DRAG AND DROP

THE FIREWALL ADMINISTRATOR IS REQUIRED TO ENABLE SSL FORWARD PROXY DECRYPTION FOR ALL CLIENTS ON AN ACTIVE DIRECTORY
DOMAIN. THE CLIENTS USE ONLY GOOGLE CHROME AS THE WEB BROWSER. THE CERTIFICATE NEEDS TO BE AUTOMATICALLY TRUSTED BY ALL
CURRENT AND FUTURE DOMAIN COMPUTERS WITHOUT INTERVATION. WHAT ORDER OF STEPS WILL THIS REQUIREMENT?

STEP 1 GENERATE A CERTIFICATE CALLED FWDTRUST ON THE FIREWALL TO BE USED AS THE FORWARD TRUST CERTIFICATE THAT IS SIGNED BY
THE SUB-CA CERTIFICATE

STEP 2 GENERATE AND SUBMIT A CSR CALLED SUB-CA TO THE DOMAIN PKI ADMINISTRATOR AND RETRIEVE THE GENERATED CERTIFICATE.

STEP 3 IMPORT THE SUB-CA CERTIFICATE AND CHAIN TO THE FIREWALL

STEP 4 ENABLE THE FORWARD TRUST CERTIFICATE OPTION ON THE FWDTRUST CERTIFICATE

QUESTÃO DE EXPEDITION

IN EXPEDITION, WITCH OBJECTS ARE CLASSIFIED AS "GHOST OBJECTS"?

(x) UNUSED ADDRESS OBJECTS

( ) ADDRESS OBJECTS THAT ARE NOT APPLIED IN SECURITY OR NAT POLICIES

( ) ADDRESS OBJECTS THAT ARE NOT PART OF AN ADDRESS GROUP

( ) ADDRESS IMPORTED FROM SECURITY AND NAT POLICIES WITHOUT CORRESPONDING ADDRESS OBJECTS

QUESTÃO DE INSTALAÇÃO DO EXPEDITION

WHERE AND HOW IS EXPEDITION INSTALLED?

ON AN UBUNTU SERVER BY RUNNING AN INSTALATION SCRIPT THAT WILL AUTOMATICALLY DONWLOAD ALL DEPENDENCIES

QUESTÃO SOBRE HIP

A CUSTOMER HAS DEPLOYED A GLOBALPROTECT PORTAL AND GATEWAY AS ITS REMOTE-ACCESS VPN SOLUTION FOR ITS FLEET OF WINDOWS 10
LAPTOPS.

THE CUSTOMER WANTS TO USE HOST INFORMATION PROFILE (HIP) DATA COLLECTED AT THE GLOBALPROTECT GATEWAY THROUGHOUT ITS
ENTERPRISE AS AN ADDITIONAL MEANS OF POLICY ENFORMCEMENT.

WHAT ADDITIONAL LICENSE MUST THE CUSTOMER PURCHASE?

GLOBALPROTECT LICENSE FOR EACH FIREWALL THAT WILL USE HIP DATA ENFORCE POLICY
QUESTÃO SOBRE ACCESS DOMAIN

A CUSTOMER WHO HAS A MULTI-TENANT ENVIROMENT NEEDS THE ADMINISTRATOR TO BE RESTRICTED SPECIFIC OBJECTS AND POLICIES IN THE
VIRTUAL SYSTEM WHITIN ITS TENANT.

HOW CAN AN ADMINISTRATOR'S ACCESS BE RESTRICTED? (CHOOSE ONE)

(x) DEFINE AN ACCESS DOMAIN THAT ENABLES THE DEVICE GROUPS ASSIGNED TO THE DOMAIN

( ) DEFINE ADMIN ROLE PROFILE WITH PANORAMA ENABLING ALL ACCESS

( ) DEFINE ACCESS DOMAIN FOR VIRTUAL SYSTEMS IN THE ENVIROMENT

( ) DEFINE ADMIN ROLE PROFILE WITH A DEVICE GROUP AND TEMPLATE ENABLING ALL ACCESS

QUESTÃO SOBRE ANTIVIRUS

AN ADMINISTRATOR NEEDS TO CREATE A NEW ANTIVIRUS PROFILE TO ADDRRESS A VIRUS THAT IS XXXX INTERNALLY OVER SMB.

TO CREATE A SECURE POSTURE THE ADMINISTRATOR SHOULD CHOOSE WITCH SET OF ACTIONS FOR THE SMB DECODER IN AN ANTIVIRUS
PROFILE?

( ) ACTION RESET-BOTH, WILDFIRE ACTION - ALERT

(x) ACTION RESET-BOTH, WILDFIRE ACTION - RESET-BOTH

( ) ACTION ALLOW, WILDFIRE ACTION - ALLOW

( ) ACTION DROP, WILDFIRE ACTION - RESET-BOTH

QUESTÃO SOBRE EXPEDITION

A CUSTOMER HAS A FIVE-YEAR-OLD FIREWALL IN PRODUCTION IN THE TIME SINCE THE FIREWALL WAS INSTALLED THE IT TEAM DELETED UNUSED
SECUTIRTY POLICIES ON A REGULAR BASIS, BUT DID NOT REMOVE THE ADDRESS OBJECTS AD GROUPS THAT WERE PART OF THESES SECUIRTY
POLICIES.

WHATS IS THE BEST WAY TO DELETE ALL OF THE UNUSED ADDRESS OBJECTS ON THE FIREWALL?

( ) SEARCH EACH ADDRESS OBJECTS WITH GLOBAL FIND AND DELETE IF IT SHOWS THAT THE ADDRESS OBJECTS IS NOT REFERENCED

(x) IMPORT THE CONFIGURATION IN EXPEDITION, REMOVE UNUSED ADDRESS OBJECTS AND REIMPORT THE CONFIGURATION

( ) USING CLI, EXECUTE "REQUEST CONFIGURATION ADDRESS-OBJECTS REMOTE-UNUSED-OBJECTS".

( ) GO TO ADDRESS OBJECTS UNDER THE OBJECTS TAB AND CLICK ON REMOVE UNUSED OBJECTS.
QUESTÃO SOBRE SSL DECRYPTION

YOUR CUSTOMER RECENTLY IMPLEMENT SSL DECRIPTION IN THEIR ENVIROMENT. THE FIREWALL PROTECTING YOUR ENVIROMENTIS USING PAN-
OS 10.0. USERS OF AN APPLICATION ARE FILING SUPPORT CASES CLAIMING THAT A FUNCTION OF THIS APPLICATIONIS NO LONGER WORKING.

WHERE SHOULD YOU BEGIN INVESTIGATING FOR DECRYPTION ISSUES?

(x) THE DECRYPTION LOG

( ) THE CORRELATED EVENTS LOG

( ) THE CLI USING THE "LESS MP-LOG IKEMGR.LOG

( ) THE SESSION AND REASON COLUMN IN THE TRAFFIC LOG

QUESTÃO DE IMPLEMENTAÇÃO DE FIREWALL

WHAT INFORMATION IS REQUIRED IN ORDER TO PLAN THE DEPLOYMENT OF A PERIMETER FIREWALL?

( ) THE OPERATING SYSTEM AND BROWSER VERSION OF THE MANAGEMENT CLIENT

( ) THE MANAGEMENT IP OF THE DSL DEVICE PROVIDED BY THE ISP

(x) THE LINK TYPE AND SPEED OF THE SURROUNGING DEVICES

( ) THE NAME OF THE INTERNET PROVIDER AND THE COST OF THE LINK

QUESTÃO SOBRE EXPEDITION

A CUSTOMER'S PALO ALTO NETWORKS NGFW CURRENTLY HAS ONLY ONE SECURITY POLICY ALLOWING ALL TRAFFIC. THEY HAVE IDENTIFIED THAT
THIS A SUBSTANTIAL SECURITY RISK AND HELP THEM EXTRACT SECURITY POLICIES FROM AN "ALLOW ANY" RULE.

WHAT SHOULD THE CONSULTANT STAY ABOUT EXPEDITION?

( ) THE LOG FILES CAN BE VIEWED ON EXPEDITION, AND RIGHT-CLICKING A LOG ENTRY GIVES THE OPTION TO CREATE SECURITY POLICY FROM
THE LOG ENTRY.

( ) EXPEDITION CANNOT PARSE LOG FILES AND THEREFORE CANNOT BE USED FOR THIS PURPOSE.

(x) BY USING THE MACHINE LEARNING FEATURE, EXPEDITION CAN PARSE THE TRAFFIC LOG FILES RELATED TO THE POLICY AND EXTRACT SECURITY
RULES FOR MATCHING TRAFFIC.

( ) LIVE FIREWALL TRAFFIC CAN BE VIEWED ON EXPEDITION WHEN CONNECTED TO A FIREWALL, AND EXPEDITION CAN AUTOMATICALLY CREATE
AND PUSH POLICIES TO THE FIREWALL.

QUESTÃO SOBRE DECRYPTION

SSL FORWARD PROXY DECRYPTION IS ENABLED ON THE FIREWALL. WHEN CLIENTS USE CHROME TO BROWSE TO HTTPS SITES THE FIREWALL
RETURNS THE FORWARD TRUST CERTIFICATE, EVEN WHEN ACCESSING WEBSITES WITH INVALID CERTIFICATES. THE CLIENTS NEED TO BE
PRESENTED WITH A BROWNSER WARNING ERROR WITH THE OPTION TO PROCEED TO WEBSITES WITH INVALID CERTIFICATES.
WITCH TWO OPTIONS WILL SATISFY THIS REQUIREMENT? (CHHOSE TWO)

(x) CREATE A PKI SIGNED FORWARD UNTRUST ENABLED CERTIFICATE

(x) CREATE A SELF-SIGNED FORWARD UNTRUST ENABLE CERTIFICATE

( ) REMOVE THE FORMWARD UNTRUST OPTION FROM THE FORMWARD TRUST CERTIFICATE

( ) CREATE A DECRYPTION PROFILE WITH THE BLOCK SESSIONS WITH EXPIRED CERTIFICATES OPTION ENABLED

REVIEW THE CUSTOMER SCENARIO:

-AN ORGANIZATION HAS DEPLOYED AN ACTIVE/PASSIVE 7080 HA PAIR IN THEIR DATA CENTER

-THE 7080 FIREWALL HAS THREE 100G NPCs INSTALLED IN SLOTS 1,2, AND 12

-IN SLOTS 1 AND 2, THE NPCs ARE BEING USED TO CREATE TWO 200G AGGREGATE ELEMENTS WITH LACP TO THEIR SWITCH INFRATRUCTURE IN
A LAYER 3 DEPLOYMENT WITH OSPF AND BGP ROUTING.

-THE NETWORKING TEAM HAS RECEIVED ALERTS VIA SOLARWINDS RECENTLY THAT THE NPC IN SLOT 1 HAS A HIGH DP LOAD AND HIGH NETWORK
UTLIZATION ON ONE OF TWO INTERFACES.

WHAT CAN YOU RECOMMEND TO THE TEAM TO BALANCE THE TRAFFIC MORE EVENLY AND REDUCE HIGH UTILIZATION OG SLOT 1?

( ) ENABLE ECMP WITH SYMETRIC RETURN

(x) CHANGE THE SESSION DISTRIBUTION POLICY.

( ) ENABLE JUMBO PACKETS

( ) ADD 100G INTERFACE FROM SLOT 12 THE AGGREGATE ETHERNET TO PROVIDE MORE BANDWIDTH.

YOUR CUSTOMER IS SETTING UP AN IPSEC VPN WITH A THIRD PARTY. THE THIRD-PARTY DEVICE ONLY SUPPORTS POLICY-BASED IPSEC VPN
TUNNELS.

WHAT MUST BE SET UP ON IPSEC TUNNEL ON THE PALO ALTO NGFW TO SUPPORT POLICY-BASED TUNNELS?

( ) DNS PROXY

( ) POLICY-BASED FORWARD

( ) STATIC ROUTE

(x) PROXY-ID
A CUSTOMER IS ADDING A NEW SITE-TO-SITE TUNNEL FROM A PALO ALTO NGFW TO A THIRD PARTY WITH A POLICY BASED VPN PEER. AFTER
THE INITIAL CONFIGURATION IS COMPLETED, PHASE 2 FAILS TO ESTABLISH.

WICH TWO CHANGES MAY BE REQUIRED TO FIX ISSUE? (CHOOSE TWO)

(x) ADD PROXY IDs TO THE IPSEC TUNNEL CONFIGURATION

(x) ENABLE THE NAT TRANSVERSAL ADVANCED OPTION

( ) VERIFY THAT THE CERTIFICATE USED FOR AUTHENTICATION IS INSTALLED

( ) VERIFY THAT PFS IS ENABLE ON BOTH ENDS

A FIREWALL WAS PREVIOUSLY CONNECTED TO A USER-ID AGENT SERVER NOW SHOWS DISCINNECTED.

WHAT IS LIKELY CAUSE?

( ) THE SERVER HAS STOPPED LISTENING PORT 2010

( ) THE DOMAIN CONTROLLER SERVICE ACOOUNT HAS BEEN LOCKED OUT

(x) THE AGENT IS NOT RUNNING

( ) THE FIREWALL WAS UPGRADED TO PAN-OS VERSION THAT IS NOT COMPATIBLE WITH AGENT VERSION

WHICH CLI COMMAND SHOULD YOU USE TO VERIFY WHETHER ALL SFP, SFP+ OR OSPF MODULES ARE INSTALLED IN A FIREWALL?

(x) show system state filter sys.s*.p*.phy

( ) show system info

( ) show interface <interface name> detail

( ) show system state filter sys.p*.phy

THE WEB INTERFACE OF YOUR HA PEER OF PALO ALTO NGFW IS NOT RESPONDING.

THE CUSTOMER

( ) request high-availability state suspended ON THE PASSIVE FIREWALL

( ) request high-availability state functional ON THE PASSIVE FIREWALL

(x) request high-availability state suspended ON THE ACTIVE FIREWALL

( ) request high-availability state functional ON THE ACTIVE FIREWALL

QUESTAO SOBRE URL FILTERING

A URL IS CATEGORIZED AS BOTH HEALTH-AND-MEDICINE AND ABUSED-DRUGS. THE HEALTH-AND-MEDICINE CATEGORY IS SET TO "ALLOW" AND
THE ABUSED-DRUGS IS SET TO "BLOCK".

WHICH TWO ACTIONS WILL BE TAKEN WHEN THIS URL IS VISITED? (CHOOSE TWO)

(x) LOG

( ) ALLOW

(x) BLOCK

( ) CONTINUE

QUESTÃO SOBRE LOG COLLECTOR

A CUSTOMER HAS A PART-OF-PANORAMA HA APPLIANCES RUNNING LOCAL LOG COLLECTORS AND WANTS TO HAVE A LOG REDUNDANCY ON
LOGS FORWARDED FROM FIREWALLS.

WHICH TWO CONFIGURATION OPTIONS WILL THE CUSTOMER'S REQUIREMENT FOR A "BIG REDUNDANCY"? (CHOOSE TWO)

( ) PANORAMA OPERATIONS MODE NEEDS TO BE DEDICATED LOG COLLECTOR.

(x) A COLLECTOR GROUP MUST CONTAIN AT LEAST TWO LOG COLLECTORS.

( ) PANORAMA CONFIGURED IN HA PROVIDES LOG REDUNDANCY

(x) LOG REDUNDANCY MUST BE ENABLED PER COLLECTOR GROUP

WHICH FIREWALL INTERFACE TYPE ALLOWS YOU TO NON-DISRUPTIVELY MONITOR TRAFFIC COMMING FROM A PORT OPERATING IN
PROMISCUOUS MODE?

( ) LAYER-2

( ) V-WIRE

(x) TAP

( ) LAYER-3

A CUSTOMER IS ADDING A NEW SITE-TO-SITE TUNNEL FROM A PALO ALTO NGFW TO A THIRD PARTY WITH A POLICY BASED VPN PEER. AFTER
THE INITHIAL CONFIGURATION IS COMPLETED AND THE CONNECTED PHASE 2 FAILS TO STABLISH.

WICH TWO CHANGES MAY BE REQUIRED TO FIX THE ISSUE? (CHOOSE TWO)
(x) ADD PROXY ID's TO THE IPSEC TUNNEL CONFIGURATION

(x) ENABLE THE NAT TRANSVERSAL ADVANVED OPTION

( ) VERIFY THAT CERTIFICATE USED FOR AUTHENTICATION IS INSTALLED

( ) VERIFY THAT PFS IS ENABLE ON BOTH ENDS

WICH CATEGORY OF VULNERABILITY SIGNATURE IS MOST LIKELY TO TRIGGER FALSE POSITIVE ALERTS?

(x) BRUTE-FORCE

( ) PHISHING

( ) INFO-LEAK

( ) CODE-EXECUTION

WHICH TWO OPTIONS DESCRIBE THE BEHAVIOR OF THE DIRECTION PROPERTY IN A WILDFIRE ANALYSIS PROFILE RULE? (CHOOSE TWO)

( ) THE BOTH DIRECTION OPTION MATCHES ALL FILES THAT ARE SEEN BY THE FIREWALL, REGARDLESS OF WHETHER THE TRANSFER IS STARTED
BY THE CONNECTION INITIATOR OR REPONDER.

(x) THE DOWNLOAD DIRECTION OPTION MACTHES FILES THAT THE CONNECTION INITIATOR RECEIVED FROM THE SERVICE IT CONNECTED TO.

(x) THE UPLOAD DIRECTION MATCHES ONLY FILES THAT WERE UPLOADED TO THE INTERNET BY A USER ON THE INSIDE NETWORK.

( ) THE BOTH DIRECTION OPTION MATCHES ALL FILES, BUT ONLY IF THE TRANSFER IS STARTEDBY THE CONNECTION INITIATOR.

WHAT INFORMATION IS REQUIRED IN ORDER TO PLAN THE DEPLOYMENT OF A PERIMETER FIREWALL?

( ) THE OPERATING SYSTEM AND BROWSER VERSION OF THE MANAGEMENT CLIENT

( ) THE MANAGEMENT IP FO THE DSL DEVICE PROVIDED BY THE ISP

(x) THE LINK TYPE AND SPEED OF THE SURROUNDING DEVICES

( ) THE NAME OF THE INTERNET PROVIDER AND THE COST OF THE LINK

A CUSTOMER HAS A FIVE-YEAR-OLD FIREWALL IN PRODUCTION. IN THE SINCE THE FIREWALL WAS INSTALLED, THE IT TEAM DELETED SECUIRTY
POLICIES ON A REGULAR BASIS, BUT DID NOT REMOVE THE ADDRESS OBJECTS AND GROUPS THAT WERE PART OF THESE SECURITY POLICIES.

WHAT IS THE BEST WAY TO DELETE ALL OF THE UNUSED OBJECTS ON THE FIREWALL?

( ) SEARCH EACH ADDRESS OBJECT WITH GLOBAL FIND AND DELETE IF IT SHOWS THAT THE ADDRESS OBJECT IS NOT REFERENCED.

(x) IMPORT THE CONFIGURATION IN EXPEDITION, REMOVE UNUSED ADDRESS OBJECTS AND REIMPORT THE CONFIGURATION

( ) USING CLI EXECUTE request configuration address-objects remove-unused-objects.

( ) GO TO ADDRESS OBJECTS UNDER THE OBJECTS TAB AND CLICK ON REMOVE UNUSED OBJECTS
DRAG AND DROP

+------------------------+

1º | SHARED PRE-RULES |

+------------------------+

2º | DEVICE GROUP PRE-RULES |

+------------------------+

3º | LOCAL FIREWALL RULES |

+------------------------+

4º | DEVICE GROUP POST-RULES|

+------------------------+

5º | SHARED POST-RULES |

+------------------------+

DRAG AND DROP

A CLIENT INITIATES A SSL SESSION WITH THE SERVER. THE NGFW INTERCEPTS THE CLIENTE'S SSL REQUEST. FOR WHAT HAPPENS NEXT, MATCH
EACH SSL FORWARD PROXY TASK WITH ITS ORDER IN THE PROCCESS

STEP 1 NGFW INITIATES AN SSL SESSION WITH THE SERVER

STEP 2 SERVER SENDS A SIGNED CERTIFICADO TO PRESENT TO THE CLIENT

STEP 3 NGFW SIGNS A COPY OF THE SERVER CERTIFICATE AND SENDS IT TO THE CLIENT FOR AUTHENTICATION. THE CLIENT THAN VERIFIES THE
CERTIFICATE FROM THE NGFW

STEP 4 SSL TUNNELS ARE ESTABLISHISHED BETWEEN THE CLIENT SERVER AND THE NGFW AND THE SERVER

WHAT ARE THE THREE PREDEFINED EXTERNAL DYNAMIC LISTS IN PAN-OS THAT CUSTOMERS RECEIVED WITH THEIR CONTENT AND THREAT
UPDATES? (CHOOSE THREE)

( ) COMMAND-AND-CONTROL IP ADDRESSES

(x) KNOW-MALICIOUS IP ADDRESES

( ) EMBARGOED-COUNTRY IP ADDRESSES

(x) BULLETPROOF IP ADDRESS

(x) HIGH-RISK IP ADDRESSES

AN ADMINISTRATOR NEEDS TO CREATE A NEW ANTIVIRUS-PROFILE TO ADDRESS A VIRUS THAT IS SPREADING INTERNALLY OVER SMB.

TO CREATE A SECURE POSTURE THE ADMINISTRATOR SHOULD CHOOSE WITCH SET OF ACTIONS FOR THE SMB DECODER IN AN ANTIVIRUS
PROFILE?

( ) ACTION - RESET-BOTH; WILDFIRE ACTION - ALERT

(x) ACTION - RESET-BOTH; WILDFIRE ACTION - RESET-BOTH

( ) ACTION - ALLOW; WILDFIRE ACTION - ALLOW

( ) ACTION - DROP; WILDFIRE ACTION - RESET-BOTH

A CUSTOMER HAS DEPLOYED A GLOBALPROTECT PORTAL AND GATEWAY AS ITIS REMOTE-ACCESS VPN SOLUTION FOT ITIS FLEET OF WINDOWS
10 LAPTOPS.

THE CUSTOMER WANTS TO USE HOST IMFORMATION PROFILE (HIP) DATA COLLECTED AT THE GLOBALPROTECT GATEWAY THROUGHOUT ITS
ENTERPRISE AS AN ADDITIONAL MEANS OF POLICY ENFORCEMENT.

WHAT ADDITIONAL LICENSING MUST THE CUSTOMER PURCHASE?

( ) GLOBALPROTECT LICENSE FOR THE GATEWAY FIREWALL

(x) GLOBALPROTECT LICENSE FOR EACH FIREWALL THAT USE HIP DATA TO ENFORCE POLICY.

( ) DNS SECURITY ON THE PERIMETER FIREWALL

( ) WILDFIRE LICENSE

A COMPANY IS READY TO USE EXPEDITION TO:

-MIGRATE JUNIPER SRX CONFIGURATIONS

-PERFORM AN APP-ID MIGRATION IN THE FUTURE

-TEST MACHINE LEARNING

THE COMPANY WANTS TO KNOW THE RECOMMENDED HARDWARE REQUIREMENTS FOR INSTALLATION IN THEIR DATACENTER.

WHAT ARE THE CORRECT SPECIFICATIONS?

( ) 1CPU AND 15GB OF RAM

( ) 2CPU AND 16GB OF RAM

(x) 4CPU AND 16GB OF RAM

( ) 12CPU AND 32GB OF RAM

IN EXPEDITION, WITCH OBJECTS ARE CLASSIFIED AS "GHOST OBJECTS"?

(x) UNUSED ADDRESS OBJECTS

( ) ADDRESS OBJECTS THAT ARE NOT APPLIED IN SECURITY OR NAT POLICIES

( ) ADDRESS OBJECTS THAT ARE NOT PART OF AN ADDRESS GROUP

( ) ADDRESSES IMPORTED FROM SECURITY AND NAT POLICIES WITHOUT CORRESPONDING ADDRESS OBJECTS.

A CUSTOMER RECENTLY PURCHASE A LICENSE FOR URL AND IS HAVING TROUBLE ACTIVATING PAN-DB. WICH TWO COMMANDS CAN BE USED
TO THROUBLESHOOTING THIS ISSUE? (CHOOSE TWO)

(x) show system setting url-database

( ) show device setting pan-db

(x) request license info

( ) request url-database license info

IN PREPARATION FOR A CUTOVER EVENT, WHAT TWO PROCCESSES OR PROCEDURES SHOULD BE VERIFIED? (CHOOSE TWO)

( ) LOGGING AND REPORTING

( ) AUDITING

(x) CHANGE MANAGEMENT REQUIREMENTS

(x) ROLES AND RESPONSABILITIES

WICH THREE ATRIBUTES CAN BE USED TO EXCLUDE TRAFFIC FROM AN SSL DECRYPTION POLICY? (CHOOSE THREE)

( ) APPLICATION

(x) DESTINATION

(x) USER-ID

(x) URL CATEGORY

( ) HIP-PROFILE

WHAT ARE TWO COMMANDS REQUIREDTO UPGRADE EXPEDITION? (CHOOSE TWO)

( ) sudo apt-get update expedition

( ) sudo apt-get upgrade all

(x) sudo apt-get install expedition-beta

(x) sudo apt-get update

WICH ROUTING CONFIGURATION SHOULD YOU RECOMMEND TO A CUSTOMER WHO WISHES TO ACTIVELY USE MULTIPLE PATHWAYS TO THE
SAME DESTINATION?

(x) ECMP

( ) BGP

( ) RIPv2

( ) OSPF

A CUSTOMER USED AN IN-HOUSE SCRIPT TO MIGRATE AN ASA CONFIGURATION WITH 1250 ADDRESS AND SERVICE OBJECTS TO A PANORAMA
DEVICE GROUP FOR THAT LOCATION.

THEY ARE PUSHING THE DEVICE GROUP AND TEMPLATE CONFIGURATION TO A PA-820 FOR THE FIRST TIME, AND IT FAILS WITH THE FOLLOWING
ERROR:

"ERROR: NUMBER OS ADDRESSES, DYNAMIC GROUPS, EXTERNAL-IP-LISTS... EXCEEDED PLATAFORM CAPACITY (2500)."

WHAT ARE THREE EFICIENT WAYS TO SOLVE THIS PROBLEM? (CHOOSE THREE)

( ) UPGRADE THE LICENSE CAPACITY TO ALLOW MORE OBJECTS ON THE PA-820 APPLIANCE.

(x) VERIFY THE "SHARE UNUSED ADDRESS AND SERVICE OBJECTS WITH DEVICES" SETTING IN THE PANORAMA GUI.

(x) CLEAN UP AND MERGE THE DEVICE GROUP ADDRESS AND SERVICE OBJECTS USING EXPEDITION.

(x) UPGRADE TO A PA-850 APPLIANCE, WHICH SUPPORTS 3500 ADDRESS AND SERVICE OBJECTS.

( ) IMPORT THE ADDRESS AND SERVICE OBJECTS DIRECTLY TO THE PA-820 APPLIANCE.

DURING A DESIGN SESSION A COMPANY IDENTIFIES A HARDWARE MODEL FOR DEPLOYMENT. IT IS IMPORTANT TO IMPLEMNT QOS ACROSS THE
COMPANY'S AGGREGATE ETHERNET (AE) CONFIGURATIONS.

WICH THREE PLATAFORMS SUPPORT QOS ACROSS AE INTERFACES? (CHOOSE THREE)

(x) PA-3200

( ) PA-850

(x) PA-7000

(x) PA-5200

( ) VM-SERIES
YOU HAVE JUST COMPLETED A FIREWALL MIGRATION PROJECT IN EXPEDITION. EXPEDITION IS NOT DIRECTLY CONNECTED TO A FIREWALL. YOU
DECIDE TO EXPORT THE CONFIGURATION.

WHAT TWO FILE TYPES WILL BE AVAILABLE TO YOU IN THE DOWNLOAD OPTIONS? (CHOOSE TWO)

(x) AN XML FILE TO UPLOAD TO THE PALO ALTO NETWORKS DEVICE

(x) A TXT FILE WITH SET COMMANDS

( ) THE README FILE DESCRYPTION HOW TO USE THE CML FILE

( ) A TECH SUPPORT FILE FOR THE TARGET FIREWALL

DRAG AND DROP

MATCH THE APP-ID ADOPTION TASK WITH ITS ORDER IN THE PROCESS

STEP 1 PERFORM A LIKE-FOR-LIKE (LAYER 3/4) MIGRATION FROM THE LEGACY FIREWALL TO THE PALO ALTO NETWORKS NGFW.

STEP 2 CLONE THE LEGACY RULES AND ADD APPLICATION INFORMATION TO THE INTENDED APPLICATION-BASED RULES

STEP 3 CAPTURE, RETAIN, AND VERIFY THAT ALL TRAFFIC HAS BEEN LOGGED FOR A PERIOD OF TIME

STEP 4 VERIFY THAT NO TRAFFIC IS HITING THE LEGACY RULES

STEP 5 REMOVE THE LEGACY RULES

WHAT HAPPENS WHEN A PACKET FROM AN EXISTING SESSION IS RECEIVED BY A FIREWALL THAT IS NOT OWNER IN HA ACTIVE/ACTIVE
CONFIGURATION?

(x) THE FIREWALL FORWARDS THE PACKET TO THE PEER FIREWALL OVER THE HA3 LINK.

( ) THE FIREWALL REQUESTS THE SENDER TO RESEND THE PACKET.

( ) THE FIREWALL TAKES OWNERSHIP OF THE PEER FIREWALL.

( ) THE FIREWALL DROPS THE PACKET TO PREVENT ANY L3 LOOPS

DRAG AND DROP

ROLE WHEN PLANNING A FIREWALL, PANORAMA AND CORTEX XDR DEPLOYMENT

SECURITY ENGENEER ------> DETERMINES THE SECURITY, LOGGING, REPORTING REQUIREMENTS AND MANAGES THE
SECURITY POLICY

SYSTEM ADMINISTRATOR ------> MANAGES THE SOFTWARE DISTRIBUTION METHOD FOR THE CORTEX XDR CLIENT

SYSTEM OPERATIONS ANALIST ------> MANAGES THE ALERTS AND RESPONDS TO THREATS IDENTIFIED ON THE NETWORK OS ENDPOINTS.

NETWORK ENINEER ------> MANAGE THE ROUTING, SWITCHING, AND GENERAL DEVICE
INTERCONNECTIVITY

INNTEAD OF DISABLING APP-IDS REGULARY, A SECURITY POLICY RULE IS GOING TO BE CONFIGURED TO TEMPORARILY ALLOW NEW APP-ID's. IN
WHICH TWO CIRCUMSTANCES IS IT VALID TO DISABLE APP-IDs AS PART OF CONTENT UPDATE? (CHOOSE TWO)

(x) WHEN AN ORGANIZATION OPERATES A MISSION-CRITICAL NETWORK AND HAS ZERO TOLERANCE FOR DOWNTIME

( ) WHEN PLANNING TO ENABLE THE APP-IDs IMMEDIATELY

(x) WHEN YOU WANT TO IMMEDIATELY BENEFIT FROM THE LATEST THREAT PREVENTION

( ) WHEN DISABLING FACEBOOK-BASE TO DISABLE ALL OTHER FACEBOOK APP-IDs

TAC HAS REQUESTED A PACAP ON YOUR PANORAMA TO SEE SHY THE DNS APP IS HAVING INTERMMITENT ISSUES RESOLVING FQDN.

WHAT IS THE CLI COMMAND?

( ) tcp dump snaplen 53 filter "tcp 53"

( ) tcpdump snaplen 53 filter "port 53"

(x) tcpdump snaplen 0 filter "port 53"

( ) tcp dump snaplen 0 filter "app dns"

WHY IS THRESHOULD USED WHEN CONTENT UPDATES ARE INSTALLED?

( ) TO ALLOW THE CONTENT UPDATES TO BE LOADED ON A FRIDAY BUT INSTALLED OVER THE WEEKEND.

( ) TO ENSURE THAT THE CONTENT UPDATES IS INSTALLED ONLY DURING A CHANGE WINDOW

(x) TO ALLOW TIME TO SEE IT THE CONTENT UPDATE GETS REDACTED BY PALO ALTO NETWORKS

( ) TO LET THE FIREWALL LOAD THE CONTENT UPDATES BEFORE IT ACTUALLY INSTALLS THEM
WITCH THREE STEPS MUST AN ADMINISTRATOR PERFORM TO LOAD ONLY ADDRESS OBJECTS FROM A PAN-OS SAVED CONFIGURATION FILE INTO
A VM-300 FIREWALL THAT IS IN PRODUCTION? (CHOOSE THREE)

( ) LOAD THE CONFIG IN THE WEB INTERFACE AND COMMIT

(x) ENTER THE CONFIGURATION MODE FROM THE CLI

(x) USE LOAD CONFIG PARTIAL COMMAND

( ) USE THE DEVICE CONFIGURATION IMPORT IN PANORAMA

(x) IMPORT NAMED CONFIGURATION SNAPSHOT THROUGH THE WEB INTERFACE

WHAT IS THE DEFAULT PORT USED TO COMMUNICATE WITH THE FIREWALL BY THE WINDOWS USER-ID AGENT SOFTWARE?

( ) 5009

( ) 636

( ) 443

(x) 5007

WICH INTERFACE DEPLOYMENTS SUPPORT THE AGGREGATE ETHERNET ACTIVE CONFIGURATION? (CHOOSE THREE)

(x) LACP IN VWIRE

(x) LACP IN LAYER 3

( ) LLDP IN LAYER 2

( ) LACP IN TAP

(x) LACP IN LAYER 2

YOUR CUSTOMER BELIVIES THAT PANORAMA APPLIANCE IS BEING OVERWHELMED BY THE LOGS FROM DEPLOYED PALO ALTO NETWORKS NGFW.

WHAT CLI COMMAND CAN YOU RUN TO DETERMINE THE NUMBER OF LOGS PER SECOND SEND BY EACH FIREWALL?

( ) show log traffic

( ) debug log-sender statistics

(x) debug log-receiver statistics

( ) show logging status

A FIREWALL USES THE DEFAULT SETTINGS ON THE DEVICE > SETUP AND POLICY > SECURITY TABS. A LDAP SERVER IS CONNECTED TO THE INSIDE
ZONE OF THE FIREWALL AND IS ASSIGNED THE CIDR RANGE 10.10.20.10/24.

THE MANAGEMENT NETWORK AND THE INSIDE ZONE ARE NOT CONNECTED THROUGH ROUTING. THE WINDOWS USER-ID AGENT IS INSTALLED
AND STARTED ON THE LDAP SERVER USING TCP PORT 5007 FOR COMMUNICATION.

THE WINDOWS FIREWALL IS CORRECTLY CONFIGURED TO ALLOW COMMUNICATION.

THE FOLLOWING ERROR APEARS IN THE SYSTEM LOG:

USER-ID AGENT userid(vsys1): Error: Failed to connect to 10.10.20.10(10.10.20.10):5007 details: none.

+-------+-----------+------+------+---------+

| NAME | HOST | PORT |PROXY |CONNECTED|

+-------+-----------+------+------+---------+

|userid1|10.10.20.10| 5007 | yes | no |

+-------+-----------+------+------+---------+

WHAT IS CAUSING THE CONNECTION PROBLEM?

( ) A LDAP SERVER PROFILE HAS NOT BEEN CONFIGURED YET

(x) userid1 IS CONFIGURED AS A LDAP PROXY

( ) THE USER-ID AGENT IS RUNNING USING THE DEFAULT SERVICE ROUTE SETTINGS

( ) THERE IS NO SECURITY POLICY RULE IN PLACE TO ALLOW THE TRAFFIC

WHAT IS THE DEFAULT PORT USED BY THE TERMINAL SERVER AGENT TO COMMUNICATE WITH A FIREWALL:

( ) 636

(x) 5009

( ) 5007

( ) 443

DRAG AND DROP

WICH THE TASK OF SERVER SETTINGS IN GROUP MAPPING WITH ITS ORDER IN THE PROCESS
STEP 1 CREATE AN LDAP SERVER PROFILE

STEP 2 NAVIGATE TO DEVICE > USER IDENTIFICATION > GROUP MAPPING

STEP 3 ADD A NEW GROUP MAPPING

STEP 4 ENTER A UNIQUE NAME TO IDENTIFY THE GROUP MAPPING CONFIGURATION

STEP 5 SELECT THE LDAP SERVER PROFILE

DRAG AND DROP

STEP 1 ACQUIRE CONFIGURATION FILE FROM THE CUSTOMER

STEP 2 IMPORT CONFIGURATION INTO EXPEDITION OR THE TOOL OF YOUR CHOICE AND PERFORM A LIKE-FOR-LIKE MIGRATION

STEP 3 ALLOW TRAFFIC TO MATCH THE SERVICE/PORT-BASED RULES FOR A TIME PERIOD AGREEABLE TO THE CUSTOMER

STEP 4 IMPORT AND LOAD THE LIKE-FOR-LIKE CONFIGURATION IN THE NGFW OR PANORAMA

STEP 5 ALLOW TIME FOR TRAFFIC TO MATCH APP-ID RULES. ENSURE THAT THE PORT RULES ARE NOT GETTING HITS. DELETE PORT RULES WHEN
THEY ARE NOT GETTING HITS.

WHAT THE AUTHENTICATION ALGORITIMS ARE SUPPORTED BY PALO ALTO IN TLSv1.3

SHA256

SHA384

WHAT INFORMATION IS NECESSARY TO PROPERTY PLAN THE DEPLOYMENT OF A PANORAMA HARDWARE APPLIANCE FOR FIREWALL
MANAGEMENT?

CONSIDERAÇÕES DE PROVAS ANTERIORES:

CLIENTE TEM AMBIENTE NA AWS E QUER FAZER CLUSTER ATIVO/ATIVO

não da pra fazer ativo/ativo na aws

CLIENTE QUER MONTAR CLUSTER EM AMBIENTE AZURE

nao da pra fazer cluster na azure

COMANDO PARA CARREGAR PARCIAL A CONFIGURAÇÃO:

no panorama - load config partial from Lab4.xml from-xpath /config/devices/entry/vsys/entry/rulebase/security to-xpath

/config/devices/entry/device-group/entry[@name='DG1']/post-rulebase/security mode merge

no firewall - load config partial from MT-LAP6.xml from-xpath /config/devices/entry/vsys/entry/rulebase/security to-xpath

/config/devices/entry/vsys/entry/rulebase/security mode merge

COMANDO PARA VERIFICAR UMA SESSAO

show session id <id>

SESSION OWNER E SESSION SETUP (ATIVO/ATIVO)

COMO O FIREWALL PASSA A SESSAO DE UM EQUIPAMENTO PARA O OUTRO

atraves da HA3

EM ATIVO/ATIVO EM QUAL OCORRE O NAT?

o session setup firewall faz o match da regra de NAT, mas o NAT ocorre no firewall que tem a session owner.

CLIENTE VERIFICOU QUE TEM ACESSO A PARTE DE JOGOS DO FACEBOOK E DESEJA BLOQUEAR, O QUE ELE PRECISA?

(ssl decryption, regra de segurança)

CRIAR UMA REGRA DA REDE INTERNA PARA A INTERNET PARA ACESSAR SSH

melhor prática: criar uma regra com a aplicação SSH e application-default

TEM UMA REGRA CRIADA E PERGUNTA QUAL SECURITY PROFILE GROUP FOI APLICADO

- coloquei o default por que a questão estava confusa.

COMANDO PARA VERIFICAR ROTA BGP VIA CLI

show routing protocol bgp loc-rib

show routing protocol bgp rib-out

COMO PODE SER FEITA A IDENTIFICACAO DE USUÁRIOS

captive portal

xml api

syslog

DECRYPTION POLICY - CAI QUESTOES ENVOLVENDO AS OPCOES DO QUE PODE FAZER OU NAO NA DECRYPTION POLICY, QUANDO USAR PARA
DETERMINADO CASO, ETC.

name - nome da regra

source - zona, ip, usuário

 destination - zona, ip

service/url - servico/url

acoes - No Decrypt e Decrypt

Type:

SSL forward Proxy - inspecionar tráfego de saída

SSH Proxy - inspecionar tráfego ssh

SSL inbound inspection - inspecionar tráfego de entrada

COMO CONFIGURAR UM HOST PARA SER EXLCUIDO DA INSPEÇÃO SSL *

Device->Certificate Management->SSL Decryption Exclusion

CLIENTE TEM 2000 REGRAS SEM APLICACAO E DESEJA TRANSFORMÁ-LAS EM APP-ID COMO FAZER?

X Pode usar o expedition e fazer a adoção do app-id

clonar as regras e manter antes das regras antigas a regra com app-id - marquei esse

CLIENTE ESTÁ VENDO TRÁFEGO NAO RECONHECIDO NOS LOGS O QUE FAZER (MARCAR DUAS OPCOES)

opcoes mais lógicas

Criar uma aplicação customizada

criar um app override

O QUE É NECESSÁRIO PARA CRIAR UM APP OVERRIDE

name

source - zone,ip

destination - zone,ip

protocol/aplication - protocolo TCP ou UDP, porta e qual aplicação será sobrescrita.

QUAIS PROTOCOLOS PODEM SER USADOS PARA CRIAR UMA CUSTOM-APP

TCP e UDP

O QUE É NECESSÁRIO SE TER NA HORA DE ABRIR UM CHAMADO COM O TAC

serial da caixa

informação de contato