Which three steps must an administrator perform to load only address objects from a PAN-OS saved configuration file into a VM-300 firewall that is in production? (Choose three.)

import named configuration snapshot through the web interface

use load config partial command

enter the configuration mode from the CLI

use the device configuration import in Panorama

load the config in the web interface and commit

DRAG DROP - Match the task for server settings in group mapping with its order in the process

Navigate to Device > User Identification > Group Mapping

Enter a unique name to identify the group mapping configuration

DRAG DROP - Match the App-ID adoption task with its order in the process

Perform a like-for-like (layer 3/4) migration from the legacy firewall to the Palo Alto Networks NGFW

Capture, retain, and verify that all trafic has been logged for a period of time.

Clone the legacy rules and add aplication information to the intended application-based rules

Verify thet no traffic is hitting the legacy rules.

TAC has requested a PCAP on your Panorama to see why the DNS app is having intermittent issues resolving FQDN. What is the appropriate CLI command?

tcpdump snaplen 0 filter “port 53”

tcpdump snaplen 53 filter “port 53”

tcp dump snaplen 0 filter “app dns”

tcp dump snaplen 53 filter “tcp 53”

A firewall configuration is being migrated by Expedition from a third-party vendor to a Palo Alto Networks Next-Generation Firewall (NGFW.). Expedition flags one service as invalid following the import of the original configuration file. An engineer investigates and finds the invalid service to be ping which is used by the security policies. Which action should the engineer take?

Use the search & replace in Expedition to replace the ping service classification with ping application

Create an Application Override policy to override the ping service classification with ping application.

Remove ping service from all the policies which reference it.

Ignore the invalid flag in Expedition for the firewall to accept ping service.

SSL decryption has been implemented in a customer environment. The firewall protecting this environment is using PAN-OS 10.0. Users of an application are filing support cases claiming that a function of this application is no longer working. Where should the investigation for decryption issues begin?

the “session end reason” column in the Traffic log

the CLI, using the less mp-log ikemgr.log command

What information is necessary to properly plan the deployment of a Panorama hardware appliance for firewall management?

Wiring, power, Console access, and management interface connectivity

Virtual router, zones, and interface configuration of the dataplane interface

ESXi Server location and routing to the Panorama appliance

Panorama Mode, number of managed devices, CPU, and memory allocation in the hypervisor

SSL Forward Proxy decryption is enabled on the firewall. When clients use Chrome to browse to HTTPS sites, the firewall returns the Forward Trust certificate, even when accessing websites with invalid certificates. The clients need to be presented with a browser warning error with the option to proceed to websites with invalid certificates. Which two options will satisfy this requirement? (Choose two.)

Create a self-signed Forward Untrust enabled certificate.

Remove the Forward Untrust option from the Forward Trust certificate.

Create a PKI signed Forward Untrust enabled certificate.

Create a Decryption Profile with the “Block sessions with expired certificates” option enabled.

Your customer wants to implement Active/Active High Availability for their PA-5260 pair. The following conditions are true in their environment: -They are using multiple Layer 3 interfaces to process traffic. -Their routing topology requires the use of Network Address Translation policies to ensure that traffic can reach its destinations correctly. -They prefer to have the session workload distributed as evenly as possible to ensure both firewalls have lower resource utilization. -They make use of dynamic routing protocols on their virtual routers for route-based redundancy. -They chose to go with Active/Active for failover speed reasons. Which three of the following HA configurations should your customer ensure they use to meet these requirements? (Choose three.)

HA1A, HA1B, HA2, and HA3 interfaces

Active/Active HA Binding in the NAT policies

Session selection algorithm – First Packet

Session selection algorithm – Primary Device

Which CLI command should you use to verify whether all SFP, SFP+, or QSFP modules are installed in a firewall?

show system state filter sys.s*.p*.phy

show system state filter sys.p*.phy

show interface <interface name> detail

PCNSC question 21 to 40

Professional Development

•

20 Qs

Similar activities

MCQ on Innovation & Creativity

Professional Development

•

15 Qs

3003 LO4 13 RCDs Resistor Values and Test Currents

Professional Development

•

17 Qs

RME Review - DOL Motor Starting

Professional Development

•

20 Qs

Prueba Analista de Tecnología

Professional Development

•

20 Qs

Python Essentials_FT_Batch 3

Professional Development

•

20 Qs

CISCO PLACEMENT PREPARATION TEST 5 @ 29/3/25 St.JOSEPH'S

Professional Development

•

16 Qs

HIGHWAY NUMERICALS II

Professional Development

•

15 Qs

HIGHWAY ENGINEERING - VEDA - 12/05/2025

Professional Development

•

20 Qs

PCNSC question 21 to 40

Quiz

•

Engineering

•

Professional Development

•

Practice Problem

•

Hard

Juan Juan

FREE Resource

20 questions

Show all answers

CLASSIFICATION QUESTION

3 mins • 1 pt

Match the command with the appropriate scenario for its use

Groups:

(a) Management plane resource

(b) Data plane resources

(d) Authentication log

tail follow yes mp.log authd.log

show running resource-monitor

tail follow yes dp.log authd.log

debug dataplane packet-diag

show system resources

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Your customer is setting up an IPsec VPN tunnel with a third party. The third-party device only supports policy-based IPsec VPN tunnels.
What must be set up on the IPsec tunnel on the Palo Alto Networks Next-Generation Firewall to support policy-based tunnels?

policy-based forwarding

static route

Proxy-ID

DNS proxy

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which category of Vulnerability Signatures is most likely to trigger false positive alerts?

info-leak

code-execution

phishing

brute-force

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What information is required in order to plan the deployment of a perimeter firewall?

the management IP of the DSL device provided by the ISP

The operating system and browser version of the management client

the link type and speed of the surrounding devices

the name of the Internet provider and the cost of the link

MULTIPLE SELECT QUESTION

45 sec • 1 pt

A customer uses an application on the network that shows unknown-tcp application in the traffic logs.
Which two actions can the administrator take to make the application display this information? (Choose two.)

Create a custom application by using fingerprinting applications

Submit a request for a new App-ID on the Application & Threat Research Center

Create a customer application by using signatures

Submit a request for new App-ID with Unit-42

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What happens when a packet from an existing session is received by a firewall that is not the owner in an HA active/active configuration?

The firewall requests the sender to resend the packet

The firewall forwards the packet to the peer firewall over the HA3 link.

The firewall takes ownership of the session from the peer firewall

The firewall drops the packet to prevent any L3 loops.

MULTIPLE SELECT QUESTION

45 sec • 1 pt

You have just completed a firewall migration project in Expedition. Expedition is not directly connected to a firewall. You decide to export the configuration.
What two file types will be available to you in the download options? (Choose two.)

a tech support file for the target firewall

the README file describing how to use the XML file

a TXT file with SET commands

an XML file to upload to the Palo Alto Networks device

Create a free account and access millions of resources

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

20 questions

ICIT:Quiz on Overview of Protective Devices

Quiz

•

Professional Development

20 questions

CANDU COOP Not-Kahoot Quiz

Quiz

•

Professional Development

20 questions

Egzamin zawodowy styczeń 2024 - PART 1

Quiz

•

Professional Development

20 questions

RME Review - Autotransformer Motor Starter

Quiz

•

Professional Development

15 questions

joomla_finalquiz3

Quiz

•

Professional Development

15 questions

Quiz on Group Technology

Quiz

•

Professional Development

15 questions

Material Handling and Transport Systems Quiz

Quiz

•

Professional Development

20 questions

5.24 Tech Series Quiz 27.06.2025

Quiz

•

Professional Development

Popular Resources on Wayground

10 questions

Forest Self-Management

Lesson

•

1st - 5th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

30 questions

Thanksgiving Trivia

Quiz

•

9th - 12th Grade

30 questions

Thanksgiving Trivia

Quiz

•

6th Grade

11 questions

Would You Rather - Thanksgiving

Lesson

•

KG - 12th Grade

48 questions

The Eagle Way

Quiz

•

6th Grade

10 questions

Identifying equations

Quiz

•

KG - University

10 questions

Thanksgiving

Lesson

•

5th - 7th Grade

Discover more resources for Engineering

20 questions

HS2C2 AB QUIZIZZ

Quiz

•

1st Grade - Professio...

PCNSC question 21 to 40

20 questions

​ ​ ​ ​ ​ ​ Match the command with the appropriate scenario for its use

Your customer is setting up an IPsec VPN tunnel with a third party. The third-party device only supports policy-based IPsec VPN tunnels.What must be set up on the IPsec tunnel on the Palo Alto Networks Next-Generation Firewall to support policy-based tunnels?

Which category of Vulnerability Signatures is most likely to trigger false positive alerts?

What information is required in order to plan the deployment of a perimeter firewall?

A customer uses an application on the network that shows unknown-tcp application in the traffic logs.Which two actions can the administrator take to make the application display this information? (Choose two.)

What happens when a packet from an existing session is received by a firewall that is not the owner in an HA active/active configuration?

You have just completed a firewall migration project in Expedition. Expedition is not directly connected to a firewall. You decide to export the configuration.What two file types will be available to you in the download options? (Choose two.)

Which three steps must an administrator perform to load only address objects from a PAN-OS saved configuration file into a VM-300 firewall that is in production? (Choose three.)

DRAG DROP -Match the task for server settings in group mapping with its order in the process

DRAG DROP -Match the App-ID adoption task with its order in the process

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Engineering

Match the command with the appropriate scenario for its use

Your customer is setting up an IPsec VPN tunnel with a third party. The third-party device only supports policy-based IPsec VPN tunnels.
What must be set up on the IPsec tunnel on the Palo Alto Networks Next-Generation Firewall to support policy-based tunnels?

A customer uses an application on the network that shows unknown-tcp application in the traffic logs.
Which two actions can the administrator take to make the application display this information? (Choose two.)

You have just completed a firewall migration project in Expedition. Expedition is not directly connected to a firewall. You decide to export the configuration.
What two file types will be available to you in the download options? (Choose two.)

DRAG DROP -
Match the task for server settings in group mapping with its order in the process

DRAG DROP -
Match the App-ID adoption task with its order in the process