NEW QUESTION 1
How are IPV6 DNS queries configured to user interface ethernet1/3?

• A. Network > Virtual Router > DNS Interface
• B. Objects > CustomerObjects > DNS
• C. Network > Interface Mgrnt
• D. Device > Setup > Services > Service Route Configuration

Answer: D

NEW QUESTION 2
Which item enables a firewall administrator to see details about traffic that is currently active through the NGFW?

• A. ACC
• B. System Logs
• C. App Scope
• D. Session Browser

Answer: D

NEW QUESTION 3
Given the following table.

Which configuration change on the firewall would cause it to use 10.66.24.88 as the next hop for the 192.168.93.0/30 network?

• A. Configuring the administrative Distance for RIP to be lower than that of OSPF Int.
• B. Configuring the metric for RIP to be higher than that of OSPF Int.
• C. Configuring the administrative Distance for RIP to be higher than that of OSPF Ext.
• D. Configuring the metric for RIP to be lower than that OSPF Ext.

Answer: A

NEW QUESTION 4
A client is deploying a pair of PA-5000 series firewalls using High Availability (HA) in Active/Passive mode. Which statement is true about this deployment?

• A. The two devices must share a routable floating IP address
• B. The two devices may be different models within the PA-5000 series
• C. The HA1 IP address from each peer must be on a different subnet
• D. The management port may be used for a backup control connection

Answer: D

NEW QUESTION 5
After Migrating from an ASA firewall to a Palo Alto Networks Firewall, the VPN connection between a remote network and the Palo Alto Networks Firewall is not establishing correctly. The following entry is appearing in the logs:
Pfs group mismatched: my:0 peer:2
Which setting should be changed on the Palo Alto Networks Firewall to resolve this error message?

• A. Update- the IPSec Crypto profile for the Vendor IPSec Tunnel from group2 to no-pfs.
• B. Update the IKE Crypto profile for the Vendor IKE gateway from no pfs to group2.
• C. Update the IKE Crypto profile for the Vendor IKE gateway from group2 to no pfs
• D. Update the IPSec Crypto profile for the Vendor IPSec Tunnel from no-pfs to group2.

Answer: D

NEW QUESTION 6
What are three valid actions in a File Blocking Profile? (Choose three)

• A. Forward
• B. Block
• C. Alret
• D. Upload
• E. Reset-both
• F. Continue

Answer: ABC

Explanation: https://live.paloaltonetworks.com/t5/Configuration-Articles/File-Blocking-Rulebase-and-Action-Precedence/ta-p/53623

NEW QUESTION 7
An administrator needs to implement an NGFW between their DMZ and Core network. EIGRP Routing between the two environments is required. Which interface type would support this business requirement?

• A. Virtual Wire interfaces to permit EIGRP routing to remain between the Core and DMZ
• B. Layer 3 or Aggregate Ethernet interfaces, but configuring EIGRP on subinterfaces only
• C. Tunnel interfaces to terminate EIGRP routing on an IPsec tunnel (with the GlobalProtect License to support LSVPN and EIGRP protocols)
• D. Layer 3 interfaces, but configuring EIGRP on the attached virtual router

Answer: B

NEW QUESTION 8
If a template stack is assigned to a device and the stack includes three templates with overlapping settings, which settings are published to the device when the template stack is pushed?

• A. The settings assigned to the template that is on top of the stack.
• B. The administrator will be promoted to choose the settings for that chosen firewall.
• C. All the settings configured in all templates.
• D. Depending on the firewall location, Panorama decides with settings to send.

Answer: B

NEW QUESTION 9
A company needs to preconfigure firewalls to be sent to remote sites with the least amount of reconfiguration. Once deployed, each firewall must establish secure tunnels back to multiple regional data centers to include the future regional data centers.
Which VPN configuration would adapt to changes when deployed to the future site?

• A. Preconfigured GlobalProtect satellite
• B. Preconfigured GlobalProtect client
• C. Preconfigured PIsec tunnels
• D. Preconfigured PPTP Tunnels

Answer: A

NEW QUESTION 10
A global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck near the User-ID agent server. Which solution in PAN-OS® software
would help in this case?

• A. Application override
• B. Redistribution of user mappings
• C. Virtual Wire mode
• D. Content inspection

Answer: B

NEW QUESTION 11
Which three rule types are available when defining policies in Panorama? (Choose three.)

• A. Pre Rules
• B. Post Rules
• C. Default Rules
• D. Stealth Rules
• E. Clean Up Rules

Answer: ABC

Explanation: https://www.paloaltonetworks.com/documentation/71/pan-os/web-interface-help/panorama-web-interface/defining-policies-on-panorama

NEW QUESTION 12
Refer to the exhibit.

Which will be the egress interface if the traffic’s ingress interface is ethernet 1/7 sourcing from 192.168.111.3 and to the destination 10.46.41.113?

• A. ethernet1/6
• B. ethernet1/3
• C. ethernet1/7
• D. ethernet1/5

Answer: D

NEW QUESTION 13
Which Palo Alto Networks VM-Series firewall is valid?

• A. VM-25
• B. VM-800
• C. VM-50
• D. VM-400

Answer: C

NEW QUESTION 14
Which three firewall states are valid? (Choose three.)

• A. Active
• B. Functional
• C. Pending
• D. Passive
• E. Suspended

Answer: ADE

NEW QUESTION 15
The company's Panorama server (IP 10.10.10.5) is not able to manage a firewall that was recently deployed. The firewall's dedicated management port is being used to connect to the management network.
Which two commands may be used to troubleshoot this issue from the CLI of the new firewall? (Choose two)

• A. test panoramas-connect 10.10.10.5
• B. show panoramas-status
• C. show arp all I match 10.10.10.5
• D. topdump filter "host 10.10.10.5
• E. debug dataplane packet-diag set capture on

Answer: BD

NEW QUESTION 16
How can a candidate or running configuration be copied to a host external from Panorama?

• A. Commit a running configuration.
• B. Save a configuration snapshot.
• C. Save a candidate configuration.
• D. Export a named configuration snapshot.

Answer: D