Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. A website is presenting an RSA 2048-bit key. By default, what will the size of the key in the certificate sent by the firewall to the client be when doing SSL Decryption?
A. 512 bits
B. 1024 bits
C. 2048 bits
D. 4096 bits
Answer: C
Explanation:
Reference: https://www.paloaltonetworks.com/documentation/61/pan-os/newfeaturesguide/management-features/configurable-key-size-for-ssl-forward-proxy-server-certificates.html
Q2. Which of the following interfaces types will have a MAC address?
A. Layer 3
B. Tap
C. Vwire
D. Layer 2
Answer: D
Q3. The following can be configured as a next hop in a Static Route:
A. A Policy-Based Forwarding Rule
B. Virtual System
C. A Dynamic Routing Protocol
D. Virtual Router
Answer: D
Q4. Which of the following describes the sequence of the Global Protect agent connecting to a Gateway?
A. The Agent connects to the Portal obtains a list of Gateways, and connects to the Gateway with the fastest SSL response time
B. The agent connects to the closest Gateway and sends the HIP report to the portal
C. The agent connects to the portal, obtains a list of gateways, and connects to the gateway with the fastest PING response time
D. The agent connects to the portal and randomly establishes a connection to the first available gateway
Answer: A
Q5. The IT department has received complaints about VoIP call jitter when the sales staff is making or receiving calls. QoS is enabled on all firewall interfaces, but there is no QoS policy written in the rulebase. The IT manager wants to find out what traffic is causing the jitter in real time when a user reports the jitter.
Which feature can be used to identify, in real-time, the applications taking up the most bandwidth?
A. Application Command Center (ACC)
B. QoS Statistics
C. QoS Log
D. Applications Report
Answer: A
Explanation:
Reference: http://www.newnet66.org/Support/Resources/Using-The-ACC.pdf
Q6. Which of the following objects cannot use User-ID as a match criteria?
A. Security Policies
B. QoS
C. Policy Based Forwarding
D. DoS Protection
E. None of the above
Answer: E
Q7. How can a Palo Alto Networks firewall be configured to send syslog messages in a format compatible with nonstandard syslog servers?
A. Enable support for non-standard syslog messages under device management.
B. Select a non-standard syslog server profile.
C. Create a custom log format under the syslog server profile.
D. Check the custom-format checkbox in the syslog server profile.
Answer: C
Explanation:
Reference: https://live.paloaltonetworks.com/docs/DOC-2021 Page 16 of PDF available there.
Q8. What is the size limitation of files manually uploaded to WildFire
A. Configuarable up to 10 megabytes
B. Hard-coded at 10 megabytes
C. Hard-coded at 2 megabytes
D. Configuarable up to 20 megabytes
Answer: A
Q9. In PAN-OS 5.0, how is Wildfire enabled?
A. Via the URL-Filtering "Continue" Action
B. Wildfire is automaticaly enabled with a valid URL-Filtering license
C. A custom file blocking action must be enabled for all PDF and PE type files
D. Via the "Forward" and "Continue and Forward" File-Blocking actions
Answer: A
Q10. When setting up GlobalProtect, what is the job of the GlobalProtect Portal? Select the best answer
A. To maintain the list of remote GlobalProtect Portals and list of categories for checking the client machine
B. To maintain the list of GlobalProtect Gateways and list of categories for checking the client machine
C. To load balance GlobalProtect client connections to GlobalProtect Gateways
D. None of the above
Answer: B
Q11. When creating a Security Policy to allow Facebook in PAN-OS 5.0, how can you be sure that no other web-browsing traffic is permitted?
A. Ensure that the Service column is defined as "application-default" for this security rule. This will automatically include the implicit web-browsing application dependency.
B. Create a subsequent rule which blocks all other traffic
C. When creating the rule, ensure that web-browsing is added to the same rule. Both applications will be processed by the Security policy, allowing only Facebook to be accessed. Any other applications can be permitted in subsequent rules.
D. No other configuration is required on the part of the administrator, since implicit application dependencies will be added automaticaly.
Answer: D
Q12. When configuring Admin Roles for Web UI access, what are the available access levels?
A. Enable and Disable only
B. None, Superuser, Device Administrator
C. Allow and Deny only
D. Enable, Read-Only and Disable
Answer: D
Q13. Ethernet 1/1 has been configured with the following subinterfaces:
The following security policy is applied:
The Interface Management Profile permits the following:
Your customer is trying to ping 10.10.10.1 from VLAN 800 IP 10.10.10.2/24
What will be the result of this ping?
A. The ping will be successful because the management profile applied to Ethernet1/1 allows ping.
B. The ping will not be successful because the virtual router is different from the other subinterfaces.
C. The ping will not be successful because there is no management profile attached to Ethernet1/1.799.
D. The ping will not be successful because the security policy does not apply to VLAN 800.
E. The ping will be successful because the security policy permits this traffic.
Answer: D
Q14. A company has a policy that denies all applications they classify as bad and permits only applications they classify as good. The firewall administrator created the following security policy on the company s firewall:
Which two benefits are gained from having both rule 2 and rule 3 present? Choose 2 answers
A. Different security profiles can be applied to traffic matching rules 2 and 3.
B. Separate Log Forwarding profiles can be applied to rules 2 and 3.
C. Rule 2 denies traffic flowing across different TCP and UDP ports than rule 3.
D. A report can be created that identifies unclassified traffic on the network.
Answer: A,D
Q15. HOTSPOT
A company has a Palo Alto Networks firewall with a single VSYS that has both locally defined rules as well as shared and device-group rules pushed from Panorama.
In what order are the policies evaluated?
Answer: