Free certification test prep

Q42. If malware is detected on the internet perimeter, what other places in the network might be affected?

Q43. Where is information about packet buffer protection logged?

Q44. When overriding a template configuration locally on a firewall, what should you consider?

Q45. Which three use cases are valid reasons for requiring an Active/Active high availability deployment? (Choose three )

Q46. Place the steps in the WildFire process workflow in their correct order.

Q47. An administrator is using Panorama and multiple Palo Alto Networks NGFWs. After upgrading all devices to the latest PAN-OS software, the administrator enables log forwarding from the firewalls to PanoramA.
Pre-existing logs from the firewalls are not appearing in PanoramA.
Which action would enable the firewalls to send their pre-existing logs to Panorama?

Q48. As a best practice, logging at session start should be used in which case?

Q49. An administrator has left a firewall to use the default port for all management services.
Which three functions are performed by the dataplane? (Choose three.)

Q50. If an administrator wants to decrypt SMTP traffic and possesses the server’s certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to inspect traffic to the server?

Q51. Which two benefits come from assigning a Decryption Profile to a Decryption policy rule with a “No Decrypt” action? (Choose two.)

Q52. An engineer configures SSL decryption in order to have more visibility to the internal users’ traffic when it is regressing the firewall.
Which three types of interfaces support SSL Forward Proxy? (Choose three.)

Q53. Drag and Drop Question
Place the steps to onboard a ZTP firewall into Panorama/CSP/ZTP-Service in the correct order.

Q54. An administrator needs to identify which NAT policy is being used for internet traffic.
From the Monitor tab of the firewall GUI, how can the administrator identify which NAT policy is in use for a traffic flow?

Q55. Which source is the most reliable for collecting User-ID user mapping?

Q56. To more easily reuse templates and template stacks, you can create template variables in place of firewall-specific and appliance-specific IP literals in your configurations.
Which one is the correct configuration

Q57. The web server is configured to listen for HTTP traffic on port 8080. The clients access the web server using the IP address 1.1.1.100 on TCP Port 80. The destination NAT rule is configured to translate both IP address and report to 10.1.1.100 on TCP Port 8080.

Which NAT and security rules must be configured on the firewall? (Choose two)

Q58. A global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck near the User-ID agent server.
Which solution in PAN-OS® software would help in this case?

Q59. A network administrator plans a Prisma Access deployment with three service connections, each with a BGP peering to a CPE. The administrator needs to minimize the BGP configuration and management overhead on on-prem network devices.
What should the administrator implement?

Q60. An engineer must configure the Decryption Broker feature. To which router must the engineer assign the decryption forwarding interfaces that are used in Decryption Broker security chain?