Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

In Panorama the web interface displays the security rules in evaluation order Organize the security rules m the order in which they will be evaluated?

A customer who has a multi-tenant environment needs the administrator to be restricted lo specific objects and policies in the virtual system within its tenant How can an administrators access be restricted?

A.

Define access domains for virtual systems in the environment

B.

Define an Admin Role Profile with Panorama enabling all access

C.

Define an access domain thatenables the device groups assigned to the admin

D.

Define an Admin Role Profile with a device group and template enabling all access

Which Palo Alto Networks feature allows you to create dynamic security policies based on the behavior of the devices in your network?

A.

Behavioral Threat Detection

B.

Cortex XDR

C.

App-ID

D.

Dynamic Address Groups

How can you verify that a new security policy is correctly blocking traffic without disrupting the network?

A.

Enable logging on the rule and monitor the logs

B.

Disable all other rules temporarily

C.

Use the test security-policy-match CLI command

D.

Implement the policy in a lab environment first

In a multi-tenant environment, what feature allows you to assign different administrators to different tenants?

A.

Admin Roles

B.

Device Groups

C.

Access Domains

D.

Virtual Systems

Which two types of security profiles are recommended to protect against known and unknown threats? (Choose two)

A.

Antivirus

B.

URL Filtering

C.

Anti-Spyware

D.

File Blocking

A customer is adding a new site-to-site tunnel from a PaloAlto Networks NGFW to a third party with a policy based VPN peer After the initial configuration is completed and the changes are committed, phase 2 fails to establish

Which two changes may be required to fix the issue? (Choose two)

A.

Verity that the certificate used tor authentication is installed.

B.

Verify that PFS is enabled on both ends

C.

Enable the NAT Traversal advanced option.

D.

Add proxy IDs to the iPsec tunnel configuration

A customer has a five-year-old firewall in production in the time since the firewall was installed, the IT team deleted unused security policies on a regular basis but they did not remove the address objects and groups that were part ofthese security policies.

What is the best way to delete all of the unused address objects on the firewall?

A.

Import the configuration in Expedition, remove unused address objects, and reimport the configuration.

B.

Using CLI execute requestconfiguration address-objectsremove-unused-objects.

C.

Go to Address Objects under the Objects tab and click on Remove unused objects.

D.

Search each address object with Global Find and delete if it shows that the address object is not referenced.

How can you ensure that a Palo Alto Networks firewall does not block traffic during a software update?

A.

Enable the Suspend Traffic During Upgrade option

B.

Schedule the upgrade during a maintenance window

C.

Configure session synchronization

D.

Use the High Availability feature

Which GlobalProtect feature ensures that only trusted endpoints can connect to the network?

A.

Host Information Profile (HIP)

B.

App-ID

C.

User-ID

D.

SSL Decryption