1) Which two profile types can block a C2 channel? (Choose two.)
a) Anti-Spyware
b) Certification
c) Command and Control
d) Decryption
e) URL Filtering
2) Which Prisma product can secure user network traffic against potential threats?
a) Next Generation Firewall
b) Security Subscriptions
c) Panorama
d) SD-WAN
3) Which Prisma product detects zero-day malware protection?
a) Next Generation Firewall
b) Security Subscriptions
c) Panorama
d) SD-WAN
4) Which Prisma products implements and manages software-defined networking?
a) Next Generation Firewall
b) Security Subscriptions
c) Panorama
d) SD-WAN
5) Which Palo Alto Networks product directly protects corporate laptops people use at work?
a) Strata next-generation firewall
b) Cortex XSOAR
c) Panorama
d) WildFire
6) Which NGFW feature detects zero-day malware?
a) GlobalProtect
b) WildFire
c) URL Filtering
d) Antivirus Security Profile
7) Which two steps are essential parts of the PPA process? (Choose two.)
a) a structured interview with the customer about their security prevention capabilities
b) upload of a file generated by the customer’s firewall capturing the threats they are facing
c) a report to the customer about how to improve their security posture
d) a discussion about expectations of threat prevention in a proof-of-concept
e) a head-to-head comparison of NGFW detected threats vs their current solution(s).
8) Which report provides compelling evidence for existing security gaps for Prospects?
a) BPA
b) PPA
c) BPA Heatmap
d) SLR
9) Which Panorama deployment mode collects forwarded log events without firewall management capability?
a) Panorama mode
b) Legacy mode
c) Management only mode
d) Log collector mode
10) Which deployment mode is supported only by a virtual Panorama?
e) Panorama mode
f) Legacy mode
g) Management only mode
h) Log collector mode
11) Which of the following determines Dynamic user group membership?
i) Security subscription feeds
j) XML API
k) group type
l) tags
12) Which of the following security profiles provides protection against documents containing zero-day malware?
a) Antivirus
b) Anti-spyware
c) Vulnerability protection
d) URL filtering
e) File blocking
f) Wildfire Analysis
g) Data filtering
13) Which of the following security profiles provides protection against a web connection to a known command and control site? (Choose two.)
a) Antivirus
b) Anti-spyware
c) Vulnerability protection
d) URL filtering
e) File blocking
f) Wildfire Analysis
g) Data filtering
14) Which of the following security profiles provides protection against transferring documents containing credit card numbers?
a) Antivirus
b) Anti-spyware
c) Vulnerability protection
d) URL filtering
e) File blocking
f) Wildfire Analysis
g) Data filtering
15) Which of the following security profiles provides control for the types of web sites a user can access?
a) Antivirus
b) Anti-spyware
c) Vulnerability protection
d) URL filtering
e) File blocking
f) Wildfire Analysis
g) Data filtering
16) Which technology identifies potentially infected hosts by correlating user and network activity data in Threat, URL, and Data Filtering logs?
a) Botnet report
b) Correlation object
c) DNS security
d) Autofocus
e) DNS Sinkhole
17) Which of the following processing tasks shows an advantage of a file proxy engine over a stream-based single-pass engine?
e) mapping IP addresses to users
a) using protocol decoders, decryption, and heuristics to identify applications
b) blocking data sent over traditional email protocols
c) scanning traffic for vulnerability exploits, viruses, and spyware
18) Real-time threat signatures used by the Strata firewall are generated by what service?
a) WildFire
b) AutoFocus
c) Expedition
d) Prisma Access
19) If a customer is interested in software-defined networking integrating with security services appropriately for specific use-cases, which reference architecture would be your best reference?
a) Public Cloud
b) Secure Access Service Edge
c) Security Operations
d) Private Data Center
e) Zero Trust
f) Automation
20) Which interface mode do you use to generate the Stats Dump file that can be converted into an SLR? Assume that you want to make the evaluation as non-intrusive as possible.
a) tap
b) virtual wire
c) Layer 2
d) Layer 3
21) Which two success tools are most appropriate for a prospective customer that is using a competitor’s offerings but has no security prevention strategy? (Choose two.)
a) Expedition
b) Prevention Posture Assessment
c) Security Lifecycle Review
d) Best Practice Assessment with Heatmaps
e) Data Center Segmentation Strategy Analyzer
22) Which file types are not supported as an upload sample for file upload by WildFire from the wildfire.paloaltonetworks.com/wildfire/upload page?
a) iOS applications
b) Android applications
c) Windows applications
d) Microsoft Excel files
23) Which kind of attack cannot be stopped by the Palo Alto Networks Security Operating Platform?
a) attacks through SaaS applications, such as exfiltration through Box
b) attacks that do not cross the firewall, regardless of source or destination
c) attacks based on social engineering that mimic normal user behavior
d) denial-of-service attacks from a trusted source
e) intrazone attacks, regardless of source or destination
24) WildFire functionality is like that of a sandbox. Is the statement an accurate description?
a) Yes, WildFire functionality is exactly that of a virtual sandbox in the cloud, provided to test files that customers upload or download.
b) No, WildFire does not supply sandbox functionality, although it competes with products that do.
c) No, WildFire provides dynamic analysis, machine learning, and other techniques along with sandbox functionality.
d) Yes, WildFire provides all its functionality as part of its virtual-physical hybrid sandbox environment
25) Which option is an example of how the next-generation firewall can provide visibility and enforcement around SaaS applications?
a) Through partnership with SaaS application vendors, special virtual firewalls that support a subset of full firewall functionality are used inside the SaaS applications themselves.
b) A built-in default security rule in the firewall blocks dangerous SaaS applications based on an automatically updated database of dangerous SaaS applications.
c) Built-in default functionality in the firewall sends all files sent or received by SaaS applications to WildFire.
d) The firewall can filter SaaS applications based on whether they comply with industry certifications such as SOC1, HIPAA, and FINRAA.
26) When a cloud deployment is secured, which role does the next-generation firewall play?
a) A member of the VM-Series is attached to each VM in the cloud environment, to stop malware, exploits, and ransomware before they can compromise the virtual systems they are attached to.
b) The NGFW exports its Security policy through Panorama, which in turn distributes that policy to the cloud based Prisma SaaS service that enforces the NGFW Security policy against each VM used in the cloud environment.
c) The NGFW exports its Security policy to WildFire, which lives in the cloud and enforces the NGFW Security policy throughout the cloud environment.
d) The NGFW is used to consistently control access to applications and data based on user credentials and traffic payload content for private or public cloud, internet, data center, or SaaS applications.
27) Which dedicated High Availability port is used for which plane in HA Pairs?
a) HA1 for the data plane, HA2 for the management plane
b) HA1 for the management plane, HA2 for the data plane
c) MGT for the management plane; HA2 as a backup
d) HA1 for the management plane, HA2 for the data plane in the PA-7000 Series
28) Which value should be used as a typical log entry size if no other information is available about log sizes?
a) 0.5KB
b) 0.5MB
c) 0.5GB
d) 0.5TB
29) Which feature is not supported in active/active (A/A) mode?
a) IPsec tunneling
b) DHCP client
c) link aggregation
d) configuration synchronization
30) Which two updates should be scheduled to occur once a day? (Choose two.)
a) Antivirus
b) PAN-DB URL Filtering
c) WildFire
d) Applications and Threats
e) SMS channel
31) What does the phrase “Prisma Access extends security to remote network locations and mobile users” mean in the context of the security that firewalls provide to a network?
a) Prisma Access independently provides the same type of protection as the firewalls, rebuilt for the various infrastructures used for remote network locations and mobile users.
b) Prisma Access independently provides the exact same protection as the firewalls, rebuilt for the various infrastructures used for remote network locations and mobile users.
c) Prisma Access securely routes traffic for remote network locations and mobile users through the same PAN-OS based firewalls used to protect the network.
d) Prisma Access leverages native cloud security and other security infrastructure to provide security to remote network locations and mobile users.
32) A customer’s interest in prevention, detection and response for Security Operations is best addressed by which reference architecture?
a) Public Cloud
b) Secure Access Service Edge
c) Security Operations
d) Private Data Center
e) Zero Trust
f) Automation
33) Which security posture is most likely to stop unknown attacks?
a) allow all the traffic that is not explicitly denied
b) deny all the traffic that is not explicitly allowed
c) deny all the traffic that is not explicitly allowed from the outside, and allow all the traffic that is not explicitly denied from the inside
d) deny all the traffic that is not explicitly allowed from the inside, and allow all the traffic that is not explicitly denied from the outside
34) Which profile type is used to protect against most protocol-based attacks?
a) Antivirus
b) URL Filtering
c) Vulnerability Protection
d) Anti-Spyware
35) How does an administrator specify in the firewall that certain credentials should not be sent to certain URLs?
a) with a URL Filtering Profile
b) with User-ID
c) with App-ID
d) with a Credential Theft Profile
36) Which SD-WAN configuration element contains data used to trigger a new path selection based on excessive latency?
a) SD-WAN Interface Profile
b) SD-WAN Interface
c) Path Quality Profile
d) Traffic Distribution Profile
37) Which Panorama screen provides an overall status display of SD-WAN Errors and their impacts?
a) SD-WAN Traffic Characteristics
b) SD-WAN Link Characteristics
c) SD-WAN Monitoring
d) SD-WAN Impacted Clusters
38) In Panorama, which policy gets evaluated first?
a) device group pre-rules
b) device group post-rules
c) shared pre-rules
d) shared post-rules
e) local firewall rules
39) Can the same rule allow traffic from different sources on different firewalls?
a) No, rules mean the same on all firewalls that receive the same policy.
b) No, because device groups are pushed from Panorama to all firewalls.
c) Yes, because different firewalls can have different zone definitions.
d) Yes, because there could be clauses in a rule with effects limited to a specific device group.
40) Which is not an advantage of using Panorama?
a) centralized management
b) higher throughput on the firewalls
c) centralized view of collected logs
d) automatic event correlation
41) How is the Cortex Data Lake integration with Panorama facilitated?
a) No integration is necessary; data flows from Panorama to the Cortex data lake and vice versa.
b) A Panorama plugin is installed in the Cortex Data Lake.
c) A Cloud Services plugin is installed in Panorama.
d) Agents run in both the Cortex Data Lake and Panorama.
42) What is the maximum number of servers supported by a single User-ID agent?
a) 10
b) 50
c) 100
d) 500
43) How does the firewall know that a specific connection comes from a specific user?
a) Every connection has a user ID encoded in it.
b) User-ID is supported only in protocols that use user authentication, which provides the user identity to the firewall and the back end.
c) The firewall always uses the IP address in the IP header to locate the user ID, but this initial identification is overridden by additional techniques such as HTTP proxies that provide the client’s IP address in the HTTP header.
d) Usually the firewall uses the IP address in the IP header to locate the user ID, but additional techniques are available as alternatives such as HTTP proxies providing the client’s IP address in the HTTP header.
44) A customer has a proprietary user authentication system that is not supported by User-ID. Can you provide User-ID information to their firewall, and if so, how?
a) It is impossible. The customer will need to upgrade to something more standard.
b) It can be done, but only for HTTP applications because HTTP supports XFF headers.
c) It can be done using the XML API.
d) It can be done, but it requires programming that can be performed only by the Palo Alto Networks Professional Services organization.
45) Should you limit the permission of the user who runs the User-ID agent? If so, why?
a) Yes, because of the principle of least privilege. You should give processes only those permissions that are necessary for them to work.
b) Yes, to an extent. You can give it most privileges, but there is no actual user, so you should not let it start an interactive login.
c) Yes, to an extent. You can give it most privileges, but there is no actual user, so you should not let it have remote access.
d) No, there is nothing wrong with using the administrator’s account.
46) Which types of file does WildFire analyze as executables? (Choose three.)
a) JAR
b) Portable Document Format
c) MP4
d) Portable Executable
e) Office Open XML (.docx)
f) Executable and Linkable Format
g) BMP
47) Which reasons could cause a firewall that is fully configured, including decryption, to not recognize an application? (Choose three.)
a) The application is running over SSL.
b) There is no App-ID signature for an unanticipated application.
c) The application is running over ICMP.
d) The application is running over UDP.
e) A TCP handshake completed but no application traffic reached the firewall.
f) Payload reached the firewall, but not enough data packets to identify the application.
48) Which decryption mode or modes require(s) the private key of the destination server? (Choose a single answer.)
a) Forward Proxy
b) Inbound Inspection
c) Both Forward Proxy and Inbound Inspection
d) SSH Proxy
49) Which parameter cannot be used in a Decryption policy rule?
a) User-ID
b) App-ID
c) Source Zone
d) Destination Zone
沒有留言:
張貼留言