For correct routing to SSL VPN clients to occur, the following must be configured:
A. Network Address Translation must be enabled for the SSL VPN client IP pool
B. A dynamic routing protocol between the Palo Alto Networks device and the next-hop gateway to advertise the SSL VPN client IP pool
C. A static route on the next-hop gateway of the SSL VPN client IP pool with a destination of the Palo Alto Networks device
D. No routing needs to be configured - the PAN device automatically responds to ARP requests for the SSL VPN client IP pool
Which of the following is NOT a valid option for built-in CLI access roles?
A. read/write
B. superusers
C. vsysadmin
D. deviceadmin
WildFire Analysis Reports are available for the following Operating Systems (select all that apply)
A. Windows XP
B. Windows 7
C. Windows 8
D. Mac OS-X
Which of the Dynamic Updates listed below are issued on a daily basis?
A. Global Protect
B. URL Filtering
C. Antivirus
D. Applications and Threats
All of the interfaces on a Palo Alto Networks device must be of the same interface type.
A. True
B. False
Which of the following types of protection are available in DoS policy?
A. Session Limit, SYN Flood, UDP Flood
B. Session Limit, Port Scanning, Host Swapping, UDP Flood
C. Session Limit, SYN Flood, Host Swapping, UDP Flood
D. Session Limit, SYN Flood, Port Scanning, Host Swapping
Traffic going to a public IP address is being translated by a Palo Alto Networks firewall to an internal server's private IP address. Which IP address should the Security Policy use as the "Destination IP" in order to allow traffic to the server?
A. The firewall's gateway IP
B. The server's public IP
C. The server's private IP
D. The firewall's MGT IP
Which of the following can provide information to a Palo Alto Networks firewall for the purposes of User-ID? (Select all correct answers.)
A. Network Access Control (NAC) device
B. Domain Controller
C. RIPv2
D. SSL Certificates
Which routing protocol is supported on the Palo Alto Networks platform?
A. BGP
B. RSTP
C. ISIS
D. RIPv1
When you have created a Security Policy Rule that allows Facebook, what must you do to block all other webbrowsing traffic?
A. Create an additional rule that blocks all other traffic.
B. When creating the policy, ensure that webbrowsing is included in the same rule.
C. Ensure that the Service column is defined as "applicationdefault" for this Security policy. Doing this will automatically include the implicit webbrowsing application dependency.
D. Nothing. You can depend on PANOS to block the webbrowsing traffic that is not needed for Facebook use.
Where does a GlobalProtect client connect to first when trying to connect to the network?
A. AD agent
B. User-ID agent
C. GlobalProtect Gateway
D. GlobalProtect Portal
An Interface Management Profile can be attached to which two interface types? (Choose two.)
A. Loopback
B. Virtual Wire
C. Layer 2
D. Layer 3
E. Tap
What needs to be done prior to committing a configuration in Panorama after making a change via the CLI or web interface on a device?
A. No additional actions required
B. Synchronize the configuration between the device and Panorama
C. Make the same change again via Panorama
D. Re-import the configuration from the device into Panorama
When allowing an Application in a Security policy on a PAN-OS 5.0 device, would a dependency Application need to also be enabled if the application does not employ HTTP, SSL, MSRPC, RPC, t.120, RTSP, RTMP, and NETBIOS-SS.
A. Yes
B. No
Which of the following statements is NOT True regarding a Decryption Mirror interface?
A. Requires superuser privilege
B. Supports SSL outbound
C. Can be a member of any VSYS
D. Supports SSL inbound