A firewall administrator has confirmed reports of a website is not displaying as expected, and wants to ensure that decryption is not causing the issue. Which three methods can the administrator use to determine if decryption is causing the website to fail? (Choose three)

Investigate decryption logs of the specific traffic to determine reasons for failure.

Temporarily disable SSL decryption for all websites to troubleshoot the issue.

Create a policy-based "No Decrypt" rule in the decryption policy to exclude specific traffic from decryption.

Move the policy with action decrypt to the top of the decryption policy rulebase.

After implementing a new NGFW, a firewall engineer is alerted to a VoIP traffic issue. After troubleshooting, the engineer confirms that the firewall is alerting the voice packets payload. What can the engineer do to solve the VoIP traffic issue?

Disable ALG under SIP application

Increase the TCP timeout under SIP application

Disable ALG under H.323 application

Increase the TCP timeout under H.323 application

An administrator is considering deploying WildFire globally. What should the administrator consider with regards to the WildFire analysis process?

Each WildFire cloud analyzes samples independently of the other WildFire clouds.

To comply with data privacy regulations, WildFire signatures and verdicts are not shared globally

Palo Alto Networks owns and maintains one global cloud and four WildFire regional clouds.

The WildFire Global Cloud only provides bare metal analysis.

What happens when an A/P firewall pair synchronizes IPsec tunnel security associations (SAs)?

Phase 2 SAs are synchronized over HA2 links.

Phase 1 and Phase 2 SAs are synchronized over HA2 links.

Phase 1 SAs are synchronized over HA1 links.

Phase 1 and Phase 2 SAs are synchronized over HA3 links.

Which function does the HA4 interface provide when implementing a firewall cluster which contains firewalls configured as active-passive pairs?

Perform session cache synchronization for all HA cluster members with the same cluster ID.

Perform synchronization of sessions, forwarding tables, and IPSec security associations between firewalls in an HA pair.

Perform packet forwarding to the active-passive peer during session setup and asymmetric traffic flow

Perform synchronization of routes, IPSec security associations, and User-ID information.

A network security engineer needs to ensure that virtual systems can communicate with one another within a Palo Alto Networks firewall. Separate virtual routers (VRs) are created for each virtual system. In addition to confirming security policies, which three configuration details should the engineer focus on to ensure communication between virtual systems? (Choose three.)

Add a route with next hop next-vr by using the VR configured in the virtual syste

Ensure the virtual systems are visible to one another.

External zones with the virtual systems added.

Layer 3 zones for the virtual systems that need to communicate.

Add a route with next hop set to none, and use the interface of the virtual systems that need to communicat

Se ha implementado un nuevo servidor de aplicaciones 192.168.197.40 en la DMZ. No hay direcciones IP públicas disponibles, lo que hace que el servidor comparta la IP NAT 198.51.100.88 con otro servidor DMZ que utiliza la dirección IP 192.168.197.60. Se han configurado la seguridad del firewall y las reglas NAT. El equipo de aplicaciones ha confirmado que el nuevo servidor puede establecer una conexión segura con una base de datos externa con la dirección IP 203.0.113.40. El equipo de la base de datos informa que no puede establecer una conexión segura a 198.51.100.88 desde 203.0.113.40. Sin embargo, confirma una prueba de ping exitosa a 198.51.100.88. En referencia a la configuración NAT y los registros de tráfico proporcionados, ¿cómo puede el ingeniero de firewall resolver la situación y garantizar que las conexiones entrantes y salientes funcionen simultáneamente para ambos servidores DMZ?

Sharing a single NAT IP is possible for outbound connectivity not for inbound therefore a new public IP address must be obtained for the new DMZ server and used in the NAT rule 6 DMZ server 2.

Move the NAT rule 6 DMZ server 2 above NAT rule 5 DMZ server 1

Replace the two NAT rules with a single rule that has both DMZ servers as "Source Address" both external servers as "Destination Address," and Source Translation remaining as is with bidirectional option enabled.

Configure separate source NAT and destination NAT rules for the two DMZ servers without using the bidirectional option.

A security team has enabled eal-time WildFire signature lookup on all its firewalls. Which additional action will further reduce the likelihood of newly discovered malware being allowed through the firewalls?

Increase the frequency of the applications and threats dynamic updates

Enable the "Hold Mode" option in Objects > Security Profiles > Antivirus

Increase the frequency of the antivirus dynamic updates

Enable the "Report Grayware Files" option in Device > Setup > WildFire

A company configures its WildFire analysis profile to forward any file type to the WildFire public cloud. A company employee receives an email containing an unknown link that downloads a malicious Portable Executable (PE) file. What does Advanced WildFire do when the link is clicked?

Performs malicious content analysis on the linked page and the corresponding PE file

Performs malicious content analysis on the linked page: but not the corresponding PE file

Does not perform malicious content analysis on the linked page but performs it on the corresponding PE file

Does not perform malicious content analysis on either the linked page or the correspon

Topic 1 Question 601 to 619

Professional Development

•

19 Qs

Similar activities

Day 46-Nov 6-worksheet-Btech-Superelevation & extrawidening

Professional Development

•

15 Qs

MCQ on Innovation & Creativity

Professional Development

•

15 Qs

3003 LO4 13 RCDs Resistor Values and Test Currents

Professional Development

•

17 Qs

RME Review - DOL Motor Starting

Professional Development

•

20 Qs

Python Essentials_FT_Batch 3

Professional Development

•

20 Qs

CISCO PLACEMENT PREPARATION TEST 5 @ 29/3/25 St.JOSEPH'S

Professional Development

•

16 Qs

HIGHWAY NUMERICALS II

Professional Development

•

15 Qs

HIGHWAY ENGINEERING - VEDA - 12/05/2025

Professional Development

•

20 Qs

Topic 1 Question 601 to 619

Quiz

•

Engineering

•

Professional Development

•

Practice Problem

•

Hard

Juan Juan

FREE Resource

19 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A root cause analysis investigation into a recent security incident reveals that several decryption rules have been disabled. The security team wants to generate email alerts when decryption rules are changed.
How should email log forwarding be configured to achieve this goal?

With the relevant system log filter inside Device > Log Settings

With the relevant configuration log filter inside Device > Log Settings

With the relevant configuration log filter inside Objects > Log Forwarding

With the relevant system log filter inside Objects > Log Forwarding

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An engineer has been given approval to upgrade their environment to the latest of PAN-OS.

The environment consists of both physical and virtual firewalls, a virtual Panorama HA pair, and virtual log collectors.

What is the recommended order of operational steps when upgrading?

Upgrade the firewalls, upgrade log collectors, upgrade Panorama

Upgrade the firewalls, upgrade Panorama, upgrade the log collectors

Upgrade the log collectors, upgrade the firewalls, upgrade Panorama

Upgrade Panorama, upgrade the log collectors, upgrade the firewalls

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An administrator has a Palo Alto Networks NGFW. All security subscriptions and decryption are enabled and the system is running close to its resource limits.

Knowing that using decryption can be resource-intensive, how can the administrator reduce the load on the firewall?

Use SSL Forward Proxy instead of SSL Inbound Inspection for decryption.

Use RSA instead of ECDSA for traffic that isn’t sensitive or high-priority.

Use the highest TLS protocol version to maximize security.

Use ECDSA instead of RSA for traffic that isn’t sensitive or high-priority.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A firewall engineer has determined that, in an application developed by the company’s internal team, sessions often remain idle for hours before the client and server exchange any data. The application is also currently identified as unknown-tcp by the firewalls. It is determined that because of a high level of trust, the application does not require to be scanned for threats, but it needs to be properly identified in Traffic logs for reporting purposes.

Which solution will take the least time to implement and will ensure the App-ID engine is used to identify the application?
A. Create a custom application with specific timeouts and signatures based on patterns discovered in packet captures.
B. Access the Palo Alto Networks website and complete the online form to request that a new application be added to App-ID.
C. Create a custom application with specific timeouts, then create an application override rule and reference the custom application.
D. Access the Palo Alto Networks website and raise a support request through the Customer Support Portal.

Create a custom application with specific timeouts and signatures based on patterns discovered in packet captures.

Access the Palo Alto Networks website and complete the online form to request that a new application be added to App-ID.

Create a custom application with specific timeouts, then create an application override rule and reference the custom application

Access the Palo Alto Networks website and raise a support request through the Customer Support Portal.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What happens when the log forwarding built-in action with tagging is used?

Selected logs are forwarded to the Azure Security Center

Destination zones of selected unwanted traffic are blocked.

Destination IP addresses of selected unwanted traffic are blocked

Selected unwanted traffic source zones are blocked.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A firewall engineer creates a source NAT rule to allow the company’s internal private network 10.0.0.0/23 to access the internet. However, for security reasons, one server in that subnet (10.0.0.10/32) should not be allowed to access the internet, and therefore should not be translated with the NAT rule.

MULTIPLE SELECT QUESTION

45 sec • 1 pt

What are three prerequisites to enable Credential Phishing Prevention over SSL? (Choose three.)

Create a URL filtering profile

Create an anti-virus profile.

Enable User-ID.

Configure a URL profile to block the phishing category.

Create a decryption policy rule.

Create a free account and access millions of resources

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

20 questions

Basic Electrical Engineering test-1(EEE)

Quiz

•

Professional Development

15 questions

22EC4204 TLW practice quiz3

Quiz

•

Professional Development

20 questions

Exploring Semiconductor Devices

Quiz

•

Professional Development

20 questions

Emerging Technologies in Electricity

Quiz

•

Professional Development

20 questions

HOW WELL DO YOU KNOW ME ( MADYSON ADDITION 2025)

Quiz

•

Professional Development

20 questions

DDCO QUIZ

Quiz

•

Professional Development

15 questions

HVE Breakdown in Insulating Materials

Quiz

•

Professional Development

20 questions

Operating systems (CSE) test-2

Quiz

•

Professional Development

Popular Resources on Wayground

25 questions

Multiplication Facts

Quiz

•

5th Grade

15 questions

4:3 Model Multiplication of Decimals by Whole Numbers

Quiz

•

5th Grade

10 questions

The Best Christmas Pageant Ever Chapters 1 & 2

Quiz

•

4th Grade

12 questions

Unit 4 Review Day

Quiz

•

3rd Grade

20 questions

Christmas Trivia

Quiz

•

6th - 8th Grade

18 questions

Kids Christmas Trivia

Quiz

•

KG - 5th Grade

14 questions

Christmas Trivia

Quiz

•

5th Grade

15 questions

Solving Equations with Variables on Both Sides Review

Quiz

•

8th Grade

Discover more resources for Engineering

26 questions

Christmas Movie Trivia

Lesson

•

8th Grade - Professio...

20 questions

Disney Characters

Quiz

•

Professional Development

20 questions

Customer Service

Quiz

•

Professional Development

10 questions

Food Idioms

Quiz

•

Professional Development

20 questions

NCCER Power Tools Quiz

Quiz

•

Professional Development

Topic 1 Question 601 to 619

19 questions

A root cause analysis investigation into a recent security incident reveals that several decryption rules have been disabled. The security team wants to generate email alerts when decryption rules are changed.How should email log forwarding be configured to achieve this goal?

An engineer has been given approval to upgrade their environment to the latest of PAN-OS.The environment consists of both physical and virtual firewalls, a virtual Panorama HA pair, and virtual log collectors.What is the recommended order of operational steps when upgrading?

An administrator has a Palo Alto Networks NGFW. All security subscriptions and decryption are enabled and the system is running close to its resource limits.Knowing that using decryption can be resource-intensive, how can the administrator reduce the load on the firewall?

What happens when the log forwarding built-in action with tagging is used?

What are three prerequisites to enable Credential Phishing Prevention over SSL? (Choose three.)

A company is expanding its existing log storage and alerting solutions. All company Palo Alto Networks firewalls currently forward logs to Panorama.Which two additional log forwarding methods will PAN-OS support? (Choose two.)

A firewall administrator has confirmed reports of a website is not displaying as expected, and wants to ensure that decryption is not causing the issue.Which three methods can the administrator use to determine if decryption is causing the website to fail? (Choose three)

After implementing a new NGFW, a firewall engineer is alerted to a VoIP traffic issue. After troubleshooting, the engineer confirms that the firewall is alerting the voice packets payload.What can the engineer do to solve the VoIP traffic issue?

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Engineering

A root cause analysis investigation into a recent security incident reveals that several decryption rules have been disabled. The security team wants to generate email alerts when decryption rules are changed.
How should email log forwarding be configured to achieve this goal?

An engineer has been given approval to upgrade their environment to the latest of PAN-OS.

The environment consists of both physical and virtual firewalls, a virtual Panorama HA pair, and virtual log collectors.

What is the recommended order of operational steps when upgrading?

An administrator has a Palo Alto Networks NGFW. All security subscriptions and decryption are enabled and the system is running close to its resource limits.

Knowing that using decryption can be resource-intensive, how can the administrator reduce the load on the firewall?

A company is expanding its existing log storage and alerting solutions. All company Palo Alto Networks firewalls currently forward logs to Panorama.

Which two additional log forwarding methods will PAN-OS support? (Choose two.)

A firewall administrator has confirmed reports of a website is not displaying as expected, and wants to ensure that decryption is not causing the issue.

Which three methods can the administrator use to determine if decryption is causing the website to fail? (Choose three)

After implementing a new NGFW, a firewall engineer is alerted to a VoIP traffic issue. After troubleshooting, the engineer confirms that the firewall is alerting the voice packets payload.

What can the engineer do to solve the VoIP traffic issue?