NEW QUESTION 1

What will be the source address in the ICMP packet?

• A. 10.30.0.93
• B. 10.46.72.93
• C. 10.46.64.94
• D. 192.168.93.1

Answer: C

NEW QUESTION 2
A network administrator uses Panorama to push security polices to managed firewalls at branch offices. Which policy type should be configured on Panorama if the administrators at the branch office sites to override these products?

• A. Pre Rules
• B. Post Rules
• C. Explicit Rules
• D. Implicit Rules

Answer: A

NEW QUESTION 3
The administrator has enabled BGP on a virtual router on the Palo Alto Networks NGFW, but new routes do not seem to be populating the virtual router.
Which two options would help the administrator troubleshoot this issue? (Choose two.)

• A. View the System logs and look for the error messages about BGP.
• B. Perform a traffic pcap on the NGFW to see any BGP problems.
• C. View the Runtime Stats and look for problems with BGP configuration.
• D. View the ACC tab to isolate routing issues.

Answer: CD

NEW QUESTION 4
Which Palo Alto Networks VM-Series firewall is supported for VMware NSX?

• A. VM-100
• B. VM-200
• C. VM-1000-HV
• D. VM-300

Answer: C

NEW QUESTION 5
A speed/duplex negotiation mismatch is between the Palo Alto Networks management port and the switch port which it connects.
How would an administrator configure the interface to 1Gbps?

• A. set deviceconfig interface speed-duplex 1Gbps-full-duplex
• B. set deviceconfig system speed-duplex 1Gbps-duplex
• C. set deviceconfig system speed-duplex 1Gbps-full-duplex
• D. set deviceconfig Interface speed-duplex 1Gbps-half-duplex

Answer: B

NEW QUESTION 6
Refer to the exhibit.

Which will be the egress interface if the traffic’s ingress interface is ethernet 1/7 sourcing from 192.168.111.3 and to the destination 10.46.41.113?

• A. ethernet1/6
• B. ethernet1/3
• C. ethernet1/7
• D. ethernet1/5

Answer: D

NEW QUESTION 7
A client is deploying a pair of PA-5000 series firewalls using High Availability (HA) in Active/Passive mode. Which statement is true about this deployment?

• A. The two devices must share a routable floating IP address
• B. The two devices may be different models within the PA-5000 series
• C. The HA1 IP address from each peer must be on a different subnet
• D. The management port may be used for a backup control connection

Answer: D

NEW QUESTION 8
A network engineer has revived a report of problems reaching 98.139.183.24 through vr1 on the firewall. The routing table on this firewall is extensive and complex.
Which CLI command will help identify the issue?

• A. test routing fib virtual-router vr1
• B. show routing route type static destination 98.139.183.24
• C. test routing fib-lookup ip 98.139.183.24 virtual-router vr1
• D. show routing interface

Answer: C

NEW QUESTION 9
If the firewall has the link monitoring configuration, what will cause a failover?

• A. ethernet1/3 and ethernet1/6 going down
• B. ethernet1/3 going down
• C. ethernet1/3 or Ethernet1/6 going down
• D. ethernet1/6 going down

Answer: A

NEW QUESTION 10
Which client software can be used to connect remote Linux client into a Palo Alto Networks Infrastructure without sacrificing the ability to scan traffic and protect against threats?

• A. X-Auth IPsec VPN
• B. GlobalProtect Apple IOS
• C. GlobalProtect SSL
• D. GlobalProtect Linux

Answer: A

Explanation: ( http://blog.webernetz.net/2014/03/31/palo-alto-globalprotect-for-linux-with-vpnc/ )

NEW QUESTION 11
An administrator sees several inbound sessions identified as unknown-tcp in the Traffic logs. The administrator determines that these sessions are form external users accessing the company’s proprietary accounting application. The administrator wants to reliably identify this traffic as their accounting application and to scan this traffic for threats.
Which option would achieve this result?

• A. Create a custom App-ID and enable scanning on the advanced tab.
• B. Create an Application Override policy.
• C. Create a custom App-ID and use the “ordered conditions” check box.
• D. Create an Application Override policy and custom threat signature for the application.

Answer: A

NEW QUESTION 12
How does an administrator schedule an Applications and Threats dynamic update while delaying installation of the update for a certain amount of time?

• A. Configure the option for “Threshold”.
• B. Disable automatic updates during weekdays.
• C. Automatically “download only” and then install Applications and Threats later, after the administrator approves the update.
• D. Automatically “download and install” but with the “disable new applications” option used.

Answer: C

NEW QUESTION 13
Which CLI command enables an administrator to view details about the firewall including uptime, PAN-OS® version, and serial number?

• A. debug system details
• B. show session info
• C. show system info
• D. show system details

Answer: C

NEW QUESTION 14
Which feature prevents the submission of corporate login information into website forms?

• A. Data filtering
• B. User-ID
• C. File blocking
• D. Credential phishing prevention

Answer: D

NEW QUESTION 15
A host attached to ethernet1/3 cannot access the internet. The default gateway is attached to ethernet1/4. After troubleshooting. It is determined that traffic cannot pass from the ethernet1/3 to ethernet1/4. What can be the cause of the problem?

• A. DHCP has been set to Auto.
• B. Interface ethernet1/3 is in Layer 2 mode and interface ethernet1/4 is in Layer 3 mode.
• C. Interface ethernet1/3 and ethernet1/4 are in Virtual Wire Mode.
• D. DNS has not been properly configured on the firewall

Answer: B

NEW QUESTION 16
A Security policy rule is configured with a Vulnerability Protection Profile and an action of ‘Deny”.
Which action will this cause configuration on the matched traffic?

• A. The configuration is invali
• B. The Profile Settings section will be grayed out when the Action is set to “Deny”.
• C. The configuration will allow the matched session unless a vulnerability is detecte
• D. The “Deny” action will supersede the per-severity defined actions defined in the associated Vulnerability Protection Profile.
• E. The configuration is invali
• F. It will cause the firewall to skip this Security policy rul
• G. A warning will be displayed during a commit.
• H. The configuration is vali
• I. It will cause the firewall to deny the matched session
• J. Any configured Security Profiles have no effect if the Security policy rule action is set to “Deny.”

Answer: B