You are on page 1of 8

Question 1 of 20.

The VM-Series firewalls support which five environments? (Choose five.)

VMware ESXi
Citrix XenServer
VMware NSX
Linux VServer
Google Cloud Platform

Mark for follow up

Question 2 of 20.

Which two PAN-OS® tabs would an administrator use to identify compromised users
after a spike in dangerous traffic is observed? (Choose two.)

Mark for follow up

Question 3 of 20.

Which three technologies are part of Palo Alto Networks next-generation firewall?
(Choose three.)
Unified Threat Management

Mark for follow up

Question 4 of 20.

What are two features of the Traps Management Service? (Choose two.)
Integrate with GlobalProtect into a single agent that manages both endpoint
protection and mobile user connectivity
be deployed with your own hardware and infrastructure
requires no server licenses or databases
be deployed as a cloud-managed service solution

Mark for follow up

Question 5 of 20.

What are the three essential components of a Magnifier deployment? (Choose three.)
Log Collector
Aperture logs
Logging Service
AutoFocus Logs

Mark for follow up

Question 6 of 20.

What is the function of the Decryption Broker on the next-generation firewall?

consolidate all the information from scans for unknown malware, system status, and
system health alerts of the firewall into one central broker interface
provide content inspection of all known and unknown traffic sessions at the
granular level
eliminate the need for a third-party SSL decryption solution and reduce the number
of third-party devices performing traffic analysis and enforcement
function as centralized communication between firewalls for decoding traffic
decode applications and URL traffic coming through the firewall and assign priority
to specific traffic patterns according to geographical location

Mark for follow up

Question 7 of 20.

How does the Log Collector differ from the Logging Service?
The Log Collector provides a centralized repository for your on-premise and virtual
firewalls, whereas the Logging Service provides only data isolation to avoid cross-
contamination of logs.
The Log Collector has built-in log redundancy, whereas the Logging Service has no
cloud compliance requirements.
The Log Collector ensures redundancy by having multiple copies of your log
database, whereas the Logging Service is regionalized based on your location.
The Log Collector is hardware-based, whereas the Logging Service is scalable on

Mark for follow up

Question 8 of 20.

How does Evident provide security protection in the IaaS space?

Evident monitors an organization’s cloud infrastructure by leveraging machine
learning for predictive insights into monitoring, auditing, and securing all cloud
Evident ensures that your cloud deployments are secure by analyzing the
configurations of all the services and account settings against strict security and
compliance controls within the public cloud services infrastructure.
Evident is a security information and event management system that can be
deployed on any web services (AWS, Azure, or Google Cloud) and provides real-time
analysis of security alerts generated by applications and network hardware.
Evident provides visibility by analyzing patterns of communication in the cloud
infrastructure space and continuously scanning for threat events.
Evident provides continuous monitoring and gives administrators full visibility into
configuration and user behavior with automated policy enforcement.

Mark for follow up

Question 9 of 20.

How frequently are WildFire® updates about previously unknown files delivered from
the cloud to customers with a WildFire subscription?
every 60 minutes
every day
every 30 minutes
every 5 minutes
every 15 minutes

Mark for follow up

Question 10 of 20.

What are five benefits of Palo Alto Networks next-generation firewalls? (Choose five.)
predictable throughput
seamless integration with the WildFire® Threat Intelligence Cloud
convenient configuration wizard
easy-to-use GUI that is the same on all models
identical security features on all models
feature-specific modular hardware
comprehensive security platform designed to scale functionality over time

Mark for follow up

Question 11 of 20.

Which statement is true about how WildFire® scans files for viruses, malware, and
For WildFire to be most effective, you need to deploy a WF-500 appliance to get
the full benefits of WildFire threat intelligence scanning.
The firewall must have a WildFire Analysis Profile rule attached to a Security
policy rule that will scan files for viruses, malware, and spyware.
The firewall must have policy rules in place before it can forward the questionable
file to WildFire, where the file is analyzed for zero-day malware.
A WildFire Analysis Profile needs to be set to define which files to forward to the
WildFire cloud to trigger inspection for zero-day malware.

Mark for follow up

Question 12 of 20.

What are the three main benefits of WildFire®? (Choose three.)

Signatures for identified malware quickly are distributed globally to all Palo Alto
Networks customers' firewalls.
Because a Palo Alto Networks proprietary cloud-based architecture is used,
quarantine holds on suspicious files typically are reduced to fewer than 30 seconds.
It gathers information from possible threats detected by next-generation firewalls,
endpoints, and Aperture.
It uses a sandboxing environment that can detect malware by analyzing the
behavior of unknown files.
By collecting and distributing malware signatures from every major antivirus
vendor, it can provide comprehensive protection.

Mark for follow up

Question 13 of 20.

What are three subscriptions for the next-generation firewall? (Choose three.)
URL Filtering
SSL Decryption
Threat Prevention
Mark for follow up

Question 14 of 20.

True or false: Antivirus inspection is proxy-based.

Mark for follow up

Question 15 of 20.

Which three features would prevent a successful attempt during the exfiltration stage of
the attack chain? (Choose three.)
URL filtering
file blocking
DNS monitoring and sinkholing

Mark for follow up

Question 16 of 20.

What is the main role of GlobalProtect?

sandbox files on the Threat Intelligence Cloud
categorize URLs
look for malware on the endpoint
extend protections and policies to endpoints

Mark for follow up

Question 17 of 20.
Which option is not a factor impacting sizing decisions?
number of policy rules
number of applications

Mark for follow up

Question 18 of 20.

True or false: Content-ID technology combines results from WildFire® analysis with
administrator-defined policies to inspect and control content traversing the firewall,
using data-loss prevention techniques in a single, unified engine.
Mark for follow up

Question 19 of 20.

How can you extend WildFire® analysis resources to a WildFire hybrid cloud?
Configure a WildFire private cloud to forward files directly to the WildFire hybrid
cloud for analysis of less sensitive or unsupported file types.
Configure the firewall to continue to forward sensitive files to your WildFire
private cloud for Local Analysis and to forward less sensitive or unsupported file types
to the WildFire public cloud.
Combine the WildFire public cloud with the Traps Management Service, the cloud
protection solution to monitor all endpoints.
Configure another firewall in between the hybrid cloud and the main firewall that
forwards files to the WildFire cloud, making sure that the firewall in the middle is using
port 443 for file submissions.

Mark for follow up

Question 20 of 20.
Which type of security does Aperture provide?
provides visibility into recently occurring threats, and shows how to block those
simplifies workflows to create and enforce new application controls, and analyzes
critical threat events for those applications
allows you to connect directly to SaaS applications to provide data classification
and threat detection to secure and manage sanctioned applications
serves as a policy enhancement on the Palo Alto Networks firewall that provides
visibility into applications and control of those applications
shows which users are running which applications, and provides a method for
controlling application access by user

Mark for follow up