the destination zone? (Choose two )
Which license is required to use the Palo Alto Networks built-in IP address EDLs?
Which security policy rule would be needed to match traffic that passes between the Outside zone and Inside zone, but does not match traffic that passes within the zones?
Which statement best describes a common use of Policy Optimizer?
Which two statements are correct about App-ID content updates? (Choose two.)
Access to which feature requires PAN-OS Filtering licens?
In a File Blocking profile, which two actions should be taken to allow file types that support critical apps? (Choose two.)
Which three interface deployment methods can be used to block traffic flowing through the Palo Alto Networks firewall? (Choose three.)
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains.
Which type of single unified engine will get this result?
Which type of address object is www.paloaltonetworks.com?
Which three configuration settings are required on a Palo Alto networks firewall management interface?
Complete the statement. A security profile can block or allow traffic____________
Security profiles are objects added to policy rules that are configured with an action of allow.
Which URL Filtering profile action would you set to allow users the option to access a site only if they provide a URL admin password?
Which rule type is appropriate for matching traffic occurring within a specified zone?
Which Palo Alto network security operating platform component provides consolidated policy creation and centralized management?
Which link in the web interface enables a security administrator to view the security policy rules that match new application signatures?
Which interface type is part of a Layer 3 zone with a Palo Alto Networks firewall?
What is a prerequisite before enabling an administrative account which relies on a local firewall user database?
An administrator wants to prevent access to media content websites that are risky
Which two URL categories should be combined in a custom URL category to accomplish this goal? (Choose two)
Given the Cyber-Attack Lifecycle diagram, identify the stage in which the attacker can initiate malicious code against a targeted machine.
The PowerBall Lottery has reached a high payout amount and a company has decided to help employee morale by allowing employees to check the number, but doesn’t want to unblock the gambling URL category.
Which two methods will allow the employees to get to the PowerBall Lottery site without the company unlocking the gambling URL category? (Choose two.)
An administrator would like to block access to a web server, while also preserving resources and minimizing half-open sockets. What are two security policy actions the administrator can select? (Choose two.)
When HTTPS for management and GlobalProtect are enabled on the same interface, which TCP port is used for management access?
You have been tasked to configure access to a new web server located in the DMZ
Based on the diagram what configuration changes are required in the NGFW virtual router to route traffic from the 10 1 1 0/24 network to 192 168 1 0/24?
Based on the screenshot what is the purpose of the included groups?
Which path is used to save and load a configuration with a Palo Alto Networks firewall?
Which Security profile would you apply to identify infected hosts on the protected network uwall user database?
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?
What must be considered with regards to content updates deployed from Panorama?
What are the requirements for using Palo Alto Networks EDL Hosting Sen/ice?
Which two matching criteria are used when creating a Security policy involving NAT? (Choose two.)
A company moved its old port-based firewall to a new Palo Alto Networks NGFW 60 days ago. Which utility should the company use to identify out-of-date or unused rules on the firewall?