<< Don' for get to press the AD ! mant thanks ! >>
Question 10 of 30. [A]
Which option describes an advantage of Aperture?
Aperture provides consistent security across SaaS applications.
Every application secured provides its own security analysis and management tools.
The Aperture security rules are imported from any vendor’s firewalls.
Aperture essentially is a single management point for cloud-native security across multiple cloud service vendors.
Mark for follow up
Question 20 of 30. [A]
Click Remote Command Execution in the left navigation panel and scroll down to show the visualization of the alert. We only see a red arrow, indicating that: The above image is from the Magnifier demo script that describes exploring an alert. Which answer best completes the demo script after the words “indicating that”?
this is the first time this behavior is seen from this user, and the behavior is anomalous.
83 sessions between 10.10.1.104 and the Private network were blocked.
no sessions are going the other direction, from the Private network to 10.10.1.104.
the blue line, representing sessions going the other direction, is hidden by the red line.
Mark for follow up
Question 22 of 30. [A]
Which demo of the Palo Alto Networks Security Operating Platform can show a customer how to determine who has access to a certain Box cloud storage file?
Aperture
BPA
NGFW
Traps
Mark for follow up
Question 10 of 30. [A]
What happens when access to an application is allowed in a firewall Security policy, but the allowed application implicitly depends on other parent applications or services that otherwise would not be allowed?
The firewall automatically allows the dependencies required for the newly allowed application, and the firewall provides a warning that it is doing so.
The security administrator must specify to the firewall what these dependent applications are.
The newly allowed application itself is allowed, but because it depends on other applications, it cannot be used until they too are explicitly allowed.
The firewall does not “allow applications,” but rather enforces security based on traffic independently of which application generates it.
Mark for follow up
Question 8 of 30. [A]
Palo Alto Networks recommends which approach to cybersecurity?
Zero trust. All traffic is inspected.
Always trust, inspect all traffic afterward.
Trust most things, but don’t trust suspicious traffic.
Trust everything except recognized threats.
Mark for follow up
Question 25 of 30. [AB]
Which two Palo Alto Networks security products can prevent successful ransomware attacks? (Choose two.)
Traps
NGFW
Panorama
SLR
Mark for follow up
Question 17 of 30. [A]
In the Threat Prevention demo, how is WildFire® used to strengthen the security of the environment?
When an unknown file is downloaded as a result of a visit to a website, the file is sent to WildFire® for analysis.
When an Antivirus Profile is attached to a security rule, WildFire® confirms that the viruses blocked by the firewall are still viruses.
When a file is transferred that contains sensitive data, WildFire® identifies that file as containing sensitive data.
All traffic going through the firewall is vetted by WildFire®.
Mark for follow up
Question 21 of 30. [A]
How can a security engineer block all files that contain strings that start with any letters or numbers and contain “pw” or “PW” followed by any numbers?
Using a pattern definition with regular-expression pattern matching.
Creating a virus signature to match viruses that steal passwords.
Treating these filenames as HTTP addresses and using URL filtering.
Using App-ID to block an identified program that processes files with “PW” or “pw” in them.
Mark for follow up
Question 25 of 30. [A]
When a file is uploaded for WildFire® analysis, how can its verdict be found?
Viewing WildFire® submission logs from the firewall’s user interface.
Examining the security rule that allowed the traffic from the firewall’s user interface.
Only by accessing the WildFire® user interface.
The verdict is never seen explicitly, it automatically is incorporated into the firewall’s Security policy.
Mark for follow up
Question 15 of 30. [A]
Which answer best describes the meaning of the above picture in the context of Palo Alto Networks Security Lifecycle Reviews?
The firewall in Tap mode connects to a switch and does not impact customer traffic at all.
The firewall essentially is a router on a stick.
Firewalls can connect only to customer switches, they cannot connect to customer routers.
Firewalls involved in Security Lifecycle Reviews use wireless interfaces only.
Mark for follow up
Question 4 of 30. [A]
Magnifier analyzes logs from:
Palo Alto Networks Logging Service.
Panorama distributed log collectors.
Aperture logs.
Traps logs.
Mark for follow up
Question 18 of 30. [A]
When is it helpful to run a Security Lifecycle Review?
for existing customers as a health check and for potential customers to help build a business case for Palo Alto Networks
primarily to help Customer Support learn more about support cases
only for existing customers, to determine features and functions of the security environment that are not fully or properly utilized
only for potentially new customers, to expose the security weaknesses of their existing security environment
Mark for follow up
Question 2 of 30. [A]
What is the recommended process of configuring a firewall to ensure that all traffic going through it is logged?
Override the intrazone-default and interzone-default rules by clicking their Log at Session End boxes.
Add a rule before the default rules that denies all traffic and logs.
No process is necessary because the Palo Alto Networks NGFW always logs all traffic.
Add a rule that allows everything from everywhere as the first rule and logs all traffic that it allows.
Mark for follow up
Question 3 of 30. [A]
Which option best describes the role of App-ID in Palo Alto Networks NGFW Security policy?
Application data payload is considered as part of the NGFW security rule matching process.
The firewall automatically disallows a competitor’s applications for security reasons.
App-ID is the firewall’s way of identifying which user’s traffic is associated with an application.
App-ID allows administrators to rename standard applications with internal nicknames.
Mark for follow up
Question 8 of 30. [A]
What is the Palo Alto Networks NGFW recommended security policy?
Only traffic that is explicitly allowed passes through the firewall.
Only traffic that is explicitly denied is prevented from passing through the firewall.
Only traffic from recognized users is allowed to pass through the firewall.
Only traffic from unrecognized applications is prevented from passing through the firewall.
Mark for follow up
Question 15 of 30. [A]
Which Palo Alto Networks Security Operating Platform component is best suited to find and block zero-day threats on an employee’s laptop?
Traps
NGFW
Magnifier
Aperture
Mark for follow up
Question 13 of 30. [A]
Which part of the Palo Alto Security Operating Platform uses multiple methods to disrupt an attack before it can infect an endpoint?
Traps
Panorama
Magnifier
Logging Service
Mark for follow up
Question 16 of 30. [A]
Which answer best describes User-ID?
User-ID combines multiple methods to map IP addresses to users, and once users are mapped, they can be used by firewall Security policy rules and reports.
User-ID is the firewall’s internal storage of encrypted passwords, providing access control to firewall administrative functionality.
User-ID is another name for App-ID; applications are considered users of the traffic control function of the firewall.
User-ID is how GlobalProtect knows who can use its service.
Mark for follow up
Question 19 of 30. [A]
Aperture is a product that addresses which kind of security?
SaaS
data center
endpoint
inline network
Mark for follow up
Question 11 of 30. [A]
Which file should be uploaded to the Security Lifecycle Review tool?
Stats Dump file
SLR report csv
Exported config file
SaaS Risk Assessment Report
Mark for follow up
Question 17 of 30. [A]
Which part of the Palo Alto Networks Security Operating Platform helps customers accelerate their consumption of innovative cloud security offerings?
Application Framework
Generation Alpha Firewall
Magnifier
Aperture
Mark for follow up
Question 2 of 30. [A]
Which option helps to find the security rule that allowed traffic from a particular application at a particular time?
the log at NGFW Monitor > Traffic
BPA heatmap
Aperture SaaS Risk Assessment Report
WildFire® verdict
Mark for follow up
Question 13 of 30. [A]
What is the purpose of the “Executive Summary“ section of the SLR?
highlight key findings of the Security Lifecycle Review
summarize pricing for addressing issues identified by an SLR
show the Set Least Resistance properties in one place
summarize pricing for a large proposal
Mark for follow up
Question 8 of 30. [A]
Which demo would you present to showcase abnormalities in network traffic?
Magnifier
The Best Practices Analysis report
Traps
The firewall
Mark for follow up
Question 2 of 30. [A]
Which answer best describes the sales cycle role that a Security Lifecycle Review (SLR) provides?
The SLR is a way to use a prospect’s own data to show where the Palo Alto Networks Security Operating Platform can help them.
Security Lifecycle Reviews can provide automated enforcement for best practices when a single NGFW is left at the customer for six months or more.
The SLR report is a way to show the kind of reports that can be generated after a customer purchases a comprehensive security platform from Palo Alto Networks.
Because it takes so much time, an SLR often lengthens the firewall sales cycle.
Mark for follow up
Question 20 of 30. [A]
Which tool most directly helps a customer’s engineer to systematically check a previous engineer’s Palo Alto Networks NGFW configuration for general cyber hygiene?
Best Practices Analysis tool
NGFW ACC page
Aperture Explore Assets tool
Panorama
Mark for follow up
Question 25 of 30. [ABC]
Which three components are commonly used to contribute to public cloud security? (Choose three.)
SaaS security
endpoint security
inline security in the cloud
physical router and switch security
Mark for follow up
Question 11 of 30. [A]
Which product can be characterized as an API-based CASB?
Aperture
SLR
Magnifier
NGFW
Mark for follow up
---- the answer is not [A] ---------------
Question 7 of 30.
Which Palo Alto Networks Security Operating Platform component can observe the behavior of an unknown file in a simulated environment and provide a verdict?
Aperture
App-ID
Magnifier
WildFire®
Mark for follow up
Question 13 of 30.
Which answer best describes the relationship between security rules and security profiles in a Palo Alto Networks next-generation firewall?
Profiles apply only to traffic that a rule allows.
Profiles apply only to traffic that a rule denies.
The profiles characterize the rules for easy communication and management.
The profiles characterize the data to determine which rules apply.
Mark for follow up
## Question 15 of 30.
The above image, from the Threat Prevention and Next Generation Firewall demo in this course, is captured from the traffic monitor page of the firewall. Why was traffic allowed between the source address of 192.168.1.254 and destination address 199.167.52.141?
Every row of the Action column has “allow,” and that means the firewall allows all traffic by default.
The security rule “inside-to-web-access” allowed this web browsing traffic.
The traffic monitor page shows a tunnel that allows traffic to flow from inside the enterprise network to the cloud.
The image shows the universal web server in the lab, which allows all web browsing traffic from inside or outside the protected network.
Mark for follow up
## Question 24 of 30.
Magnifier identifies behavioral anomalies by:
Comparing customer traffic behavior to a huge database of that customer’s competitors’ traffic behavior.
Comparing customer behavior with an up-to-the-minute list of abnormal behavior.
Comparing differences among data from Traps, Aperture, the next-generation firewall, and GlobalProtect agents.
Comparing customer behavior to known behaviors found in environments with good security hygiene.
Building a baseline of normal customer-specific activity by analyzing collected data over 30 days and comparing new traffic and host profile data to that baseline.
Mark for follow up
Question 27 of 30.
Magnifier is best characterized as an application that provides:
visibility into a monitored environment.
a way to scale institutional security to very large independent sovereign states.
behavioral analytics on data from a monitored environment.
enforcement of Security policy into a monitored environment.
Mark for follow up
Question 9 of 30.
The firewall is set up to block certain file types. A user tries to receive a file with an extension normally associated with an allowed file type. What happens?
The firewall uses App-ID to identify which application generated the file, and then the firewall uses WildFire® to determine if that application is malware.
The firewall uses anti-spyware and antivirus techniques to determine whether to block the file and does not consider the file’s type.
The firewall examines the content of the file to determine which type it is and blocks the file if it is of a blocked type.
The firewall allows transfer of files with extensions associated with allowed types.
Mark for follow up
沒有留言:
張貼留言