thegreek1

Can you please reup?

<hide> 502, only after 300 20 new questions Thank you for your help Look at the following questions 1 Decrypted packets from the website [Hidden Content] will appear as which application and service within the Traffic log? A. web-browsing and 443 A A B. SSL and 80 C. SSL and 443 D. web-browsing and 80 2 What are three types of Decryption Policy rules? (Choose three.) A. SSL Inbound Inspection A A B. SSH Proxy B B C. SSL Forward Proxy C C D. Decryption Broker E. Decryption Mirror 3 A firewall should be advertising the static route 10.2.0.0/24 into OSPF. The configuration on the neighbour is correct, but the route is not in the neighbour's routing table. Which two configurations should you check on the firewall? (Choose two.) A. Ensure that the OSPF neighbour state is "2-Way" B. In the OSPF configuration, ensure that the correct redistribution profile is selected in the OSPF Export Rules section. B B C. Within the redistribution profile ensure that Redist is selected. C C D. In the redistribution profile check that the source type is set to "ospf." 4 In a Panorama template, which three types of objects are configurable? (Choose three.) A. certificate profiles A A B. HIP objects C. QoS profiles B B D. security profiles E. interface management profiles E E 5 An enterprise Information Security team has deployed policies based on AD groups to restrict user access to critical infrastructure systems. However, a recent phishing campaign against the organization has prompted information Security to look for more controls that can secure access to critical assets. For users that need to access these systems, Information Security wants to use PAN-OS multi-factor authentication (MFA) integration to enforce MFA. What should the enterprise do to use PAN-OS MFA? A. Use a Credential Phishing agent to detect, prevent, and mitigate credential phishing campaigns. B. Create an authentication profile and assign another authentication factor to be used by a Captive Portal authentication policy. B B C. Configure a Captive Portal authentication policy that uses an authentication sequence. D. Configure a Captive Portal authentication policy that uses an authentication profile that references a RADIUS profile. 6 An administrator with 84 firewalls and Panorama does not see any WildFire logs in Panorama. All 84 firewalls have an active WildFire subscription. On each firewall, WildFire logs are available. This issue is occurring because forwarding of which type of logs from the firewalls to Panorama is missing? A. WildFire logs B. System logs C. Threat logs C C D. Traffic logs 7 A firewall administrator requires an A/P HA pair to fail over more quickly due to critical business application uptime requirements. What is the correct setting? A. Change the HA timer profile to "user-defined" and manually set the timers. B. Change the HA timer profile to "fast". C. Change the HA timer profile to "aggressive" or customize the settings in advanced profile. C C D. Change the HA timer profile to "quick" and customize in advanced profile. 8 An administrator needs to validate that policies that will be deployed will match the appropriate rules in the device-group hierarchy. Which tool can the administrator use to review the policy creation logic and verify that unwanted traffic is not allowed? A. Preview Changes A A B. Policy Optimizer C. Managed Devices Health D. Test Policy Match 9 What happens when an A/P firewall cluster synchronizes IPsec tunnel security associations (SAs)? A. Phase 2 SAs are synchronized over HA2 links. A A B. Phase 1 and Phase 2 SAs are synchronized over HA2 links. C. Phase 1 SAs are synchronized over HA1 links. D. Phase 1 and Phase 2 SAs are synchronized over HA3 links. 10 An administrator's device-group commit push is failing due to a new URL category. How should the administrator correct this issue? A. update the Firewall Apps and Threat version to match the version of Panorama A A B. change the new category action to "alert" and push the configuration again C. ensure that the firewall can communicate with the URL cloud D. verity that the URL seed tile has been downloaded and activated on the firewall 11 An engineer is in the planning stages of deploying User-ID in a diverse directory services environment. Which server OS platforms can be used for server monitoring with User-ID? A. Microsoft Active Directory, Red Hat Linux, and Microsoft Exchange B. Microsoft Terminal Server, Red Hat Linux, and Microsoft Active Directory C. Novell eDirectory, Microsoft Terminal Server, and Microsoft Active Directory D. Microsoft Exchange, Microsoft Active Directory, and Novell eDirectory D D 12 An administrator is attempting to create policies for deployment of a device group and template stack. When creating the policies, the zone drop-down list does not include the required zone. What must the administrator do to correct this issue? A. Add a firewall to both the device group and the template B. Add the template as a reference template in the device group C. Enable "Share Unused Address and Service Objects with Devices" in Panorama settings D. Specify the target device as the master device in the device group B B 13 A standalone firewall with local objects and policies needs to be migrated into Panorama. What procedure should you use so Panorama is fully managing the firewall? A. Use the "import device configuration to Panorama" operation, then "export or push device config bundle" to push the configuration A A B. Use the "import Panorama configuration snapshot" operation, then perform a device-group commit push with "include device and network templates" C. Use the "import Panorama configuration snapshot" operation, then "export or push device config bundle" to push the configuration D. Use the "import device configuration to Panorama" operation, then perform a device-group commit push with "include device and network templates" 14 Where is information about packet buffer protection logged? A. All entries are in the System log B. All entries are in the Alarms log C. Alert entries are in the Alarms log. Entries for dropped traffic, discarded sessions, and blocked IP address are in the Threat log D. Alert entries are in the System log. Entries for dropped traffic, discarded sessions, and blocked IP addresses are in the Threat log D D 15 The administrator for a small company has recently enabled decryption on their Palo Alto Networks firewall using a self-signed root certificate. They have also created a Forward Trust and Forward Untrust certificate and set them as such. The admin has not yet installed the root certificate onto client systems. What effect would this have on decryption functionality? A. Decryption will not function because self-signed root certificates are not supported B. Decryption will function, but users will see certificate warnings for each SSL site they visit B B C. Decryption will not function until the certificate is installed on client systems D. Decryption will function, and there will be no effect to end users 16 Which three use cases are valid reasons for requiring an Active/Active high availability deployment? (Choose three.) A. The environment requires real full-time redundancy from both firewalls at all times. A A B. The environment requires that traffic be load-balanced across both firewalls to handle peak traffic spikes. C. The environment requires Layer 2 interfaces in the deployment. D. The environment requires that all configuration must be fully synchronized between both members of the HA pair. D D E. The environment requires that both firewalls maintain their own routing tables for faster dynamic routing protocol convergence. E E 17 A user at an external system with the IP address 65.124.57.5 queries the DNS server at 4.2.2.2 for the IP address of the web server, www.xyz.com. The DNS server returns an address of 172.16.15.1. In order to reach the web server, which Security rule and NAT rule must be configured on the firewall? A. NAT Rule: Untrust-L3 (any) - Untrust-L3 (172.16.15.1) Destination Translation: 192.168.15.47 Security Rule: Untrust-L3 (any) - Trust-L3 (172.16.15.1) - Application: Web-browsing A A B. NAT Rule: Untrust-L3 (any) - Trust-L3 (172.16.15.1) Destination Translation: 192.168.15.47 Security Rule: Untrust-L3 (any) - Trust-L3 (192.168.15.47) - Application: Web-browsing C. NAT Rule: Untrust-L3 (any) - Trust-L3 (172.16.15.1) Destination Translation: 192.168.15.47 Security Rule: Untrust-L3 (any) - Trust-L3 (172.16.15.1) - Application: Web-browsing D. NAT Rule: Untrust-L3 (any) - Untrust-L3 (any) Destination Translation: 192.168.15.1 Security Rule: Untrust-L3 (any) - Trust-L3 (172.16.15.1) - Application: Web-browsing 18 Which function is handled by the management plane (control plane) of a Palo Alto Networks firewall? A. logging A A B. signature matching for content inspection C. Quality of Service D. IPSec tunnel standup 19 A security engineer received multiple reports of an IPSec VPN tunnel going down the night before. The engineer couldn't find any events related to VPN under system logs. What is the likely cause? A. Tunnel Inspection settings are misconfigured. B. The log quota for GTP and Tunnel needs to be adjusted. C. The Tunnel Monitor is not configured. C C D. Dead Peer Detection is not enabled. 20 The Aggregate Ethernet interface is showing down on a passive PA-7050 firewall of an active/passive HA pair. The HA Passive Link State is set to "Auto" under Device > High Availability > General > Active/Passive Settings. The AE interface is configured with LACP enabled and is up only on the active firewall. Why is the AE interface showing down on the passive firewall? A. It does not participate in LACP negotiation unless Fast Failover is selected under the Enable LACP selection on the LACP tab of the AE Interface. B. It does not perform pre-negotiation LACP unless "Enable in HA Passive State" is selected under the High Availability Options on the LACP tab of the AE Interface. B B C. It performs pre-negotiation of LACP when the mode Passive is selected under the Enable LACP selection on the LACP tab of the AE Interface. D. It participates in LACP negotiation when Fast is selected for Transmission Rate under the Enable LACP selection on the LACP tab of the AE Interface. 21 An engineer needs to permit XML API access to a firewall for automation on a network segment that is routed through a Layer 3 subinterface on a Palo Alto Networks firewall. However, this network segment cannot access the dedicated management interface due to the Security policy. Without changing the existing access to the management interface, how can the engineer fulfill this request? A. Specify the subinterface as a management interface in Setup > Device > Interfaces. B. Add the network segment's IP range to the Permitted IP Addresses list. C. Enable HTTPS in an Interface Management profile on the subinterface. C C D. Configure a service route for HTTP to use the subinterface. 22 When using SSH keys for CLI authentication for firewall administration, which method is used for authorization? A. Radius B. Kerberos C. LDAP D. Local D D 23 A company is using wireless controllers to authenticate users. Which source should be used for User-ID mappings? A. server monitoring B. XFF headers C. Syslog C C D. client probing 24 A network security administrator has an environment with multiple forms of authentication. There is a network access control system in place that authenticates and restricts access for wireless users, multiple Windows domain controllers, and an MDM solution for company-provided smartphones. All of these devices have their authentication events logged. Given the information, what is the best choice for deploying User-ID to ensure maximum coverage? A. agentless User-ID with redistribution B. Syslog listener B B C. captive portal D. standalone User-ID agent 25 What can be used to create dynamic address groups? A. tags A A B. FQDN addresses C. dynamic address D. region objects 26 A firewall administrator wants to avoid overflowing the company syslog server with traffic logs. What should the administrator do to prevent the forwarding of DNS traffic logs to syslog? A. Disable logging on security rules allowing DNS. B. Go to the Log Forwarding profile used to forward traffic logs to syslog. Then, under traffic logs match list, create a new filter with application not equal to DNS. b C. Go to the Log Forwarding profile used to forward traffic logs to syslog. Then, under traffic logs match list, create a new filter with application equal to DNS. C D. Create a security rule to deny DNS traffic with the syslog server in the destination. 27 A firewall administrator has been tasked with ensuring that all Panorama configuration is committed and pushed to the devices at the end of the day at a certain time. How can they achieve this? A. Use the Scheduled Config Export to schedule Commit to Panorama and also Push to Devices. B. Use the Scheduled Config Push to schedule Commit to Panorama and also Push to Devices. B B C. Use the Scheduled Config Push to schedule Push to Devices and separately schedule an API call to commit all Panorama changes. D. Use the Scheduled Config Export to schedule Push to Devices and separately schedule an API call to commit all Panorama changes. 28 While analyzing the Traffic log, you see that some entries show "unknown-tcp" in the Application column. What best explains these occurrences? A. A handshake did take place, but the application could not be identified. A A B. A handshake took place, but no data packets were sent prior to the timeout. C. A handshake did not take place, and the application could not be identified. D. A handshake took place; however, there were not enough packets to identify the application. 29 A firewall administrator has been tasked with ensuring that all Panorama-managed firewalls forward traffic logs to Panorama. In which section is this configured? A. Templates > Device > Log Settings B. Device Groups > Objects > Log Forwarding B B C. Monitor > Logs > Traffic D. Panorama > Managed Devices 30 Which Panorama feature protects logs against data loss if a Panorama server fails? A. Panorama Collector Group with Log Redundancy ensures that no logs are lost if a server fails inside the Collector Group. A A B. Panorama Collector Group automatically ensures that no logs are lost if a server fails inside the Collector Group. C. Panorama HA with Log Redundancy ensures that no logs are lost if a server fails inside the HA Cluster. D. Panorama HA automatically ensures that no logs are lost if a server fails inside the HA Cluster. 31 An administrator is required to create an application-based Security policy rule to allow Evernote. The Evernote application implicitly uses SSL and web browsing. What is the minimum the administrator needs to configure in the Security rule to allow only Evernote? A. Create an Application Override using TCP ports 443 and 80. B. Add the HTPP, SSL, and Evernote applications to the same Security policy. C. Add the Evernote application to the Security policy rule, then add a second Security policy rule containing both HTTP and SSL. D. Add only the Evernote application to the Security policy rule. D D 32 An administrator is seeing one of the firewalls in a HA active/passive pair moved to "suspended" state due to Non-functional loop. Which three actions will help the administrator resolve this issue? (Choose three.) A. Check the HA Link Monitoring interface cables. A A B. Check High Availability > Active/Passive Settings > Passive Link State B B C. Check the High Availability > Link and Path Monitoring settings. C C D. Check the High Availability > HA Communications > Packet Forwarding settings. E. Use the CLI command show high-availability flap-statistics 33 Which statement best describes the Automated Commit Recovery feature? A. It performs a connectivity check between the firewall and Panorama after every configuration commit on the firewall. It reverts the configuration changes on the firewall if the check fails. A A B. It restores the running configuration on a firewall if the last configuration commit fails. C. It restores the running configuration on a firewall and Panorama if the last configuration commit fails. D. It performs a connectivity check between the firewall and Panorama after every configuration commit on the firewall. It reverts the configuration changes on the firewall and on Panorama if the check fails. 34 A firewall administrator wants to have visibility on one segment of the company network. The traffic on the segment is routed on the Backbone switch. The administrator is planning to apply Security rules on segment X after getting the visibility. There is already a PAN-OS firewall used in L3 mode as an internet gateway, and there are enough system resources to get extra traffic on the firewall. The administrator needs to complete this operation with minimum service interruptions and without making any IP changes. What is the best option for the administrator to take? A. Configure the TAP interface for segment X on the firewall B. Configure a Layer 3 interface for segment X on the firewall. C. Configure vwire interfaces for segment X on the firewall. C C D. Configure a new vsys for segment X on the firewall. 35 A firewall administrator is investigating high packet buffer utilization in the company firewall. After looking at the threat logs and seeing many flood attacks coming from a single source that are dropped by the firewall, the administrator decides to enable packet buffer protection to protect against similar attacks. The administrator enables packet buffer protection globally in the firewall but still sees a high packet buffer utilization rate. What else should the administrator do to stop packet buffers from being overflowed? A. Apply DOS profile to security rules allow traffic from outside. B. Enable packet buffer protection for the affected zones. B B C. Add the default Vulnerability Protection profile to all security rules that allow traffic from outside. D. Add a Zone Protection profile to the affected zones. 36 A network administrator notices there is a false-positive situation after enabling Security profiles. When the administrator checks the threat prevention logs, the related signature displays: threat type: spyware category: dns-c2 threat ID: 1000011111 Which set of steps should the administrator take to configure an exception for this signature? A. Navigate to Objects > Security Profiles > Anti-Spyware Select related profile Select the signature exceptions tab and then click show all signatures Search related threat ID and click enable Change the default action Commit B. Navigate to Objects > Security Profiles > Anti-Spyware Select related profile Select the Exceptions tab and then click show all signatures Search related threat ID and click enable Commit C. Navigate to Objects > Security Profiles > Vulnerability Protection Select related profile Select the Exceptions tab and then click show all signatures Search related threat ID and click enable Commit D. Navigate to Objects > Security Profiles > Anti-Spyware Select related profile Select DNS exceptions tabs Search related threat ID and click enable Commit D D 37 Which protocol is supported by GlobalProtect Clientless VPN? A. FTP B. HTTPS B B C. SSH D. RDP 38 During the implementation of SSL Forward Proxy decryption, an administrator imports the company’s Enterprise Root CA and Intermediate CA certificates onto the firewall. The company’s Root and Intermediate CA certificates are also distributed to trusted devices using Group Policy and GlobalProtect. Additional device certificates and/or Subordinate certificates requiring an Enterprise CA chain of trust are signed by the company’s Intermediate CA. Which method should the administrator use when creating Forward Trust and Forward Untrust certificates on the firewall for use with decryption? A. Generate two subordinate CA certificates, one for Forward Trust and one for Forward Untrust. B. Generate a CA certificate for Forward Trust and a self-signed CA for Forward Untrust. B B C. Generate a single subordinate CA certificate for both Forward Trust and Forward Untrust. D. Generate a single self-signed CA certificate for Forward Trust and another for Forward Untrust. 39 In an existing deployment, an administrator with numerous firewalls and Panorama does not see any WildFire logs in Panorama. Each firewall has an active WildFire subscription. On each firewall, WildFire logs are available. This issue is occurring because forwarding of which type of logs from the firewalls to Panorama is missing? A. System logs B. WildFire logs C. Threat logs C C D. Traffic logs 40 An administrator wants to configure the Palo Alto Networks Windows User-ID agent to map IP addresses to usernames. The company uses four Microsoft Active Directory servers and two Microsoft Exchange servers, which can provide logs for login events. All six servers have IP addresses assigned from the following subnet: 192.168.28.32/27. The Microsoft Active Directory servers reside in 192.168.28.32/28, and the Microsoft Exchange servers reside in 192.168.28.48/28. What information does the administrator need to provide in the User Identification > Discovery section? A. the IP-address and corresponding server type (Microsoft Active Directory or Microsoft Exchange) for each of the six servers A A B. network 192.168.28.32/28 with server type Microsoft Active Directory and network 192.168.28.48/28 with server type Microsoft Exchange C. one IP address of a Microsoft Active Directory server and “Auto Discover” enabled to automatically obtain all five of the other servers D. network 192.168.28.32/27 with server type Microsoft 41 A network security engineer configured IP multicast in the virtual router to support a new application. Users in different network segments are reporting that they are unable to access the application. What must be enabled to allow an interface to forward multicast traffic? A. IGMP B. SSM C. BFD D. PIM D D 42 Review the screenshots and consider the following information: &#8226; FW-1 is assigned to the FW-1_DG device group and FW-2 is assigned to OFFICE_FW_DG &#8226; There are no objects configured in REGIONAL_DG and OFFICE_FW_DG device groups Which IP address will be pushed to the firewalls inside Address Object Server-1? A. Server-1 on FW-1 will have IP 2.2.2.2 Server-1 will not be pushed to FW-2 B. Server-1 on FW-1 will have IP 3.3.3.3 Server-1 will not be pushed to FW-2 C. Server-1 on FW-1 will have IP 1.1.1.1 Server-1 will not be pushed to FW-2 D. Server-1 on FW-1 will have IP 4.4.4.4 D D Server-1 on FW-2 will have IP 1.1.1.1 43 Given the Sample Log Forwarding Profile shown, which two statements are true? (Choose two.) A. All traffic from source network 192.168.100.0/24 is sent to an external syslog target. A A B. All threats are logged to Panorama. C. All traffic logs from RFC 1918 subnets are logged to Panorama / Cortex Data Lake. C C D. All traffic from source network 172.12.0.0/24 is sent to Panorama / Cortex Data Lake. 44 A system administrator runs a port scan using the company tool as part of vulnerability check. The administrator finds that the scan is identified as a threat and is dropped by the firewall. After further investigating the logs the administrator finds that the scan is dropped in the Threat Logs. What should the administrator do to allow the tool to scan through the firewall? A. Add the tool IP address to the reconnaissance protection source address exclusion in the DoS Protection profile. B. Add the tool IP address to the reconnaissance protection source address exclusion in the Zone Protection profile. B B C. Remove the Zone Protection profile from the zone setting. D. Change the TCP port scan action from Block to Alert in the Zone Protection profile. 45 A company with already deployed Palo Alto firewalls has purchased their first Panorama server. The security team has already configured all firewalls with the Panorama IP address and added all the firewall serial numbers in Panorama. What are the next steps to migrate configuration from the firewalls to Panorama? A. Export Named Configuration Snapshot on each firewall, followed by Impart Named Configuration Snapshot in Panorama. B. Use the Firewall Migration plugin to retrieve the configuration directly from the managed devices. C. Import Device Configuration to Panorama, followed by Export or Push Device Config Bundle. C C D. Use API calls to retrieve the configuration directly from the managed devices. 46 What happens, by default, when the GlobalProtect app fails to establish an IPSec tunnel to the GlobalProtect gateway? A. It tries to establish a tunnel to the GlobalProtect portal using SSL/TLS. B. It stops the tunnel-establishment processing to the GlobalProtect gateway immediately. C. It tries to establish a tunnel to the GlobalProtect gateway using SSL/TLS. C C D. It keeps trying to establish an IPSec tunnel to the GlobalProtect gateway. 47 Review the images. A firewall policy that permits web traffic includes the global-logs policy as depicted. 7 What is the result of traffic that matches the “Alert -Threats” Profile Match List? A. The source address of SMTP traffic that matches a threat is automatically blocked as BadGuys for 180 minutes. B. The source address of traffic that matches a threat is automatically blocked as BadGuys for 180 minutes. C. The source address of traffic that matches a threat is automatically tagged as BadGuys for 180 minutes. C C D. The source address of SMTP traffic that matches a threat is automatically tagged as BadGuys for 180 minutes. 48 An engineer is designing a deployment of multi-vsys firewalls. What must be taken into consideration when designing the device group structure? A. Only one vsys or one firewall can be assigned to a device group, and a multi-vsys firewall can have each vsys in a different device group. B. Multiple vsys and firewalls can be assigned to a device group, and a multi-vsys firewall can have each vsys in a different device group. B B C. Multiple vsys and firewalls can be assigned to a device group. and a multi-vsys firewall must have all its vsys in a single device group. D. Only one vsys or one firewall can be assigned to a device group, except for a multi-vsys firewall, which must have all its vsys in a single device group. 49 Which statement about High Availability timer settings is true? A. Use the Moderate timer for typical failover timer settings. B. Use the Critical timer for faster failover timer settings. C. Use the Aggressive timer for faster failover timer settings. C C D. Use the Recommended timer for faster failover timer settings 50 An engineer decides to use Panorama to upgrade devices to PAN-OS 10.2. Which three platforms support PAN-OS 10.2? (Choose three.) A. PA-220 A A B. PA-800 Series B B C. PA-5000 Series D. PA-500 E. PA-3400 Series E E 51 What must be configured to apply tags automatically to User-ID logs? A. User mapping B. Log Forwarding profile C. Log settings C C D. Group mapping 52 An administrator for a small LLC has created a series of certificates as shown, to use for a planned Decryption roll out. The administrator has also installed the self-signed root certificate in all client systems. When testing, they noticed that every time a user visited an SSL site, they received unsecured website warnings. What is the cause of the unsecured website warnings? A. The forward trust certificate has not been signed by the self-singed root CA certificate. A A B. The forward trust certificate has not been installed in client systems. C. The forward untrust certificate has not been signed by the self-singed root CA certificate. D. The self-signed CA certificate has the same CN as the forward trust and untrust certificates. 53 How should an administrator enable the Advance Routing Engine on a Palo Alto Networks firewall? A. Enable Advanced Routing in General Settings of Device > Setup > Management, then commit and reboot. A A B. Enable Advanced Routing Engine in Device > Setup > Session > Session Settings, then commit and reboot. C. Enable Advanced Routing in Network > Virtual Routers > Redistribution Profiles and then commit. D. Enable Advanced Routing in Network > Virtual Routers > Router Settings > General, then commit and reboot. 54 A network administrator wants to deploy SSL Forward Proxy decryption. What two attributes should a forward trust certificate have? (Choose two.) A. A certificate authority (CA) certificate A A B. A private key B B C. A server certificate D. A subject alternative nam 55 Using the above screenshot of the ACC, what is the best method to set a global filter, narrow down Blocked User Activity, and locate the user(s) that could be compromised by a botnet? A. Click the hyperlink for the ZeroAccess.Gen threat. B. Click the source user with the highest threat count. C. Click the left arrow beside the ZeroAccess.Gen threat. D. Click the hyperlink for the botnet Threat Category D D 56 What is the best description of the Cluster Synchronization Timeout (min)? A. The maximum interval between hello packets that are sent to verify that the HA functionality on the other firewall is operational B. The maximum time that the local firewall waits before going to Active state when another cluster member is preventing the cluster from fully synchronizing B B C. The timeframe within which the firewall must receive keepalives from a cluster member to know that the cluster member is functional D. The time that a passive or active-secondary firewall will wait before taking over as the active or active-primary firewall 57 An administrator creates an application-based security policy rule and commits the change to the firewall. Which two methods should be used to identify the dependent applications for the respective rule? (Choose two.) A. Review the App Dependency application list from the Commit Status view. A A B. Open the security policy rule and review the Depends On application list. B B C. Reference another application group containing similar applications. D. Use the show predefined xpath command and review the output. 58 An engineer is creating a template and wants to use variables to standardize the configuration across a large number of devices. Which two variable types can be defined? (Choose two.) A. IP netmask A A B. Zone C. Path group D. FQDN D D 59 A company has configured GlobalProtect to allow their users to work from home. A decrease in performance for remote workers has been reported during peak-use hours. Which two steps are likely to mitigate the issue? (Choose two.) A. Enable decryption B. Exclude video traffic B B C. Create a Tunnel Inspection policy D. Block traffic that is not work-related D D 60 Which log type would provide information about traffic blocked by a Zone Protection profile? A. Data Filtering B. IP-Tag C. Threat C C D. Traffic 61 An administrator has two pairs of firewalls within the same subnet. Both pairs of firewalls have been configured to use High Availability mode with Active/Passive. The ARP tables for upstream routes display the same MAC address being shared for some of these firewalls. What can be configured on one pair of firewalls to modify the MAC addresses so they are no longer in conflict? A. Change the interface type on the interfaces that have conflicting MAC addresses from L3 to VLAN. B. On one pair of firewalls, run the CLI command: set network interface vlan arp. C. Change the Group IDs in the High Availability settings to be different from the other firewall pair on the same subnet. C C D. Configure a floating IP between the firewall pairs. 62 The same route appears in the routing table three times using three different protocols. Which mechanism determines how the firewall chooses which route to use? A. Administrative distance A A B. Metric C. Order in the routing table D. Round Robin load balancing 63 An engineer has discovered that certain real-time traffic is being treated as best effort due to it exceeding defined bandwidth. Which QoS setting should the engineer adjust? A. QoS interface: Egress Guaranteed B. QoS profile: Egress Max C. QoS profile: Egress Guaranteed c c D. QoS interface: Egress Max 64 A Security policy rule is configured with a Vulnerability Protection Profile and an action of “Deny”. Which action will this configuration cause on the matched traffic? A. It will cause the firewall to deny the matched sessions. Any configured Security Profiles have no effect if the Security policy rule action is set to “Deny”. A A B. The configuration will allow the matched session unless a vulnerability signature is detected. The “Deny” action will supersede the per-severity defined actions defined in the associated Vulnerability Protection Profile. C. It will cause the firewall to skip this Security policy rule. A warning will be displayed during a commit. D. The Profile Settings section will be grayed out when the Action is set to “Deny”. 65 A firewall administrator has been tasked with ensuring that all firewalls forward System logs to Panorama. In which section is this configured? A. Monitor > Logs > System B. Objects > Log Forwarding C. Device > Log Settings C C D. Panorama > Managed Devices 66 A company requires the firewall to block expired certificates issued by internet-hosted websites. The company plans to implement decryption in the future, but it does not perform SSL Forward Proxy decryption at this time. Without the use of SSL Forward Proxy decryption, how is the firewall still able to identify and block expired certificates issued by internet-hosted websites? A. By having a Certificate profile that contains the website's Root CA assigned to the respective Security policy rule B. By using SSL Forward Proxy to decrypt SSL and TLS handshake communication and the server/client session keys in order to validate a certificate's authenticity and expiration C. By using SSL Forward Proxy to decrypt SSL and TLS handshake communication in order to validate a certificates authenticity and expiration D. By having a Decryption profile that blocks sessions with expired certificates in the No Decryption section and assigning it to a No Decrypt policy rule D D 67 A company is looking to increase redundancy in their network. Which interface type could help accomplish this? A. Tap B. Layer 2 C. Virtual wire D. Aggregate ethernet D D 68 An auditor has requested that roles and responsibilities be split inside the security team. Group A will manage templates, and Group B will manage device groups inside Panorama. Which two specific firewall configurations will Group B manage? (Choose two.) A. Routing B. Security rules B B C. Interfaces D. Address objects D D 69 Given the following snippet of a WildFire submission log, did the end-user get access to the requested information and why or why not? A. No, because this is an example from a defeated phishing attack. B. Yes, because the action is set to “allow” B B C. No, because the severity is “high” and the verdict “malicious” D. Yes, because the action is set to “alert” 70 A network security administrator wants to enable Packet-Based Attack Protection in a Zone Protection profile. What are two valid ways to enable Packet-Based Attack Protection? (Choose two.) A. TCP Drop A A B. ICMP Drop B B C. SYN Random Early Drop D. TCP Port Scan Block 71 The decision to upgrade to PAN-OS 10.2 has been approved. The engineer begins the process by upgrading the Panorama servers, but gets an error when trying to install. When performing an upgrade on Panorama to PAN-OS 10.2, what is the potential cause of a failed install? A. GlobalProtect agent version B. Outdated plugins B B C. Management only mode D. Expired certificates 72 An administrator would like to determine which action the firewall will take for a specific CVE. Given the screenshot below, where should the administrator navigate to view this information? A. The profile rule action B. CVE column C. The profile rule threat name D. Exceptions tab D D </hide>

please don't use this as it was for the older version of the test. I'm sorry to have wasted everyone's time

Hey all, I regret to say that the files listed on mega are the older CCNP courses and not the new ones. I compared them with what is currently on the INE site and found many topics that were not touched upon.

the link is dead

can you please post that this is for version 5 of the security

why is it when i go to the anonfiles link it downloads and iso image?

[Hidden Content]

[Hidden Content]

[Hidden Content]

[Hidden Content]

[Hidden Content]

[Hidden Content]

[Hidden Content]

[Hidden Content]