When HTTP header logging is enabled on a URL Filtering profile, which attribute-value can be logged?
A. X-Forwarded-For
B. HTTP method
C. HTTP response status code
D. Content type
In an HA pair running Active/Passive mode, over which interface do the dataplanes communicate?
A. HA3
B. HA1
C. HA2
D. HA4
What is the basis for purchasing Cortex XDR licensing?
A. volume of logs being processed based on Datalake purchased
B. number of nodes and endpoints providing logs
C. unlimited licenses
D. number of NGFWs
WildFire can discover zero-day malware in which three types of traffic? (Choose three)
A. SMTP
B. HTTPS
C. FTP
D. DNS
E. TFTP
Which CLI command allows visibility into SD-WAN events such as path Selection and path quality measurements?
A. >show sdwan path-monitor stats vif
B. >show sdwan session distribution policy-name
C. >show sdwan connection all
D. >show sdwan event
What are two benefits of using Panorama for a customer who is deploying virtual firewalls to secure data center traffic? (Choose two.)
A. It can provide the Automated Correlation Engine functionality, which the virtual firewalls do not support.
B. It can monitor the virtual firewalls' physical hosts and Vmotion them as necessary
C. It can automatically create address groups for use with KVM.
D. It can bootstrap the virtual firewalls for dynamic deployment scenarios.
A prospective customer currently uses a firewall that provides only Layer 4 inspection and protections. The customer sees traffic going to an external destination, port 53, but cannot determine what Layer 7 application traffic is going over that port
Which capability of PAN-OS would address the customer's lack of visibility?
A. Device ID, because it will give visibility into which devices are communicating with external destinations over port 53
B. single pass architecture (SPA), because it will improve the performance of the Palo Alto Networks Layer 7 inspection
C. User-ID, because it will allow the customer to see which users are sending traffic to external destinations over port 53
D. App-ID, because it will give visibility into what exact applications are being run over that port and allow the customer to block unsanctioned applications using port 53
The need for a file proxy solution, virus and spyware scanner, a vulnerability scanner, and HTTP decoder for URL filtering is handled by which component in the NGFW?
A. First Packet Processor
B. Stream-based Signature Engine
C. SIA (Scan It All) Processing Engine
D. Security Processing Engine
Which three considerations should be made prior to installing a decryption policy on the NGFW? (Choose three.)
A. Include all traffic types in decryption policy
B. Inability to access websites
C. Exclude certain types of traffic in decryption policy
D. Deploy decryption setting all at one time
E. Ensure throughput is not an issue
For customers with high bandwidth requirements for Service Connections, what two limitations exist when onboarding multiple Service Connections to the same Prisma Access location servicing a single Datacenter? (Choose two.)
A. Network segments in the Datacenter need to be advertised to only one Service Connection
B. The customer edge device needs to support policy-based routing with symmetric return functionality
C. The resources in the Datacenter will only be able to reach remote network resources that share the same region
D. A maximum of four service connections per Datacenter are supported with this topology
A potential customer requires an NGFW solution which enables high-throughput, low-latency network security, all while incorporating unprecedented features and technology. They need a solution that solves the performance problems that plague today's security infrastructure.
Which aspect of the Palo Alto Networks NGFW capabilities can you highlight to help them address the requirements?
A. SP3 (Single Pass Parallel Processing)
B. GlobalProtect
C. Threat Prevention
D. Elastic Load Balancers
Which two steps are required to configure the Decryption Broker? (Choose two.)
A. reboot the firewall to activate the license
B. activate the Decryption Broker license
C. enable SSL Forward Proxy decryption
D. enable a pair of virtual wire interfaces to forward decrypted traffic
What is the default behavior in PAN-OS when a 12 MB portable executable (PE) fe is forwarded to the WildFire cloud service?
A. PE File is not forwarded.
B. Flash file is not forwarded.
C. PE File is forwarded
D. Flash file is forwarded
A customer is seeing an increase in the number of malicious files coming in from undetectable sources in their network. These files include doc and .pdf file types.
The customer uses a firewall with User-ID enabled
Which feature must also be enabled to prevent these attacks?
A. Content Filtering
B. WildFire
C. Custom App-ID rules
D. App-ID
Which statement is true about Deviating Devices and metrics?
A. A metric health baseline is determined by averaging the health performance for a given metric over seven days plus the standard deviation
B. Deviating Device Tab is only available with a SD-WAN Subscription
C. An Administrator can set the metric health baseline along with a valid standard deviation
D. Deviating Device Tab is only available for hardware-based firewalls