Q1. Traffic going to a public IP address is being translated by your PANW firewall to your web server's private IP. Which IP should the Security Policy use as the "Destination IP" in order to allow traffic to the server. 

A. The server’s public IP 

B. The firewall’s gateway IP 

C. The server’s private IP 

D. The firewall’s MGT IP 

View Answer

Q2. What built-in administrator role allows all rights except for the creation of administrative accounts and virtual systems? 

A. superuser 

B. vsysadmin 

C. A custom role is required for this level of access 

D. deviceadmin 

View Answer

Q3. What are the three Security Policy rule Type classifications supported in PAN-OS 6.1? 

A. Security, NAT, Policy-Based Forwarding 

B. Intrazone, Interzone, Global 

C. Intrazone, Interzone, Universal 

D. Application, User, Content 

View Answer

Q4. Which three processor types are found on the data plane of a PA-5050? Choose 3 answers 

A. Multi-Core Security Processor 

B. Signature Match Processor 

C. Network Processor 

D. Protocol Decoder Processor 

E. Management Processor 

View Answer

Q5. Taking into account only the information in the screenshot above, answer the following question. Which applications will be allowed on their standard ports? (Select all correct answers.) 

A. BitTorrent 

B. Gnutella 

C. Skype 

D. SSH 

View Answer

Q6. What has happened when the traffic log shows an internal host attempting to open a session to a properly configured sinkhole address? 

A. The internal host is trying to resolve a DNS query by connecting to a rogue DNS server. 

B. The internal host attempted to use DNS to resolve a known malicious domain into an IP address. 

C. A rogue DNS server is now using the sinkhole address to direct traffic to a known malicious domain. 

D. A malicious domain is trying to contact an internal DNS server. 

View Answer

Q7. When employing the Brightcloud URL filtering database on the Palo Alto Networks firewalls, the order of checking within a profile is: 

A. Block List, Allow List, Custom Categories, Cache Files, Predefined Categories, Dynamic URL Filtering 

B. Block List, Allow List, Cache Files, Custom Categories, Predefined Categories, Dynamic URL Filtering 

C. Dynamic URL Filtering, Block List, Allow List, Cache Files, Custom Categories, Predefined Categories 

D. None of the above 

View Answer

Q8. In PAN-OS 5.0, which of the following features is supported with regards to IPv6? 

A. OSPF 

B. NAT64 

C. IPSec VPN tunnels 

D. None of the above 

View Answer

Q9. An Outbound SSL forward-proxy decryption rule cannot be created using which type of zone? 

A. Virtual Wire 

B. Tap 

C. L3 

D. L2 

View Answer

Q10. A firewall is being attacked with a port scan. Which component can prevent this attack? 

A. DoS Protection 

B. Anti-Spyware 

C. Vulnerability Protection 

D. Zone Protection 

View Answer