TAC has requested a PCAP on your Panorama to see why the DNS app is having intermittent issues resolving FQDN.
What is the appropriate CLI command?
Answer : C
A firewall configuration is being migrated by Expedition from a third-party vendor to a Palo Alto Networks Next-Generation Firewall (NGFW.). Expedition flags one service as invalid following the import of the original configuration file. An engineer investigates and finds the invalid service to be ping which is used by the security policies.
Which action should the engineer take?
Answer : D
SSL decryption has been implemented in a customer environment. The firewall protecting this environment is using PAN-OS 10.0. Users of an application are filing support cases claiming that a function of this application is no longer working.
Where should the investigation for decryption issues begin?
Answer : D
What information is necessary to properly plan the deployment of a Panorama hardware appliance for firewall management?
Answer : C
Which additional license is required for the feature Host Information Profiles to function on Palo Alto Networks Next-Generation Firewalls?
Answer : C
What is the default port used by the Terminal Services agent to communicate with a firewall?
Answer : B
SSL Forward Proxy decryption is enabled on the firewall. When clients use Chrome to browse to HTTPS sites, the firewall returns the Forward Trust certificate, even when accessing websites with invalid certificates. The clients need to be presented with a browser warning error with the option to proceed to websites with invalid certificates.
Which two options will satisfy this requirement? (Choose two.)
Answer : AB
Your customer wants to implement Active/Active High Availability for their PA-5260 pair. The following conditions are true in their environment:
-They are using multiple Layer 3 interfaces to process traffic.
-Their routing topology requires the use of Network Address Translation policies to ensure that traffic can reach its destinations correctly.
-They prefer to have the session workload distributed as evenly as possible to ensure both firewalls have lower resource utilization.
-They make use of dynamic routing protocols on their virtual routers for route-based redundancy.
-They chose to go with Active/Active for failover speed reasons.
Which three of the following HA configurations should your customer ensure they use to meet these requirements? (Choose three.)
Answer : BDE
Which CLI command should you use to verify whether all SFP, SFP+, or QSFP modules are installed in a firewall?
Answer : B
Which three attributes can be used to exclude traffic from an SSL Decryption policy? (Choose three.)
Answer : ABE
Which two options describe the behavior of the “Direction” property in a WildFire Analysis Profile rule? (Choose two.)
Answer : AB
A company’s network operations engineer is documenting a solution and wants to know the default priority setting for an LACP connection.
If no changes are made to the default configuration settings for the LACP, which priority setting should you share with the engineer?
Answer : A
Examine the configured Security policy rule. Which day one/Iron Skillet Security Profile Group is used to secure the traffic that is permitted through this rule?
Answer : A
In preparation for a cutover event, which two processes or procedures should be verified? (Choose two.)
Answer : BC
A firewall that was previously connected to a User-ID agent server now shows disconnected.
What is the likely cause?
Answer : D
Have any questions or issues ? Please dont hesitate to contact us