Q1. Which source address translation type will allow multiple devices to share a single translated source address while using a single NAT Policy rule? 

A. Dynamic IP and Port 

B. Dynamic IP 

C. Bi-directional 

D. Static IP 

View Answer

Q2. Which routing protocol is supported on the Palo Alto Networks platform? 

A. BGP 

B. RSTP 

C. ISIS 

D. RIPv1 

View Answer

Q3. What is the maximum usable storage capacity of an M-100 appliance? 

A. 2TB 

B. 4TB 

C. 6TB 

D. STB 

View Answer

Q4. When Network Address Translation has been performed on traffic, Destination Zones in Security rules should be based on: 

A. Post-NAT addresses 

B. The same zones used in the NAT rules 

C. Pre-NAT addresses 

D. None of the above 

View Answer

Q5. Which option allows an administrator to segrate Panorama and Syslog traffic, so that the Management Interface is not employed when sending these types of traffic? 

A. Custom entries in the Virtual Router, pointing to the IP addresses of the Panorama and Syslog devices. 

B. Define a Loopback interface for the Panorama and Syslog Devices 

C. On the Device tab in the Web UI, create custom server profiles for Syslog and Panorama 

D. Service Route Configuration 

View Answer

Q6. What new functionality is provided in PAN-OS 5.0 by Palo Alto Networks URL Filtering Database (PAN-DB)? 

A. The "Log Container Page Only" option can be employed in a URL-Filtering policy to reduce the number of logging events. 

B. URL-Filtering can now be employed as a match condition in Security policy 

C. IP-Based Threat Exceptions can now be driven by custom URL categories 

D. Daily database downloads for updates are no longer required as devices stay in-sync with the cloud. 

View Answer

Q7. Enabling "Highlight Unsused Rules" in the Security policy window will: 

A. Hightlight all rules that did not immmediately match traffic. 

B. Hightlight all rules that did not match traffic since the rule was created or since last reboot of the firewall 

C. Allows the administrator to troubleshoot rules when a validation error occurs at the time of commit. 

D. Allow the administrator to temporarily disable rules that do not match traffic, for testing purposes 

View Answer

Q8. Which best describes how Palo Alto Networks firewall rules are applied to a session? 

A. last match applied 

B. first match applied 

C. all matches applied 

D. most specific match applied 

View Answer

Q9. As the Palo Alto Networks administrator, you have enabled Application Block pages. Afterward, some users do not receive web-based feedback for all denied applications. Why would this be? 

A. Some users are accessing the Palo Alto Networks firewall through a virtual system that does not have Application Block pages enabled. 

B. Application Block Pages will only be displayed when Captive Portal is configured 

C. Some Application ID's are set with a Session Timeout value that is too low. 

D. Application Block Pages will only be displayed when users attempt to access a denied web-based application. 

View Answer

Q10. Which feature can be configured with an IPv6 address? 

A. Static Route 

B. RIPv2 

C. DHCP Server 

D. BGP 

View Answer