Professional Documents
Culture Documents
PA Dumps - Sanil - 94-116
PA Dumps - Sanil - 94-116
A consultant advises a client on designing an explicit web proxy deployment on Pan-OS 11.0. The
client currently uses RADIUS authentication in their environment which two pieces of information
should the consultant provide the client regarding web proxy authentication? (Choose two)
A. RADIUS is not supported for explicit or transparent web proxy.
B. Kerberos or SAML Authentication need to be configured.
C. LDAP or TACACS+ authentication need to be configured.
D. RADIUS is only supported for transparent web proxy.
Answer: A B
item 95 of 139
Phase two of a VPN will not establish a connection. The peer using a policy-based VPN configura-
tion. What part of configuration should the engineer verify?
A. PAN-OS Version
B. IKE Crypto profile
C. Proxy-IDs
D. Security policy
Answer C
Item 96 of 139
In the New App viewer under policy optimizer, what does the compare option for a specific rule
allow an administrator to compare?
A. The running configuration with the candidate configuration of the firewall
B. Applications configured in the rule with their dependencies
C. Applications configured in the rule with applications seen from traffic matching the same rule.
D. The security Rule with any other security rule selected.
Answer C
Item 97 of 139
What can be used as an action when creating a policy-based forwarding (PBF) policy?
A. Discard
B. Deny
C. Allow
D. Next VR
Answer A
item 98 of 139
which two factors should be considered when sizing a decryption Firewall deployment? (Choose
Two)
A. Number of blocked sessions
B. TLS protocol version
C. Encryption Algorithm
D. Number of security zones in decryption policy
Answer BC
item 99 of 139
which two profiles should be configured when sharing tags from threat logs with a remote user-ID
agent? (Choose two)
A. LDAP
B. HTTP
C. Log forwarding
D. Log ingestion
Answer BC
An engineer has been asked to limit which routes are shared by running two different areas within
an OSPF implementation. However, the devices share a common link for communication. which
virtual router configuration supports running multiple instances of OSPF protocol over a single
link?
A OSPF
B. ECMP
C. OSPFV3
D. ASBR
Answer : C
item 102 of 139
A network admistrator wants to deploy SSL forward proxy decryption. What two attributes should a
forward trust certificate have? (Choose two)
C. A server certificate
D. A private key
Answer BD
which DoS protection profile detects and prevents session exhaustion attacks against specific
definitions?
A. Resource Protection
B. TCP port scan protection
C. Packet based attack protection
D. Flood protection
Answer A
A. Perform a device group push using "merge with device candidate config" option
B. Disable Share Unused Address and Service Objects with Devices in Panorama Settings
C. Use export or push device config bundle to ensure that firewall is integrated with panorama
config
D. Update the apps and threat version using device deployment
Answer B
The engineer needs to configure dynamic updates data plane interface for internet traffic. what
should be configured in setup > Services> service route configuration to allow this traffic?
A. Set DDNS and Palo Alto networks services to use the MGT source interface
B. Set DNS and Palo Alto network services to use Ethernet 1/2 source interface
C. Set DNS and Palo Alto networks services to use Ethernet 1/1 source interface
D. Set a DNS and Palo Alto networks services to use MGT source interface
Answer D