How are policies evaluated in the AWS management console when creating a Security policy for a Cloud NGFW?

The administrator sets a rule priority to determine the order in which they are evaluated.

The administrator sets a rule order to determine the order in which they are evaluated.

They can be dragged up or down the stack as they are evaluated.

They must be created in the order they are intended to be evaluated.

During a security incident investigation, which Security profile will have logs of attempted confidential data exfiltration?

Vulnerability Protection Profile

Which set of attributes is used by IoT Security to identify and classify appliances on a network when determining Device-ID?

MAC address, device manufacturer, and operating system

IP address, network traffic patterns, and device type

Hostname, application usage, and encryption method

Device model, firmware version, and user credential

Which action is only taken during slow path in the NGFW policy?

Layer 2—Layer 4 firewall processing

How do Cloud NGFW instances get created when using AWS centralized deployments?

Cloud NGFW is placed in a vWAN with a virtual hub.

They replace the internet gateway service.

Selected VPCs will have Cloud NGFW workloads added to them.

A security VPC will be created as transit gateways to push all traffic through the area.

Which GlobalProtect configuration is recommended for granular security enforcement of remote user device posture?

Configuring host information profile (HIP) checks for all mobile users

Configuring a rule that blocks the ability of users to disable GlobalProtect while accessing internal applications

Implementing multi-factor authentication (MFA) for all users attempting to access internal applications

Applying log at session end to all GlobalProtect Security policies

Which AI-powered solution provides unified management and operations for NGFWs and Prisma Access?

Autonomous Digital Experience Manager (ADEM)

Which action allows an engineer to collectively update VM-Series firewalls with Strata Cloud Manager (SCM)?

Creating a device grouping rule

Creating an update grouping rule

A network security engineer needs to implement segmentation but is under strict compliance requirements to place security enforcement as close as possible to the private applications hosted in Azure. Which deployment style is valid and meets the requirements in this scenario?

C. On a VM-Series NGFW, configure several Layer 3 zones with Layer 3 interfaces assigned to logically segment the network.

A. On a VM-Series NGFW, configure several Layer 2 zones with Layer 2 interfaces assigned to logically segment the network.

B. On a PA-Series NGFW, configure several Layer 2 zones with Layer 2 interfaces assigned to logically segment the network.B. On a PA-Series NGFW, configure several Layer 2 zones with Layer 2 interfaces assigned to logically segment the network.

D. On a PA-Series NGFW, configure several Layer 3 zones with Layer 3 interfaces assigned to logically segment the network.

A primary firewall in a high availability (HA) pair is experiencing a current failover issue with ICMP pings to a secondary device. Which metric should be reviewed for proper ICMP pings between the firewall pair?

Bidirectional Forwarding Detection (BFD)

What are two recommendations to ensure secure and efficient connectivity across multiple locations in a distributed enterprise network? (Choose two.)

Use Prisma Access to provide secure remote access for branch users.

Employ centralized management and consistent policy enforcement across all locations.

Create broad VPN policies for contractors working at branch locations.

Implement a flat network design for simplified network management and reduced overhead.

Which two configurations are required when creating deployment profiles to migrate a perpetual VM-Series firewall to a flexible VM? (Choose two.)

Allocate the same number of vCPUs as the perpetual VM.

Allow only the same security services as the perpetual VM.

Choose 'Fixed vCPU Models' for configuration type.

Deploy virtual Panorama for management.

What occurs when a security profile group named 'default' is created on an NGFW?

It is automatically applied to all new security rules.

It only applies to traffic that has been dropped due to the reset client action.

It allows traffic to bypass all security checks by default.

It negates all existing security profiles rules on new policy.

In a service provider environment, what key advantage does implementing virtual systems provide for managing multiple customer environments?

Logical separation of control and Security policy

Shared threat prevention policies across all tenants

Centralized authentication for all customer domains

Unified logging across all virtual systems

An administrator wants to implement additional Cloud-Delivered Security Services (CDSS) on a data center NGFW that already has one enabled. What benefit does the NGFW's single-pass parallel processing (SP3) architecture provide?

There will be only a minor reduction in performance.

It allows for traffic inspection at the application level.

There will be no additional performance degradation.

It allows additional security inspection devices to be added inline.

How can a firewall administrator block a list of 300 unique URLs in the most time-efficient manner?

Import the list into a custom URL category.

Use application filters to block the App-IDs.

Use application groups to block the App-IDs.

Block multiple predefined URL categories.

BOLA2

Authored by Abduh Rumfot

English

10th Grade

Used 3+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

25 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What key capability distinguishes Content-ID technology from conventional network security approaches?

It performs packet header analysis short of deep packet inspection.

It provides single-pass application layer inspection for real-time threat prevention.

It exclusively monitors network traffic volumes.

It relies primarily on reputation-based filtering.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

In a distributed enterprise implementing Prisma SD-WAN, which configuration element should be implemented first to ensure optimal traffic flow between remote sites and headquarters?

Deploy redundant ION devices at each location.

Implement dynamic path selection using real-time performance metrics.

Configure static routes between all the branch offices.

Enable split tunneling for all branch locations.

MULTIPLE SELECT QUESTION

30 sec • 1 pt

Which two components of a Security policy, when configured, allow third-party contractors access to internal applications outside business hours? (Choose two.)

App-ID

Service

User-ID

Schedule

MULTIPLE SELECT QUESTION

30 sec • 1 pt

A company has an ongoing initiative to monitor and control IT-sanctioned SaaS applications. To be successful, it will require configuration of decryption policies, along with data filtering and URL Filtering Profiles used in Security policies. Based on the need to decrypt SaaS applications, which two steps are appropriate to ensure success? (Choose two.)

Configure SSL Forward Proxy.

Validate which certificates will be used to establish trust.

Configure SSL Inbound Inspection.

Create new self-signed certificates to use for decryption.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A network security engineer wants to forward Strata Logging Service data to tools used by the Security Operations Center (SOC) for further investigation. In which best practice step of Palo Alto Networks Zero Trust does this fit?

Map and Verify Transactions

Implementation

Standards and Designs

Report and Maintenance

MULTIPLE SELECT QUESTION

30 sec • 1 pt

A network engineer pushes specific Panorama reports of new AI URL category types to branch NGFWs. Which two report types achieve this goal? (Choose two.)

SNMP

Custom

PDF summary

CSV export

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which subscription sends non-file format-based traffic that matches Data Filtering Profile criteria to a cloud service to render a verdict?

Enterprise DLP

Advanced URL Filtering

SaaS Security Inline

Advanced WildFire

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Microsoft

or continue with

Facebook

Apple

Others

Already have an account?

Popular Resources on Wayground

28 questions

US History Regents Review

Quiz

•

11th Grade

36 questions

Biology Regents Review

Quiz

•

9th - 10th Grade

20 questions

Math Review

Quiz

•

3rd Grade

38 questions

Regents Life Science General Review

Quiz

•

9th Grade

20 questions

Math Review

Quiz

•

6th Grade

21 questions

EOY Grade 6 Benchmark Assessment - Content Skills

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

20 questions

Figurative Language Review

Quiz

•

6th Grade

Discover more resources for English

15 questions

Persuasive Appeals Practice

Quiz

•

9th - 12th Grade