PCNSEcode

<!
DOCTYPE html>
<html id="html" lang="en">
<head>
<base href="https://www.studyblue.com/notes/note/n/pcnse-exam/deck/21872893">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<meta http-equiv="Content-Language" content="en" />
<meta name="gwt:property" content="locale=en"/>
<meta name="p:domain_verify" content="d845353cca77c4c2b5b755a203ac7cd3"/>
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="description" content="Study 257 PCNSE Exam flashcards from Jarrod
C. on StudyBlue." />
<meta name="robots" content="noarchive" />
<link rel="canonical"
href="https://www.studyblue.com/notes/note/n/pcnse-exam/deck/21872893" />
<title>PCNSE Exam - Information And Communications Technology 3365
with Larsen at University of Houston - main campus - StudyBlue</title>
<link href="https://fonts.googleapis.com/css?
family=Open+Sans:300,300i,400,600i,700|Roboto+Slab:300,400,700" rel="stylesheet"/>
<link rel="icon" type="image/png" href="/css/images/favicon.ico"/>

<link rel="publisher" href="https://plus.google.com/106931667057394274411"/>
<link rel="stylesheet" type="text/css"

href="https://webassets.studyblue.com/static/bundle/loggedOut.50916b8a0ef40a185b1a2
24275812ea4.css">
<meta id="fbAppIdProd" property="fb:app_id" content="102540830008"/>

<meta property="fb:page_id" content="394091897601229"/>
<meta property="og:title" content="PCNSE Exam - Information And Communications

Technology 3365 with Larsen at University of Houston - main campus - StudyBlue"/>
<meta property="og:type" content="studyblue:deck"/>
<meta property="og:description" content="Study 257 PCNSE Exam flashcards from
Jarrod C. on StudyBlue."/>
<meta property="og:url" content="https://www.studyblue.com/notes/note/n/pcnse-
exam/deck/21872893"/>
<meta property="og:image"
content="https://classconnection.s3.amazonaws.com/images/fb-og-deck.png"/>
<meta property="og:site_name" content="STUDYBLUE"/>
<meta name="twitter:card" content="summary">
<meta name="twitter:site" content="STUDYBLUE">
<meta name="twitter:title" content="PCNSE Exam - Information And Communications
Technology 3365 with Larsen at University of Houston - main campus - StudyBlue">
<meta name="twitter:description" content="Study 257 PCNSE Exam flashcards from
Jarrod C. on StudyBlue.">
<meta name="twitter:image:src"
content="https://classconnection.s3.amazonaws.com/images/fb-og-deck.png"> <meta
name="google-signin-client_id" content="920620781276-
0v3id9j00581f6alu69u2jhh2rfhds3a.apps.googleusercontent.com">
<script src="https://apis.google.com/js/api:client.js" defer></script>
<script src="https://google-analytics.com/u/ga.js"
type="text/javascript" defer></script>
<script type="text/javascript">
SB = window.SB || {};
SB.Shared = SB.Shared || {};
SB.Shared.version = "13.1.2";
SB.Shared.application = "WEB";
SB.apikey = "3muf0ubj3w";
SB.openapi = 'https://openapi.studyblue.com';
SB.userId = '${userId}';
document.cookie = "sb-Application="+SB.Shared.application;
document.cookie = "sb-AppVersion="+SB.Shared.version;
</script>

<script src="https://cdn.optimizely.com/js/3769074003.js"></script>


<script>
var googletag = googletag || {};
googletag.cmd = googletag.cmd || [];
(function() {
var gads = document.createElement("script");
gads.async = true;
gads.type = "text/javascript";
var useSSL = "https:" == document.location.protocol;
gads.src = (useSSL ? "https:" : "http:") +
"//www.googletagservices.com/tag/js/gpt.js";
var node =document.getElementsByTagName("script")[0];
node.parentNode.insertBefore(gads, node);
})();
</script></head><body class="seo-page" xmlns="http://www.w3.org/1999/html">


<script>
dataLayer = [];
</script>
<noscript><iframe src="//www.googletagmanager.com/ns.html?id=GTM-ND6MLJ" height="0"
width="0" style="display:none;visibility:hidden"></iframe></noscript>
<script>
(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'//www.googletagmanager.com/gtm.js?
id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-ND6MLJ');
</script>
 <script>
function toggleMenuOverlay() {
if($(".mobile_menu").hasClass("flex_display")){
$('.mobile_menu').removeClass("flex_display");
$("#overlay").hide();
}
else{
$("#overlay").show();
//minimize search if it is open
const navBar = document.getElementById("main-nav");
if(navBar !== 'undefined'){
navBar.classList.remove('is-search-activated');
}
document.getElementById("mainnav-search").classList.remove("search-box-
clicked");
document.getElementById("mainnav-search").classList.add("search-box");
$('.mobile_menu').addClass("flex_display");
}
}
function showTopFlashcards(){
$('.menu-list').hide();
$('.menu-list-expanded').show();
}
function showMenuItems(){
$('.menu-list').show();
$('.menu-list-expanded').hide();
}
function recordOutboundLink(action) {
try {
var _gaq = _gaq || [];
var gaAccount = (window.location.host.indexOf('127.0.0.1') > -1 ||
window.location.host.indexOf('localhost') > -1 ||
window.location.host.indexOf('staging.studyblue.com') > -1 ||
window.location.host.indexOf('dev.studyblue.com') > -1) ? gaAccount = "UA-2252691-
5" : gaAccount = "UA-2252691-6";
_gaq.push(['_setAccount', gaAccount]);
_gaq.push(['_trackEvent', 'outbound_links', action]);
// Prefer the new Adjust attribution

setTimeout(function() {
document.location = "https://asu36.app.goo.gl?link=http%3A%2F
%2Fwww.studyblue.com%2Fnotes%2Fnote%2Fn%2Fpcnse-exam%2Fdeck
%2F21872893&utm_campaign=seopages";
}, 100);
} catch (err) {
}
}
</script>
<header>
<div class="js-main-nav is-standard" id="main-nav">
<div class="main-nav__content js-main-nav__content">
<div id="menuToggle" class="main-nav__hamburger main-nav__menu-item--
tab">
<img class="hamburger-logo" id="hamburgerMenu"
src="/static/html5/images/icon-menu.svg" alt="Hamburger logo"
onClick="toggleMenuOverlay()"/>
<ul class="mobile_menu">
<div class="menu-list">
<div class="seo-navbar-dropdownList__listItem"
onClick="showTopFlashcards()">
<p class="menu-list-flashcards">Flashcards</p>
<i class="right-arrow"></i>
</div>
<li><button class="home-nav-link _sbbutton--orange"
id="sidebar-sign-up">Sign Up</button></li>
<li><button class="home-nav-link sbbutton--secondary sign-in"
id="sidebar-sign-in">Log In</button></li>
<hr>
<div class="main-nav__list-item-logo-container js-main-
nav__list-item-logo-container">
<div>
<a
href="https://itunes.apple.com/us/app/studyblue/id323887414" target="_blank">
<img class="main-nav__list-item-logo"
src="/static/html5/images/app-store-image.svg" alt="App Store logo"
onClick="_gaq.push(['_trackEvent',
'app_store_apple', 'mobile_app_primary_click'])"/>
</a>
</div>
<div>
<a
href="https://play.google.com/store/apps/details?id=com.studyblue" target="_blank">
<img class="main-nav__list-item-logo"
src="/static/html5/images/Google-play-image.svg" alt="Play Store logo"
onClick="_gaq.push(['_trackEvent',
'app_store_android', 'mobile_app_primary_click'])"/>
</a>
</div>
</div>
</div>
<div class="menu-list-expanded">
<div class = "seo-navbar-backListItem">
<div class="seo-navbar-dropdownList__listItem"
onClick="showMenuItems()">
<i class="left-arrow"></i>
<p>Back</p>
</div>
<p class="flashcards">Flashcards</p>
</div>
<div class = "seo-navbar-dropdownList__text">
<p>Find study materials for any course. Check these
out:</p>
</div>
<div class = "seo-navbar-dropdownList__listItem">
<a href="/notes/note/n/food-production/deck/21056989">
<img class = "seo-navbar-dropdownList-icon"
src="/static/html5/images/departmentPageHeader/dpt-icons_biology.svg" alt="biology-
icon">
<p class="seo-navbar-dropdownList-subject">Food
Production</p>
</a>
</div>
<a href="/notes/note/n/essential-german-
verbs/deck/21056941">
src="/static/html5/images/departmentPageHeader/dpt-icons_languages.svg"
alt="languages-icon">
<p class="seo-navbar-dropdownList-subject">Essential German
Verbs</p>
</a>
</div>
<a href="/notes/note/n/nursing-ethics/deck/21056967">
src="/static/html5/images/departmentPageHeader/dpt-icons_nursing.svg" alt="nursing-
icon">
<p class="seo-navbar-dropdownList-subject">Nursing
Ethics</p>
</a>
</div>
<hr>
<a href="/notes">
<div id="browse_by_school" class = "seo-navbar-
dropdownList__listItem"
onClick="_gaq.push(['_trackEvent', 'header logged
out', 'click browse by school', ''])">
<img class = "seo-navbar-icon"
src="/static/html5/images/icons/grey/search-icon-grey.svg" alt="browse-school-
icon">
<p>Browse by school</p>
</div>
</a>
<div class = "make-your-own active_listItem seo-navbar-
dropdownList__purplelistItem"
onClick="_gaq.push(['_trackEvent', 'header logged
out', 'click make flashcards', ''])">
src="/static/html5/images/icons/grey/add-icon-grey.svg" alt="add-flashcard-icon">
<p>Make your own</p>
</div>
</div>
</ul>
</div>
<div id="main-nav__sb_logo" class="main-nav__logo js-main-nav__logo
main-nav__menu-item--tab">
<a href="/" onClick="_gaq.push(['_trackEvent', 'logged_out_header',
'logo']);">StudyBlue</a>
</div>
<div class="main_nav main-nav__left main-nav__menu-item">

<div class="main-nav__flashcards menu-item"><a href="/online-
flashcards">
Flashcards<i id="arrow" class="arrow"></i></a>
<div class = "seo-navbar-dropdownList__flashcard">
<div class = "seo-navbar-dropdownList__text">
<p>Find study materials for any course. Check these out:</p>
</div>
src="/static/html5/images/departmentPageHeader/dpt-icons_biology.svg" alt="biology-
icon">
<p class="seo-navbar-dropdownList-subject">Biology</p>
<div class = "navBarFlyOut" >
<div class="navBiologyFlyOut">
<div class="navBarFlyOut__image">
<img class="seo-navbar-dropdownList-image"
src="/static/html5/images/departmentPageHeader/nav_flashcards_biology.jpg"
alt="biology-image">
</div>
<div class="navBarFlyOut__cardsContainer">
<div class="navBarFlyOut__card">
<a href="/notes/note/n/food-production/deck/21056989">
<div class="navBarFlyOut__cardTitle">
<p>Food Production</p>
</div>
<div class = "navBarFlyOut__schoolCount">
<div class="navBarFlyOut__cardAuthor">
<p>Nathaniel F.</p>
</div>
<div class="navBarFlyOut__cardCount">
<p>27 cards</p>
</div>
</div>
<hr>
<hr>
</a>
</div>
<a href="/notes/note/n/the-cell-cycle/deck/21056990">
<p>The Cell Cycle</p>
</div>
<p>Dawson M.</p>
</div>
<p>12 cards</p>
</div>
</div>
<hr>
<hr>
</a>
</div>
<a href="/notes/note/n/anatomy-of-a-cell/deck/21056992">
<p>Anatomy of a Cell</p>
</div>
<p>Darby G.</p>
</div>
<p>15 cards</p>
</div>
</div>
<hr>
<hr>
</a>
</div>
<a href="/notes/note/n/biology-intro/deck/21056996">
<p>Biology Intro</p>
</div>
<p>Amy D.</p>
</div>
<p>28 cards</p>
</div>
</div>
<hr>
<hr>
</a>
</div>
</div>
</div> </div>
</div>
src="/static/html5/images/departmentPageHeader/dpt-icons_languages.svg"
alt="languages-icon">
<p class="seo-navbar-dropdownList-subject">Languages</p>
<div class="navLanguagesFlyOut">
src="/static/html5/images/departmentPageHeader/nav_flashcards_languages.jpg"
alt="language-image">
</div>
<a href="/notes/note/n/essential-german-verbs/deck/21056941">
<p>Essential German Verbs</p>
</div>
<p>Tyler B.</p>
</div>
<p>18 cards</p>
</div>
</div>
<hr>
<hr>
</a>
</div>
<a href="/notes/note/n/spanish-101/deck/21056945">
<p>Spanish 101</p>
</div>
<p>Emily P.</p>
</div>
<p>231 cards</p>
</div>
</div>
<hr>
<hr>
</a>
</div>
<a href="/notes/note/n/chinese-activities/deck/21056951">
<p>Chinese Activities</p>
</div>
<p>Taffy S.</p>
</div>
<p>11 cards</p>
</div>
</div>
<hr>
<hr>
</a>
</div>
<a href="/notes/note/n/faire-les-courses/deck/21056953">
<p>Faire les Courses</p>
</div>
<p>Ronnie L.</p>
</div>
<p>10 cards</p>
</div>
</div>
<hr>
<hr>
</a>
</div>
</div>
</div> </div>
</div>
src="/static/html5/images/departmentPageHeader/dpt-icons_nursing.svg" alt="nursing-
icon">
<p class="seo-navbar-dropdownList-subject">Nursing</p>
<div class="navNursingFlyOut">
src="/static/html5/images/departmentPageHeader/nav_flashcards_nursing.jpg"
alt="nursing-image">
</div>
<a href = "/notes/note/n/nursing-ethics/deck/21056967">
<p>Nursing Ethics</p>
</div>
<p>Emily H.</p>
</div>
<p>30 cards</p>
</div>
</div>
<hr>
<hr>
</a>
</div>
<a href = "/notes/note/n/respiratory-flashcards/deck/21056976">
<p>Respiratory Flashcards</p>
</div>
<p>Mary C.</p>
</div>
<p>116 cards</p>
</div>
</div>
<hr>
<hr>
</a>
</div>
<a href="/notes/note/n/elimination/deck/21056983">
<p>Elimination</p>
</div>
<p>Rachel L.</p>
</div>
<p>25 cards</p>
</div>
</div>
<hr>
<hr>
</a>
</div>
<a href="/notes/note/n/dermatology-fundamentals/deck/21056985">
<p>Dermatology Fundamentals</p>
</div>
<p>Elle B.</p>
</div>
<p>22 cards</p>
</div>
</div>
<hr>
<hr>
</a>
</div>
</div>
</div> </div>
</div>
<div class = "empty-div"></div>
<hr>
<a href="/notes">
<div id="browse_by_school" class = "seo-navbar-dropdownList__listItem"
onClick="_gaq.push(['_trackEvent', 'header logged out', 'click browse by
school', ''])">

src="/static/html5/images/icons/grey/search-icon-grey.svg" alt="browse-school-
icon">
<p>Browse by school</p>
</div>
</a>
<div class = "make-your-own active_listItem seo-navbar-
dropdownList__purplelistItem"
onClick="_gaq.push(['_trackEvent', 'header logged out', 'click make
flashcards', ''])">

<img class = "seo-navbar-icon" src="/static/html5/images/icons/grey/add-
icon-grey.svg" alt="add-flashcard-icon">
<p>Make your own</p>
</div>
</div> </div>
</div>
<div class="main-nav__right">
<div class="mainnav-search__search-box">
<div id="mainnav-search" class="search-box" role="button" tabindex="0" aria-
label="search school">
<div id="main-nav__search-school"></div>
</div>
</div>
<div class="mobile-search-overlay">
<div class="mobile-search-title">Where do you go to school?</div>
<div id="main-nav__mobile-search-school"></div>
<div class="js-search-button search-button _sbbutton--orange">Search</div>
</div>
window.addEventListener('load', function () {
var baseURL = "https://www.studyblue.com/notes/note/n/pcnse-
exam/deck/21872893";
var url = SB.openapi;
var schoolNetworkKey,
classNetworkKey,
schoolName,
className;
$('#main-nav__search-class input').prop('disabled', true);

$('#slideup-banner__search-class input').prop('disabled', true);
$('#main-nav__mobile-search-class input').prop('disabled', true);
$('.mainnav-search__single-input').click(function(e) {
$('.search-box').css('display', 'inline-flex');
$('.mainnav-search__search-box .class-search-icon').css('display',
'inline-block');
$('#main-nav__search-school .react-autosuggest__input').focus();
});
$('.logged-out-main').mousedown(function(){
// remove overlay
$(".overlay").hide();
//show react input
clicked");
//Activate search by expanding input field
navBar.classList.remove('is-search-activated');
}
$('.mobile_menu').removeClass("flex_display");
});
$('.js-search-header').click(function() {
// Disable click on search icon in single search box
if($('header.mobile').length > 0) {
$('.js-search-header').toggleClass('hide');
if($('.mobile-search-overlay').css('display') == 'none') {
$('.mobile-search-overlay').show();
} else {
$('.mobile-search-overlay').hide();
}
}
});
$('#main-nav__search-school input').on('input', function(event) {

var text = $('#main-nav__search-school input').val();
//Remove error class

$('#main-nav__search-school input').removeClass("_sb-input__error");
// Reset Class Id
sessionStorage.removeItem("sb-search-class-key");
if (text.length <= 2) {
//Clear contents of class input field and disable it
$('#main-nav__search-class input').val('');
$('#main-nav__search-class input').prop("disabled", true);
}
if (text.length >= 3) {
//Enable class input field
$('#main-nav__search-class input').prop("disabled", false);
}
});
$('#slideup-banner__search-school input').on('input', function(event) {

var text = $('#slideup-banner__search-school input').val();

$('#slideup-banner__search-school input').removeClass("_sb-
input__error");
// Reset Class Id
$('#slideup-banner__search-class input').val('');
$('#slideup-banner__search-class input').prop("disabled", true);
}
$('#slideup-banner__search-class input').prop("disabled", false);
}
});
$('#main-nav__mobile-search-school input').on('input', function(event) {

var text = $('#main-nav__mobile-search-school input').val();

$('#main-nav__mobile-search-school input').removeClass("_sb-
input__error");
// Reset Class Id
$('#main-nav__mobile-search-class input').val('');
$('#main-nav__mobile-search-class input').prop("disabled", true);
}
$('#main-nav__mobile-search-class input').prop("disabled", false);
}
});
$('.js-search-button').click(function(e) {
let searchFromSlideupBanner = false;
if($(e.target).hasClass('search-logo')) {
searchFromSlideupBanner = true;
}
completeSearch(searchFromSlideupBanner);
});
function completeSearch(searchFromSlideupBanner) {
const schoolName = $('#main-nav__search-school input').val() || $
('#slideup-banner__search-school input').val() || $('#main-nav__mobile-search-
school input').val();
const className = $('#main-nav__search-class input').val() || $
('#slideup-banner__search-class input').val() || $('#main-nav__mobile-search-class
input').val();
const schoolId = sessionStorage.getItem("sb-search-school-key");
const classId = sessionStorage.getItem("sb-search-class-key");
//GA Tracking
if (searchFromSlideupBanner) {
let eventLabel = "";
if (schoolName) {
eventLabel += schoolName + ", ";
}
if (className) {
eventLabel += className;
}
_gaq.push(['_trackEvent', 'slider logged out', 'click search
button', eventLabel]);
} else {
_gaq.push(['_trackEvent', 'header logged out', 'click search
button', schoolName + ", " + schoolId]);
}
let searchUrlRedirect;
// Case I: No entry in school input field or field cleared

if (!schoolName) {
if(searchFromSlideupBanner){
$('#main-nav__search-school input').addClass('_sb-
input__error');
$('#slideup-banner__search-school input').addClass('_sb-
input__error');
$('#main-nav__mobile-search-school input').addClass('_sb-
input__error');
}
else{
return;
}
}
else {
if (schoolId && classId) {
// Case II: User clears class input field before hitting search
if (!className) {
searchUrlRedirect = "/notes/state/" +
encodeNameForURL(schoolName) + "/" + schoolId;
} else {
// Case III: User selects school and class
// https://www.studyblue.com/notes/university-of-wisconsin-
madison/c/biology-100/915289/0
searchUrlRedirect = "/notes/" +
encodeNameForURL(schoolName) + "/c/" + encodeNameForURL(className) + "/" + classId
+ "/0";
}
window.location.href = searchUrlRedirect;
} else if (schoolId) {
//Case IV: User selects only schoolId
searchUrlRedirect = "/notes/state/" +
encodeNameForURL(schoolName) + "/" + schoolId;
window.location.href = searchUrlRedirect;
}
else {
if(searchFromSlideupBanner){
$('#main-nav__search-school input').addClass('_sb-
input__error');
$('#slideup-banner__search-school input').addClass('_sb-
input__error');
$('#main-nav__mobile-search-school input').addClass('_sb-
input__error');
}
else{
return;
}
}
}
}
function encodeNameForURL(name) {
var formatted = name.toLowerCase().split(" ").join("-");
formatted = formatted.replace("---", "-");
formatted = formatted.replace("--", "-");
return formatted;
}
});
document.getElementsByClassName("mainnav-search__search-box")
[0].addEventListener ("click", activateSearchOnMobile, false);
function activateSearchOnMobile(e){
// add overlay
$(".overlay").show();
//hide hamburger menu if it is open
$(".mobile_menu").removeClass("flex_display");
//show react input
document.getElementById("mainnav-search").classList.add("search-box-
clicked");
document.getElementById("mainnav-search").classList.remove("search-box");
//Activate search by expanding input field
navBar.classList.add('is-search-activated');
}
//Add GA tracking
_gaq.push(['_trackEvent', 'header logged out', 'click search input', '']);
}
</script> <button class="home-nav-link sign-in"
id="sign-in">Log In</button>
<button class="home-nav-link " id="sign-up">Sign Up</button>
</div>
</div>
</div>
</header>
<div class="logged-out-main">
<div class="modal-wrapper" style="display: none">
<div class="modal modal__suli">
<div class="close modal__close" tabindex="1"></div>
<p class="modal-title"></p>
<div class="modal-suli__main">
<div class="suli-login" style="display: none;">
<button id="google-login-button" tabindex="1" type="button" class="js-suli-
google button-suli suli__google">
<svg class="svg-google">
<use xlink:href="#svg-google"/>
</svg>
Continue with Google
</button>
<p class="hide error__popup-google js-error__popup-google-login">
To login with Google, please enable popups
</p>
<button tabindex="2" type="button" class="js-suli-facebook button-suli
suli__facebook login-facebook hide" id="facebook-login-button">
<svg class="svg-facebook">
<use xlink:href="#svg-facebook"/>
</svg>
Continue with Facebook
</button>
<p class="hide error__popup-facebook js-error__popup-facebook-login">
To login with Google, please enable popups
</p>
<p class="divider">or</p>
<form class="suli-email__form">
<fieldset>
<label for="login-address">
<p class="modal-form__label">Email</p>
<input type="email" id="login-address"
placeholder="name@example.com" tabindex="3" />
<p class="error error-login-email hide" id="error-email-
msg"></p>
</label>
<label for="login-password">
<p class="modal-form__label">Password</p>
<input type="password" id="login-password" placeholder="Enter a
password" tabindex="4" />
<p class="error error-login-password hide" id="error-password-
msg"></p>
</label>
<div class="login-opts">
<input type="checkbox" id="remember-me" tabindex="5" />
<label id="remember-me-label" class="modal-
form__label">Remember me</label>
<p class="link" id="forgot-pass-link" tabindex="6" >Forgot your
password?</p>
</div>
<button type="button" id="login-submit" class="button-suli
suli__go" tabindex="7">Log in</button>
</fieldset>
</form>
<p class="suli-switch">Don’t have an account? <span class="link
switch-link" id="login-switch-link" tabindex="8">Sign up</span></p>
</div>
<div class="suli-signup suli-signup__opts" style="display: none;">
<button type="button" class="js-suli-google button-suli suli__google
signup-google" id="google-signup-button" tabindex="1">
<svg class="svg-google">
<use xlink:href="#svg-google"/>
</svg>
Continue with Google
</button>
<p class="hide error__popup-google js-error__popup-google-signup">
To signup with Google, please enable popups
</p>
<button type="button" class="js-suli-facebook button-suli suli__facebook"
id="facebook-signup-button" tabindex="2">
<svg class="svg-facebook">
<use xlink:href="#svg-facebook"/>
</svg>
Continue with Facebook
</button>
<p class="hide error__popup-facebook js-error__popup-facebook-signup">
To signup with Google, please enable popups
</p>
<button type="button" class="js-signup-email suli__email" tabindex="3"
id="email-signup">
Sign up with Email
</button>
</div>
<div class="suli-signup suli-signup__email" style="display: none;">
<p class="modal-text">Sign up with <span class="link js-suli-google signup-
google" tabindex="4" id="google-signup-link">Google</span> or <span class="link js-
suli-facebook signup-facebook" id="facebook-signup-link"
tabindex="5">Facebook</span></p>
<form class="suli-email__form">
<fieldset>
<label for="email-firstname">
<p class="modal-form__label">Name</p>
</label>
<input type="text" id="email-firstname" placeholder="First Name"
tabindex="6" />
<input type="text" id="email-lastname" placeholder="Last Name"
tabindex="7" />
<p class="error error-firstname hide"></p>
<p class="error error-lastname hide"></p>
<label for="email-address">
<p class="modal-form__label">Email</p>
</label>
<input type="email" id="email-address"
placeholder="name@example.com" tabindex="8"/>
<p class="error error-email hide"></p>
<label for="email-password">
<p class="modal-form__label">Password</p>
</label>
<input type="password" id="email-password" placeholder="Enter a
password" tabindex="9"/>
<p class="error error-password hide"></p>
<div>
<div class="label__with-tip">
<p class="modal-form__label">Birthday</p>
<div class="hover-tip" tabindex="10">
?
<p class="hover-tip__text">To sign up you must be 13 or
older. Other people won’t see your birthday.</p>
</div>
</div>
<div class="form-birthday">
<div class="email-month">
<select id="email-month" tabindex="11">
<option disabled selected>Month</option>
<option value="01">January</option>
<option value="02">February</option>
<option value="03">March</option>
<option value="04">April</option>
<option value="05">May</option>
<option value="06">June</option>
<option value="07">July</option>
<option value="08">August</option>
<option value="09">September</option>
<option value="10">October</option>
<option value="11">November</option>
<option value="12">December</option>
</select>
</div>
<div class="email-date">
<select id="email-date" tabindex="12">
<option disabled selected>Day</option>
<option value="01">1</option><option
value="02">2</option><option value="03">3</option><option
value="30">30</option><option value="31">31</option>
</select>
</div>
<div class="email-year">
<select id="email-year" tabindex="13">
<option disabled selected>Year</option>

</select>
</div>
</div>
<p class="error error-birthday hide"></p>
</div>
<button type="button" id="signup-submit" class="button-suli
suli__go" tabindex="16">Sign up</button>
</fieldset>
</form>
</div>
<div class="suli-message" style="display: none;">
<p class="modal-text sm__modal-text"></p>
<label class="js-message__label" style="display: none;">
<p class="modal-form__label"></p>
<input type="email" name="message-input"/>
<p class="error error-message hide"></p>
</label>
<label class="js-message__label-a" style="display: none;">
<p class="modal-form__label"></p>
<input type="email" name="message-input-a"/>
</label>
<button type="button" class="js-suli-message button-suli suli__go"
id="email-login">Log in</button>
</div>
<div class="suli-signup__footer">
<p class="legal">By signing up I agree to StudyBlue's</p>
<p class="legal">
<a id="terms" href="http://www.studyblue.com/about/legal/terms/"
tabindex="17">Terms of Use</a> and
<a id="privacy" href="http://www.studyblue.com/about/legal/privacy/"
tabindex="18">Privacy Policy</a>
</p>
<p class="separator"></p>
<p class="suli-switch">Already have an account? <span class="link switch-
link" id="signup-switch-link" tabindex="19">Log in</span></p>
</div>
<svg id="svg-icons-social" style="display: none">
<defs>
<symbol id="svg-email" viewBox="0 0 24 16"
xmlns="http://www.w3.org/2000/svg">
<rect x="0.705882353" y="1.39130435" width="22.5882353"
height="14.6086957"></rect>
<path d="M0.7 0.8 L12.5 12.5 L23.2 0.9"></path>
</symbol>
<symbol id="svg-facebook" xmlns="http://www.w3.org/2000/svg" viewBox="0 0
266.89 266.89">
<path style="fill:#fff;"
d="M184.15,266.89V163.54h34.69L224,123.26H184.15V97.54c0-11.66,3.24-19.61,20-
19.61h21.33v-36a285.42,285.42,0,0,0-31.08-1.59c-30.75,0-51.81,18.77-
51.81,53.24v29.71H107.77v40.28h34.78V266.89h41.6Z" />
</symbol>
<symbol id="svg-google" xmlns="http://www.w3.org/2000/svg" viewBox="-1 0
17.5 18">
<path transform="translate(7.75 7.45)" fill="#4285F4" d="M 8.64
1.84091C 8.64 1.20273 8.58273 0.589091 8.47636 1.33683e-07L 0 1.33683e-07L 0
3.48136L 4.84364 3.48136C 4.635 4.60636 4.00091 5.55954 3.04773 6.19773L 3.04773
8.45591L 5.95636 8.45591C 7.65818 6.88909 8.64 4.58182 8.64 1.84091Z"/>
<path id="green" transform="translate(-0.05 10.6)" fill="#34A853" d="M
8.04273 7.29C 10.4727 7.29 12.51 6.48409 13.9991 5.10955L 11.0905 2.85136C 10.2845
3.39136 9.25364 3.71045 8.04273 3.71045C 5.69864 3.71045 3.71455 2.12727 3.00682
3.8147e-08L -1.8584e-08 3.8147e-08L -1.8584e-08 2.33182C 1.48091 5.27318 4.52455
7.29 8.04273 7.29Z"/>
<path transform="translate(-0.95 4.95)" fill="#FBBC05" d="M 3.96409
5.75182C 3.78409 5.21182 3.68182 4.635 3.68182 4.04182C 3.68182 3.44864 3.78409
2.87182 3.96409 2.33182L 3.96409 3.80627e-08L 0.957273 3.80627e-08C 0.347727 1.215
0 2.58955 0 4.04182C 0 5.49409 0.347727 6.86864 0.957273 8.08364L 3.96409
5.75182Z"/>
<path transform="translate(0 0)" fill="#EA4335" d="M 8.04273 3.57955C
9.36409 3.57955 10.5505 4.03364 11.4832 4.92545L 14.0645 2.34409C 12.5059 0.891818
10.4686 0 8.04273 0C 4.52455 0 1.48091 2.01682 -1.8584e-08 4.95818L 3.00682 7.29C
3.71455 5.16273 5.69864 3.57955 8.04273 3.57955Z"/>
</symbol>
</defs>
</svg></div>
</div>
</div> <div id="overlay" class="overlay" onclick="overlayOff()"></div>
<script type="application/ld+json">
{
"@context": "http://schema.org",
"@type": "WebPage",
"breadcrumb": {
"@type": "BreadcrumbList",
"itemListElement": [
{
"@type": "ListItem",
"position": 1,
"item": {
"@id": "https://www.studyblue.com/",
"name": "StudyBlue"
}
},
{
"position": 2,
"item": {
"@type": "WebPage",
"@id": "https://www.studyblue.com/notes/texas-schools/us/tx",
"name": "Texas"
}
},
{
"position": 3,
"item": {
"@type": "WebPage",
"@id": "https://www.studyblue.com/notes/texas/university-of-
houston-main-campus/1638",
"name": "University of Houston - main campus"
}
},
{
"position": 4,
"item": {
"@type": "WebPage",
"@id": "https://www.studyblue.com/notes/university-of-houston-
main-campus/d/information-and-communications-technology/1638/629",
"name": "Information And Communications Technology"
}
},
{
"position": 5,
"item": {
"@type": "WebPage",
main-campus/c/information-and-communications-technology-3365/179944/0",
"name": "Information And Communications Technology 3365"
}
},
{
"position": 6,
"item": {
"@type": "WebPage",
main-campus/larsen-professor/2575159/0",
"name": "Larsen"
}
},
{
"position": 7,
"item": {
"@id": "Pcnse Exam",
"name": "Pcnse Exam"
}
}
]
}
}
</script>
window.proForAll = false;
window.proForAll = true;
function displayGoogleAd(adUnit, w, h, id, targets ) {
googletag.cmd.push(function() {
var networkID = 4648849; //4423646;
var s = "/" + networkID + "/" + adUnit;
var size = new Array(w, h);
var ad = googletag.defineSlot(s, size, id);

ad.addService(googletag.pubads());
for(var key in targets) {

if(targets.hasOwnProperty(key)) {
ad.setTargeting(key, targets[key]);
}
}
googletag.enableServices();
googletag.display(id);
});
}
</script>


var targets = {};
targets.logged_in_status = "loggedout";
targets.school_name = "University of Houston - main campus";
targets.course = "Information And Communications
Technology";
targets.state = "TX";
targets.course_level = "3365";
</script>
<main>
<section class="content-block content-block-title">
<div id="deck-preview-toolbar" class="toolbar js-deck-preview-toolbar js-
toolbar without-percent">
<div id="deck-preview-toolbar__content-wrap" class="toolbar__content-
wrap">
<div id="deck-preview-toolbar__left" class="toolbar__left">
<div id="deck-preview-toolbar__text-wrap" class="toolbar__text-
wrap">
<div id="deck-preview__rename-hover-wrap" class="is-
disabled">
<h1 id="deck-preview-toolbar__title"
class="toolbar__title rename__title js-deck-title">
<span>Pcnse
Exam</span> </h1>
</div>
</div>
</div>
<div id="deck-preview-toolbar__right" class="toolbar__right">

<div id="deck-preview-toolbar__reminder" class="toolbar__menu-
item sbbutton sbbutton--transparent has-sbtooltip-hovered js-button-join">
<span class="moreMenuToggle">
<span class="moreMenuToggle__slidebar"></span>
<span class="moreMenuToggle__circle"></span>
</span>
<div class="dropdown-toggle
sbtooltip__toggle">Reminder</div>
</div>
<div id="deck-preview-toolbar__copy" class="toolbar__menu-item
sbbutton sbbutton--transparent has-sbtooltip-hovered js-button-join">
<div class="dropdown-toggle sbtooltip__toggle" data-
toggle="dropdown">Edit a Copy</div>
</div>
<div id="deck-preview-toolbar__study" class="toolbar__menu-item
sbbutton sbbutton--primary js-button-join" onClick="_gaq.push(['_trackEvent',
'header_logged_out', 'click study flashcards'])">Study these flashcards</div>
</div>
</div>
</div>
</section>
<section class="content-block content-block-body">

<div class="wrap-container clearfix">
<div class="seo-deck__breadcrumb--container">
<ol class="breadcrumb clearfix seo-deck__breadcrumb">
<li>
<a href="/notes/texas-schools/us/tx">
<span>Texas</span>
</a>
</li>
<li>
<a href="/notes/texas/university-of-houston-main-
campus/1638">
<span>University of Houston - main
campus</span>
</a>
</li>
<li>
<a href="/notes/university-of-houston-main-
campus/d/information-and-communications-technology/1638/629">
<span>Information And Communications
Technology</span>
</a>
</li>
<li>
campus/c/information-and-communications-technology-3365/179944/0">
<span>Information And Communications Technology
3365</span>
</a>
</li>
<li>
campus/larsen-professor/2575159/0">
<span>Larsen</span>
</a>
</li>
<li> Pcnse Exam</li>

</ol>
<div class="seo-deck__card-info-container">
<div class="card-info-section
container__margin--right">
<div class="container__margin--right">
<img
class="card-info-image" src="https://lh5.googleusercontent.com/-
v767a7pAyyg/AAAAAAAAAAI/AAAAAAAAADM/xtUcWku2qZQ/photo.jpg" />
</div>
<div>
<span class="card-info-title">
Jarrod C.
</span>
</div>
</div>
<div class="seo-
deck__card-info-icon-container">
<div class="card-info-icon">
• 257
</div>
<span class="card-info-icon"> cards</span>
</div>
</div>
</div>
<div id="js-card-container" class="card-container">
<div class="clearfix" id="subnav-wrap">
<div class="seo-deck__cards-rail-container" id="cards-rail-
container">
<div class="seo__left-rail-container" id="left-rail">
<div class="content-wrap card-columns slide-up-banner-
eligible" id="cards">
<div class="card js-button-join" id="card1" onClick="_gaq.push(['_trackEvent',

'seo', 'preview_card_click'])">
<div class="card-wrapper">
<div class="front">
<div class="side side-text">

<div class="text text-
small">1 Which operation will impact the performance of the management plane?
<div>A. WildFire Submissions </div><div>B. DoS Protection </div><div>C. decrypting
SSL Sessions </div><div>D. Generating a SaaS Application Report.</div></div>
</div>
</div> 

<div class="back">

small">Answer: C</div>
</div>
</div> 

</div>
</div> 
<div
class="card js-button-join" id="card2" onClick="_gaq.push(['_trackEvent', 'seo',
'preview_card_click'])">
<div class="front">

small">2 An administrator has configured the Palo Alto Networks NGFW's management
interface to connect to the internet through a dedicated path that does not
traverse back through the NGFW itself. <div>Which configuration setting or step
will allow the firewall to get automatic application signature updates?
</div><div>A. A scheduler will need to be configured for application signatures.
</div><div>B. A Security policy rule will need to be configured to allow the update
requests from the firewall to the update servers. </div><div>C. A Threat Prevention
license will need to be installed. </div><div>D. A service route will need to be
configured.</div></div>
</div>

<div class="back">

small">Answer: D
<div><br></div></div>
</div>

</div>
<div
<div class="front">

small">3 A company has a policy that denies all applications it classifies as bad
and permits only application it classifies as good. The firewall administrator
created the following security policy on the company's firewall.<div><br><div>Which
interface configuration will accept specific VLAN IDs?</div><div>Which two benefits
are gained from having both rule 2 and rule 3 presents? (choose
two)</div><div><br></div><div>A. A report can be created that identifies
unclassified traffic on the network.</div><div>B. Different security profiles can
be applied to traffic matching rules 2 and 3.</div><div>C. Rule 2 and 3 apply to
traffic on different ports.</div><div>D. Separate Log Forwarding profiles can be
applied to rules 2 and 3.</div><div><br></div></div></div>
</div>

<div class="back">

small">Answer: B D
</div>

</div>
<div
<div class="front">

small">4 Which two interface types can be used when configuring GlobalProtect
Portal?(Choose two)<div>A. Virtual Wire</div><div>B. Loopback</div><div>C. Layer
3</div><div>D. Tunnel"</div><div><br></div></div>
</div>

<div class="back">

small">Answer: B C
</div>
</div>

</div>
<div
<div class="front">

small">6 An administrator has created an SSL Decryption policy rule that decrypts
SSL sessions on any port. Which log entry can the administrator use to verify that
sessions are being decrypted?
<div><br><div>A. In the details of the Traffic log entries
</div><div>B. Decryption log
</div><div>C. Data Filtering log
</div><div>D. In the details of the Threat log entries
</div><div><br></div></div></div>
</div>

<div class="back">

small">Answer: A
</div>

</div>
<div
<div class="front">

small">10 Refer to the exhibit.A web server in the DMZ is being mapped to a public
address through DNAT.Which Security policy rule will allow traffic to flow to the
web server?<div><br></div><div>A. Untrust (any) to Untrust (10. 1.1. 100), web
browsing - Allow</div><div>B. Untrust (any) to Untrust (1. 1. 1. 100), web browsing
- Allow</div><div>C. Untrust (any) to DMZ (1. 1. 1. 100), web browsing -
Allow</div><div>D. Untrust (any) to DMZ (10. 1. 1. 100), web browsing -
Allow</div></div>
</div>

<div class="back">

small">Answer: B</div>
</div>

</div>
<div
<div class="front">

small">11 In High Availability, which information is transferred via the HA data
link?<div><br></div><div>A. session information</div><div>B.
heartbeats</div><div>C. HA state information</div><div>D. User-ID
information</div></div>
</div>

<div class="back">

small">Answer: A</div>
</div>

</div>
<div
<div class="front">
small">5 Site-A and Site-B need to use IKEv2 to establish a VPN connection. Site A
connects directly to the internet using a public IP address. Site-B uses a private
IP address behind an ISP router to connect to the internet. How should NAT
Traversal be implemented for the VPN connection to be established between Site-A
and Site-B?<div><br></div><div>A. Enable on Site-A only</div><div>B. Enable on
Site-B only</div><div>C. Enable on Site-B only with passive mode</div><div>D.
Enable on Site-A and Site-B</div></div>
</div>

<div class="back">

small">Answer: D
</div>

</div>
<div
<div class="front">

small">12 Refer to the exhibit.Which certificates can be used as a Forwarded Trust
certificate?<div><br></div><div>A. Certificate from Default Trust Certificate
Authorities</div><div>B. Domain Sub-CA</div><div>C. Forward_Trust</div><div>D.
Domain-Root-Cert</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">100 Based on the following image,what is the correct path of root,
intermediate, and end-user certificate?<div><br></div><div>A. Palo Alto Networks
> Symantec > VeriSign</div><div>B. Symantec > VeriSign > Palo Alto
Networks</div><div>C. VeriSign > Palo Alto Networks > Symantec</div><div>D.
VeriSign > Symantec > Palo Alto Networks</div></div>
</div>

<div class="back">

small">Answer: D</div>
</div>

</div>
<div
<div class="front">

small">101 An administrator is using Panorama and multiple Palo Alto Networks
NGFWs. After upgrading all devices to the latest PAN-OS software, the administrator
enables log forwarding from the firewalls to Panorama.Pre-existing logs from the
firewalls are not appearing in Panorama.Which action would enable the firewalls to
send their pre-existing logs to Panorama?<div><br></div><div>A. Use the import
option to pull logs into Panorama.</div><div>B. A CLI command will forward the pre-
existing logs to Panorama.</div><div>C. Use the ACC to consolidate pre-existing
logs.</div><div>D. The log database will need to exported form the firewalls and
manually imported into Panorama.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">102 Which CLI command enables an administrator to view details about the
firewall including up-time, PAN-OS version, and serial number?
<div><div><br></div><div>A. debug system details</div><div>B. show session
info</div><div>C. show system info</div><div>D. show system
details</div></div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">103 An administrator logs in to the Palo Alto Networks NGFW and reports that
the WebUI is missing the Policies tab. Which profile is the cause of the missing
Policies tab?<div><br></div><div>A. Admin Role</div><div>B. WebUI</div><div>C.
Authentication</div><div>D. Authorization</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">104 Based on the image, what caused the commit warning?
<div><br></div><div>A. The CA certificate for FWDtrust has not been imported into
the firewall.</div><div>B. The FWDtrust certificate has not been flagged as Trusted
Root CA.</div><div>C. SSL Forward Proxy requires a public certificate to be
imported into the firewall.</div><div>D. The FWDtrust certificate does not have a
certificate chain.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">105 A network administrator uses Panorama to push security polices to
managed firewalls at branch offices. Which policy type should be configured on
Panorama if the administrators at the branch office sites to override these
products?<div><br></div><div>A. Pre Rules</div><div>B. Post Rules</div><div>C.
Explicit Rules</div><div>D. Implicit Rules</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">106 A global corporate office has a large-scale network with only one User-
ID agent, whichcreates a bottleneck near the User-ID agent server.Which solution in
PAN-OS software would help in this case?<div><br></div><div>A. application
override</div><div>B. Virtual Wire mode</div><div>C. content
inspection</div><div>D. redistribution of user mappings</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">107 Given the following table.Which configuration change on the firewall
would cause it to use 10.66.24.88 as the next hop for the 192.168.93.0/30 network?
<div><div><br></div><div>A. Configuring the administrative Distance for RIP to be
lower than that of OSPF Int.</div><div>B. Configuring the metric for RIP to be
higher than that of OSPF Int.</div><div>C. Configuring the administrative Distance
for RIP to be higher than that of OSPF Ext.</div><div>D. Configuring the metric for
RIP to be lower than that OSPF Ext.</div></div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">108 Which Zone Pair and Rule Type will allow a successful connection for a
user on the internetzone to a web server hosted in the DMZ zone? The web server is
reachable using a destination Natpolicy in the Palo Alto Networks
firewall.<div><br></div><div>A. Zone Pair:Source Zone: InternetDestination Zone:
DMZRule Type:intrazone</div><div>B. Zone Pair:Source Zone: InternetDestination
Zone: DMZRule Type:intrazone or "universal"</div><div>C. Zone Pair:Source Zone:
InternetDestination Zone: InternetRule Type:intrazone or "universal"</div><div>D.
Zone Pair:Source Zone: InternetDestination Zone: InternetRule
Type:intrazone</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">109 Which is not a valid reason for receiving a decrypt-cert-validation
error?<div><br></div><div>A. Unsupported HSM</div><div>B. Unknown certificate
status</div><div>C. Client authentication</div><div>D. Untrusted issuer</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">110 Which Captive Portal mode must be configured to support MFA
authentication?<div><br></div><div>A. NTLM</div><div>B. Redirect</div><div>C.
Single Sign-On</div><div>D. Transparent</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">111 A speed/duplex negotiation mismatch is between the Palo Alto Networks
management port and the switch port which it connects. How would an administrator
configure the interface to 1Gbps?<div><br></div><div>A. set deviceconfig interface
speed-duplex 1Gbps-full-duplex</div><div>B. set deviceconfig system speed-duplex
1Gbps-duplex</div><div>C. set deviceconfig system speed-duplex 1Gbps-full-
duplex</div><div>D. set deviceconfig Interface speed-duplex 1Gbps-half-
duplex</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">112 What are three possible verdicts that WildFire can provide for an
analyzed sample? (Choosethree)<div><br></div><div>A. Clean</div><div>B.
Bengin</div><div>C. Adware</div><div>D. Suspicious</div><div>E.
Grayware</div><div>F. Malware</div></div>
</div>

<div class="back">

small">Answer: B E F</div>
</div>

</div>
<div
<div class="front">

small">113 Which two mechanisms help prevent a spilt brain scenario an
Active/Passive HighAvailability (HA) pair?(Choose two)<div><br></div><div>A.
Configure the management interface as HA3 Backup</div><div>B. Configure Ethernet
1/1 as HA1 Backup</div><div>C. Configure Ethernet 1/1 as HA2 Backup</div><div>D.
Configure the management interface as HA2 Backup</div><div>E. Configure the
management interface as HA1 Backup</div><div>F. Configure ethernet1/1 as HA3
Backup</div></div>
</div>

<div class="back">
small">Answer: B E</div>
</div>

</div>
<div
<div class="front">

small">114 Click the Exhibit buttonAn administrator has noticed a large increase in
bittorrent activity. The administrator wants todetermine where the traffic is going
on the company.What would be the administrator's next step?<div><br></div><div>A.
Right-Click on the bittorrent link and select Value from the context
menu</div><div>B. Create a global filter for bittorrent traffic and then view
Traffic logs.</div><div>C. Create local filter for bittorrent traffic and then view
Traffic logs.</div><div>D. Click on the bittorrent application link to view network
activity</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">115 What is exchanged through the HA2 link?<div><br></div><div>A. hello
heartbeats</div><div>B. User-ID information</div><div>C. session
synchronization</div><div>D. HA state information</div></div>
</div>

<div class="back">

</div>
</div>
<div
<div class="front">

small">116 Which CLI command displays the current management plane memory
utilization?<div><br></div><div>A. > debug management-server show</div><div>B.
> show running resource-monitor</div><div>C. > show system info</div><div>D.
> show system resources</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">117 A client has a sensitive application server in their data center and is
particularly concernedabout session flooding because of denial of-service
attacks.How can the Palo Alto Networks NGFW be configured to specifically protect
this server againstsession floods originating from a single IP address?
<div><br></div><div>A. Define a custom App-ID to ensure that only legitimate
application traffic reaches the server</div><div>B. Add QoS Profiles to throttle
incoming requests</div><div>C. Add a tuned DoS Protection Profile</div><div>D. Add
an Anti-Spyware Profile to block attacking IP address</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">118 How does Panorama handle incoming logs when it reaches the maximum
storage capacity?<div><br></div><div>A. Panorama discards incoming logs when
storage capacity full.</div><div>B. Panorama stops accepting logs until licenses
for additional storage space are applied</div><div>C. Panorama stops accepting logs
until a reboot to clean storage space.</div><div>D. Panorama automatically deletes
older logs to create space for new ones.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">119 Refer to Exhibit:A firewall has three PDF rules and a default route with
a next hop of 172.29.19.1 that is configured in the default VR. A user named XX-bes
a PC with a 192.168.101.10 IP address.He makes an HTTPS connection to
172.16.10.29.What is the next hop IP address for the HTTPS traffic from Wills
PC.<div><br></div><div>A. 172.20.30.1</div><div>B. 172.20.20.1</div><div>C.
172.20.10.1</div><div>D. 172.20.40.1</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">120 Which two options are required on an M-100 appliance to configure it as
a Log Collector?(Choose two)<div><br></div><div>A. From the Panorama tab of the
Panorama GUI select Log Collector mode and then commit changes</div><div>B. Enter
the command request system system-mode logger then enter Y to confirm the change
toLog Collector mode.</div><div>C. From the Device tab of the Panorama GUI select
Log Collector mode and then commit changes.</div><div>D. Enter the command logger-
mode enable the enter to confirm the change to Log Collector mode.E. Log in the
Panorama CLI of the dedicated Log Collector</div></div>
</div>

<div class="back">

small">Answer: B E</div>
</div>

</div>
<div
<div class="front">

small">121 Which two actions are required to make Microsoft Active Directory users
appear in a firewall traffic log?(Choose two.)<div><br></div><div>A. Run the User-
ID Agent using an Active Directory account that has "event log viewer"
permissions</div><div>B. Enable User-ID on the zone object for the destination
zone</div><div>C. Run the User-ID Agent using an Active Directory account that has
"domain administrator"permissions</div><div>D. Enable User-ID on the zone object
for the source zone</div><div>E. Configure a RADIUS server profile to point to a
domain controller</div></div>
</div>

<div class="back">

small">Answer: A D</div>
</div>

</div>
<div
<div class="front">

small">122 A client has a sensitive application server in their data center and is
particularly concernedabout resource exhaustion because of distributed denial-of-
service attacks.How can the Palo Alto Networks NGFW be configured to specifically
protect this server againstresource exhaustion originating from multiple IP
addresses (DDoS attack)?<div><br></div><div>A. Define a custom App-ID to ensure
that only legitimate application traffic reaches the server.</div><div>B. Add a
Vulnerability Protection Profile to block the attack.</div><div>C. Add QoS Profiles
to throttle incoming requests.</div><div>D. Add a DoS Protection Profile with
defined session count.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">123 The firewall determines if a packet is the first packet of a new session
or if a packet is part of an existing session using which kind of match?
<div><br></div><div>A. 5-tuple matchSource IP Address, Destination IP Address,
Source Port, Destination Port, Protocol</div><div>B. 7-tuple matchSource IP
Address, Destination IP Address, Source Port, Destination Port ,Source User, URL
Categoryand Source Security Zone.</div><div>C. 6-tuple matchSource IP Address,
Destination IP Address, Source Port, Destination Port, Protocol and SourceSecurity
Zone</div><div>D. 9-tuple matchSource IP Address, Destination IP Address, Source
Port, Destination Port, Source User, SourceSecurity Zone, Destination Security
Zone, Application and URL Category</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">
small">124 An Administrator is configuring an IPSec VPN toa Cisco ASA at the
administrator's home and experiencing issues completing the connection. The
following is the output from the command:less mp-log ikemgr.log: What could be the
cause of this problem?<div><br></div><div>A. The public IP addresses do not match
for both the Palo Alto Networks Firewall and the ASA.</div><div>B. The Proxy IDs on
the Palo Alto Networks Firewall do not match the settings on the ASA.</div><div>C.
The shared secrets do not match between the Palo Alto firewall and the
ASA</div><div>D. The deed peer detection settings do not match between the Palo
Alto Networks Firewall and the ASA</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">125 An administrator has been asked to configure active/active HA for a pair
of Palo AltoNetworks NGFWs. The firewall use Layer 3 interfaces to send traffic to
a single gateway IP for the pair.Which configuration will enable this HA scenario?
<div><br></div><div>A. The two firewalls will share a single floating IP and will
use gratuitous ARP to share the floating IP.</div><div>B. Each firewall will have a
separate floating IP, and priority will determine which firewall has the primary
IP.</div><div>C. The firewalls do not use floating IPs in active/active
HA.</div><div>D. The firewalls will share the same interface IP address, and device
1 will use the floating IP if device0 fails.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">
small">126 Refer to the exhibit.An administrator is using DNAT to map two servers
to a single public IP address. Traffic will be steered to the specific server based
on the application, where Host A (10.1.1.100) receives HTTP traffic and HOST B
(10.1.1.101) receives SSH traffic.) Which two security policy rules will accomplish
this configuration? (Choose two.)<div><br></div><div>A. Untrust (Any) to Untrust
(10.1.1.1), web-browsing -Allow</div><div>B. Untrust (Any) to Untrust (10.1.1.1),
ssh -Allow</div><div>C. Untrust (Any) to DMZ (10.1.1.1), web-browsing
-Allow</div><div>D. Untrust (Any) to DMZ (10.1.1.1), ssh -Allow</div><div>E.
Untrust (Any) to DMZ (10.1.1.100.10.1.1.101), ssh, web-browsing -Allow</div></div>
</div>

<div class="back">

small">Answer: C D</div>
</div>

</div>
<div
<div class="front">

small">127 Which option is an IPv6 routing protocol?<div><br></div><div>A.
RIPv3</div><div>B. OSPFv3</div><div>C. OSPv3</div><div>D. BGP NG</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">128 During the packet flow process, which two processes are performed in
application identification? (Choose two.)<div><br></div><div>A. Pattern based
application identification</div><div>B. Application override policy
match</div><div>C. Application changed from content inspection</div><div>D. Session
application identified.</div></div>
</div>

<div class="back">

small">Answer: B D</div>
</div>

</div>
<div
<div class="front">

small">129 What can missing SSL packets when performing a packet capture on
dataplane interfaces?<div><br></div><div>A. The packets are hardware offloaded to
the offloaded processor on the dataplane</div><div>B. The missing packets are
offloaded to the management plane CPU</div><div>C. The packets are not captured
because they are encrypted</div><div>D. There is a hardware problem with offloading
FPGA on the management plane</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">13 Which option enables a Palo Alto Networks NGFW administrator to schedule
Application andThreat updates while applying only new content-IDs to traffic?
<div><br></div><div>A. Select download-and-install.</div><div>B. Select download-
and-install, with "Disable new apps in content update" selected.</div><div>C.
Select download-only.</div><div>D. Select disable application updates and select
"Install only Threat updates"</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">130 Which Security policy rule will allow an admin to block facebook chat
but allow Facebook in general?<div><br></div><div>A. Deny application facebook-chat
before allowing application facebook</div><div>B. Deny application facebook on
top</div><div>C. Allow application facebook on top</div><div>D. Allow application
facebook before denying application facebook-chat</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">131 Which three authentication services can administrator use to
authenticate admins into thePalo Alto Networks NGFW without defining a
corresponding admin account on the local firewall?(Choose
three.)<div><br></div><div>A. Kerberos</div><div>B. PAP</div><div>C.
SAML</div><div>D. TACACS+</div><div>E. RADIUS</div><div>F. LDAP</div></div>
</div>

<div class="back">

small">Answer: D E F</div>
</div>
</div>
<div
<div class="front">

small">132 If a template stack is assigned to a device and the stack includes three
templates withoverlapping settings, which settings are published to the device when
the template stack is pushed?<div><br></div><div>A. The settings assigned to the
template that is on top of the stack.</div><div>B. The administrator will be
promoted to choose the settings for that chosen firewall.</div><div>C. All the
settings configured in all templates.</div><div>D. Depending on the firewall
location, Panorama decides with settings to send.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">133 Which two features does PAN-OS software use to identify applications?
(Choose two)<div><br></div><div>A. port number</div><div>B. session
number</div><div>C. transaction characteristics</div><div>D. application layer
payload</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">134 The firewall identifies a popular application as an unknown-tcp.Which
two options are available to identify the application? (Choose
two.)<div><br></div><div>A. Create a custom application.</div><div>B. Create a
custom object for the custom application server to identify the custom
application.</div><div>C. Submit an Apple-ID request to Palo Alto
Networks.</div><div>D. Create a Security policy to identify the custom
application.</div></div>
</div>

<div class="back">

small">Answer: A B</div>
</div>

</div>
<div
<div class="front">

small">135 In a virtual router, which object contains all potential routes?
<div><br></div><div>A. MIB</div><div>B. RIB</div><div>C. SIP</div><div>D.
FIB</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">136 What are two prerequisites for configuring a pair of Palo Alto Networks
firewalls in an active/passive High Availability (HA) pair? (Choose
two.)<div><br></div><div>A. The firewalls must have the same set of
licenses.</div><div>B. The management interfaces must to be on the same
network.</div><div>C. The peer HA1 IP address must be the same on both
firewalls.</div><div>D. HA1 should be connected to HA1. Either directly or with an
intermediate Layer 2 device.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">137 An administrator has enabled OSPF on a virtual router on the NGFW. OSPF
is not adding new routes to the virtual router. Which two options enable the
administrator to troubleshoot this issue? (Choose two.)<div><br></div><div>A. View
Runtime Stats in the virtual router.</div><div>B. View System logs.</div><div>C.
Add a redistribution profile to forward as BGP updates.</div><div>D. Perform a
traffic pcap at the routing stage.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">138 Which Security Policy Rule configuration option disables antivirus and
anti-spyware scanning of server-to-client flows only?<div><br></div><div>A. Disable
Server Response Inspection</div><div>B. Apply an Application Override</div><div>C.
Disable HIP Profile</div><div>D. Add server IP Security Policy
exception</div></div>
</div>
<div class="back">

</div>

</div>
<div
<div class="front">

small">139 In an enterprise deployment, a network security engineer wants to assign
to a group ofadministrators without creating local administrator accounts on the
firewall.Which authentication method must be used?<div><br></div><div>A.
LDAP</div><div>B. Kerberos</div><div>C. Certification based
authentication</div><div>D. RADIUS with Vendor-Specific Attributes</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">14 A network design calls for a "router on a stick" implementation with a
PA-5060 performing inter-VLAN routing All VLAN-tagged traffic will be forwarded to
the PA-5060 through a single dot1qtrunk interface Which interface type and
configuration setting will support this design?<div><br></div><div>A. Trunk
interface type with specified tag</div><div>B. Layer 3 interface type with
specified tag</div><div>C. Layer 2 interface type with a VLAN assigned</div><div>D.
Layer 3 subinterface type with specified tag</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">140 An administrator needs to upgrade an NGFW to the most current version of
PAN-OS software. The following is occurring:<div>* Firewall has Internet
connectivity through e1/1.</div><div>* Default security rules and security rules
allowing all SSL and web-browsing traffic to and from any zone.<div>* Service route
is configured, sourcing update traffic from e1/1.</div><div>* A communication error
appears in the System logs when updates are performed.</div><div>*Download does not
complete.What must be configured to enable the firewall to download the current
version of PAN-OS software?<br></div><div><br></div><div>A. DNS settings for the
firewall to use for resolution</div><div>B. scheduler for timed downloads of PAN-OS
software</div><div>C. static route pointing application PaloAlto-updates to the
update servers</div><div>D. Security policy rule allowing PaloAlto-updates as the
application</div></div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">141 Which administrative authentication method supports authorization by an
external service?<div><br></div><div>A. Certificates</div><div>B. LDAP</div><div>C.
RADIUS</div><div>D. SSH keys</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">142 If the firewall is configured for credential phishing prevention using
the "Domain Credential Filter" method, which login will be detected as credential
theft?<div><br></div><div>A. Mapping to the IP address of the logged-in
user.</div><div>B. First four letters of the username matching any valid corporate
username.</div><div>C. Using the same user's corporate username and
password.</div><div>D. Marching any valid corporate username.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">143 Which feature can provide NGFWs with User-ID mapping information?
<div><br></div><div>A. Web Captcha</div><div>B. Native 802.1q
authentication</div><div>C. GlobalProtect</div><div>D. Native 802.1x
authentication</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">144 View the GlobalProtect configuration screen capture.What is the purpose
of this configuration?<div><br></div><div>A. It configures the tunnel address of
all internal clients to an IP address range starting at 192.168.10.1.</div><div>B.
It forces an internal client to connect to an internal gateway at IP address
192.168.10.1.</div><div>C. It enables a client to perform a reverse DNS lookup on
192.168.10.1 to detect that it is an internal client.</div><div>D. It forces the
firewall to perform a dynamic DNS update, which adds the internal gateway's
hostname and IP address to the DNS server.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">145 Only two Trust to Untrust allow rules have been created in the Security
policy Rule1 allows google-base Rule2 allows youtube-base The youtube-base App-ID
depends on google-base to function. The google-base App-ID implicitly uses SSL and
web-browsing. When user try to accesss https://www.youtube.com in a web browser,
they get an error indicating that the server cannot be found.Which action will
allow youtube.com display in the browser correctly?<div><br></div><div>A. Add SSL
App-ID to Rule1</div><div>B. Create an additional Trust to Untrust Rule, add the
web-browsing, and SSL App-ID's to it</div><div>C. Add the DNS App-ID to
Rule2</div><div>D. Add the Web-browsing App-ID to Rule2</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">146 A web server is hosted in the DMZ, and the server is configured to
listen for incoming connections only on TCP port 8080. A Security policy rule
allowing access from the Trust zone to the DMZ zone need to be configured to enable
we browsing access to the server.Which application and service need to be
configured to allow only cleartext web-browsing traffic to the inside server on
tcp/8080.<div><br></div><div>A. application: web-browsing; service: application-
default</div><div>B. application: web-browsing; service: service-https</div><div>C.
application: ssl; service: any</div><div>D. application: web-browsing; service:
(custom with destination TCP port 8080)</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">147 What must be used in Security Policy Rule that contain addresses where
NAT policy applies?<div><br></div><div>A. Pre-NAT addresse and Pre-NAT
zones</div><div>B. Post-NAT addresse and Post-Nat zones</div><div>C. Pre-NAT
addresse and Post-Nat zones</div><div>D. Post-Nat addresses and Pre-NAT
zones</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">
small">148 Which URL Filtering Security Profile action logs the URL Filtering
category to the URLFiltering log?<div><br></div><div>A. Log</div><div>B.
Alert</div><div>C. Allow</div><div>D. Default</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">149 Refer to exhibit.An organization has Palo Alto Networks NGFWs that send
logs to remote monitoring and securitymanagement platforms. The network team has
reported excessive traffic on the corporate WAN.How could the Palo Alto Networks
NGFW administrator reduce WAN traffic while maintaining support for all existing
monitoring/ security platforms?<div><br></div><div>A. Forward logs from firewalls
only to Panorama and have Panorama forward logs to other external
services.</div><div>B. Forward logs from external sources to Panorama for
correlation, and from Panorama send them to the NGFW.</div><div>C. Configure log
compression and optimization features on all remote firewalls.</div><div>D. Any
configuration on an M-500 would address the insufficient bandwidth
concerns.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">15 Which two benefits come from assigning a Decryption Profile to a
Decryption policy rule with a "No Decrypt" action? (Choose
two.)<div><br></div><div>A. Block sessions with expired certificates</div><div>B.
Block sessions with client authentication</div><div>C. Block sessions with
unsupported cipher suites</div><div>D. Block sessions with untrusted
issuers</div><div>E. Block credential phishing</div></div>
</div>

<div class="back">

small">Answer: A B C</div>
</div>

</div>
<div
<div class="front">

small">150 What will be the source address in the ICMP packet?
<div><br></div><div>A. 10.30.0.93</div><div>B. 10.46.72.93</div><div>C.
10.46.64.94</div><div>D. 192.168.93.1</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">151 An administrator has been asked to create 100 virtual firewalls in a
local, on-premise lab environment (not in the cloud). Bootstrapping is the most
expedient way to perform this task.Which option describes deployment of a bootstrap
package in an on-premise virtual environment?<div><br></div><div>A. Use config-
drive on a USB stick.</div><div>B. Use an S3 bucket with an ISO.</div><div>C.
Create and attach a virtual hard disk (VHD).</div><div>D. Use a virtual CD-ROM with
an ISO.</div></div>
</div>
<div class="back">

</div>

</div>
<div
<div class="front">

small">152 A VPN connection is set up between Site-A and Site-B, but no traffic is
passing in the systemlog of Site-A, there is an event logged as like-nego-p1-fail-
psk.What action will bring the VPN up and allow traffic to start passing between
the sites?<div><br><div>A. Change the Site-B IKE Gateway profile version to match
Site-A,</div><div>B. Change the Site-A IKE Gateway profile exchange mode to
aggressive mode.</div><div>C. Enable NAT Traversal on the Site-A IKE Gateway
profile.</div><div>D. Change the pre-shared key of Site-B to match the pre-shared
key of Site-A</div></div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">153 YouTube videos are consuming too much bandwidth on the network, causing
delays inmission-critical traffic.The administrator wants to throttle YouTube
traffic. The following interfaces and zones are in use onthe firewall:*
ethernet1/1, Zone: Untrust (Internet-facing)* ethernet1/2, Zone: Trust (client-
facing)A QoS profile has been created, and QoS has been enabled on both interfaces.
A QoS rule exists toput the YouTube application into QoS class 6. Interface
Ethernet1/1 has a QoS profile calledOutbound, and interface Ethernet1/2 has a QoS
profile called Inbound.Which setting for class 6 with throttle YouTube traffic?
<div><br></div><div>A. Outbound profile with Guaranteed Ingress</div><div>B.
Outbound profile with Maximum Ingress</div><div>C. Inbound profile with Guaranteed
Egress</div><div>D. Inbound profile with Maximum Egress</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">154 Which field is optional when creating a new Security Policy rule?
<div><br></div><div>A. Name</div><div>B. Description</div><div>C. Source
Zone</div><div>D. Destination Zone</div><div>E. Action</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">155 An administrator encountered problems with inbound decryption. Which
option should theadministrator investigate as part of triage?<div><br></div><div>A.
Security policy rule allowing SSL to the target server</div><div>B. Firewall
connectivity to a CRL</div><div>C. Root certificate imported into the firewall with
"Trust" enabled</div><div>D. Importation of a certificate from an HSM</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">156 Which User-ID method maps IP address to usernames for users connecting
through a webproxy that has already authenticated the user?<div><br></div><div>A.
Client Probing</div><div>B. Port mapping</div><div>C. Server
monitoring</div><div>D. Syslog listening</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">157 What are three valid method of user mapping? (Choose
three)<div><br></div><div>A. Syslog</div><div>B. XML API</div><div>C.
802.1X</div><div>D. WildFire</div><div>E. Server Monitoring</div></div>
</div>

<div class="back">

small">Answer: A B E</div>
</div>

</div>
<div
<div class="front">
small">158 Which three firewall states are valid? (Choose
three)<div><br></div><div>A. Suspended</div><div>B. Passive</div><div>C.
Active</div><div>D. Pending</div><div>E. Functional</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">159 An administrator deploys PA-500 NGFWs as an active/passive high
availability pair. Thedevices are not participating in dynamic routing and
preemption is disabled.What must be verified to upgrade the firewalls to the most
recent version of PAN-OS software?<div><br></div><div>A. Wildfire update
package</div><div>B. User-ID agent</div><div>C. Anti virus update
package</div><div>D. Application and Threats update package</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">16 An administrator wants to upgrade an NGFW from PAN-OS 7 .1. 2 to PAN-OS 8
.0.2 Thefirewall is not a part of an HA pair. What needs to be updated first?
<div><br></div><div>A. XML Agent</div><div>B. Applications and Threats</div><div>C.
WildFire</div><div>D. PAN-OS Upgrade Agent</div></div>
</div>
<div class="back">

</div>

</div>
<div
<div class="front">

small">160 Which method will dynamically register tags on the Palo Alto Networks
NGFW?<div><br></div><div>A. Restful API or the VMWare API on the firewall or on the
User-ID agent or the read-only domain controller (RODC)</div><div>B. Restful API or
the VMware API on the firewall or on the User-ID agent</div><div>C. XML-API or the
VMware API on the firewall or on the User-ID agent or the CLI</div><div>D. XML API
or the VM Monitoring agent on the NGFW or on the User-ID agent</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">161 What are three valid actions in a File Blocking Profile? (Choose
three)<div><br></div><div>A. Forward</div><div>B. Block</div><div>C.
Alret</div><div>D. Upload</div><div>E. Reset-both</div><div>F. Continue</div></div>
</div>

<div class="back">

</div>
</div>
<div
<div class="front">

small">162 A network design change requires an existing firewall to start accessing
Palo Alto Updatesfrom a data plane interface address instead of the management
interface.Which configuration setting needs to be modified?<div><br></div><div>A.
Service route</div><div>B. Default route</div><div>C. Management
profile</div><div>D. Authentication profile</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">163 A company has a pair of Palo Alto Networks firewalls configured as an
Acitve/Passive HighAvailability (HA) pair.What allows the firewall administrator to
determine the last date a failover event occurred?<div><br></div><div>A. From the
CLI issue use the show System log</div><div>B. Apply the filter subtype eq ha to
the System log</div><div>C. Apply the filter subtype eq ha to the configuration
log</div><div>D. Check the status of the High Availability widget on the Dashboard
of the GUI</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">164 What should an administrator consider when planning to revert Panorama
to a pre-PAN-OS8.1 version?<div><br></div><div>A. Panorama cannot be reverted to an
earlier PAN-OS release if variables are used in templates or template
stacks.</div><div>B. An administrator must use the Expedition tool to adapt the
configuration to the pre-PAN-OS 8.1 state.</div><div>C. When Panorama is reverted
to an earlier PAN-OS release, variables used in templates or template stacks will
be removed automatically.</div><div>D. Administrators need to manually update
variable characters to those used in pre-PAN-OS 8.1.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">165 Which CLI command displays the current management plan memory
utilization?<div><br></div><div>A. > show system info</div><div>B. > show
system resources</div><div>C. > debug management-server show</div><div>D. >
show running resource-monitor</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">
small">166 When configuring a GlobalProtect Portal, what is the purpose of
specifying anAuthentication Profile?<div><br></div><div>A. To enable Gateway
authentication to the Portal</div><div>B. To enable Portal authentication to the
Gateway</div><div>C. To enable user authentication to the Portal</div><div>D. To
enable client machine authentication to the Portal</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">167 How can a candidate or running configuration be copied to a host
external from Panorama?<div><br></div><div>A. Commit a running
configuration.</div><div>B. Save a configuration snapshot.</div><div>C. Save a
candidate configuration.</div><div>D. Export a named configuration
snapshot.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">168 How would an administrator monitor/capture traffic on the management
interface of thePalo Alto Networks NGFW?<div><br></div><div>A. Use the debug
dataplane packet-diag set capture stage firewall file command.</div><div>B. Enable
all four stages of traffic capture (TX, RX, DROP, Firewall).</div><div>C. Use the
debug dataplane packet-diag set capture stage management file command.</div><div>D.
Use the tcpdump command.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">169 Which client software can be used to connect remote Linux client into a
Palo Alto NetworksInfrastructure without sacrificing the ability to scan traffic
and protect against threats?<div><br></div><div>A. X-Auth IPsec VPN</div><div>B.
GlobalProtect Apple IOS</div><div>C. GlobalProtect SSL</div><div>D. GlobalProtect
Linux</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">17 Which interface configuration will accept specific VLAN IDs?
<div><br></div><div>A. Tab Mode</div><div>B. Subinterface</div><div>C. Access
Interface</div><div>D. Trunk Interface</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">170 Which three file types can be forwarded to WildFire for analysis as a
part of the basic WildFire service?(Choose three.)<div><br></div><div>A.
.dll</div><div>B. .exe</div><div>C. .src</div><div>D. .apk</div><div>E.
.pdf</div><div>F. .jar<br></div></div>
</div>

<div class="back">

small">Answer: D E F</div>
</div>

</div>
<div
<div class="front">

small">171 Which User-ID method should be configured to map IP addresses to
usernames for usersconnected through a terminal server?<div><br></div><div>A. port
mapping</div><div>B. server monitoring</div><div>C. client probing</div><div>D. XFF
headers</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">172 An administrator is configuring an IPSec VPN to a Cisco ASA at the
administrator's home and experiencing issues completing the connection. the
following is the output from the command:What could be the cause of this problem?
<div><br></div><div>A. The dead peer detection settings do not match between the
Palo Alto Networks Firewall and theASA.</div><div>B. The Proxy IDs on the Palo Alto
Networks Firewall do not match the setting on the ASA.</div><div>C. The public IP
addresses do not match for both the Palo Alto Networks Firewall and the
ASA.</div><div>D. The shared secrets do not match between the Palo Alto Networks
Firewall and the ASA.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">173 A network security engineer has been asked to analyze Wildfire activity.
However, theWildfire Submissions item is not visible form the Monitor tab.What
could cause this condition?<div><br></div><div>A. The firewall does not have an
active WildFire subscription.</div><div>B. The engineer's account does not have
permission to view WildFire Submissions.</div><div>C. A policy is blocking WildFire
Submission traffic.</div><div>D. Though WildFire is working, there are currently no
WildFire Submissions log entries.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">
small">174 An administrator creates an SSL decryption rule decrypting traffic on
all ports. The administrator also creates a Security policy rule allowing only the
applications DNS, SSL, and web browsing. The administrator generates three
encrypted BitTorrent connections and checks the Traffic logs.There are three
entries. The first entry shows traffic dropped as application Unknown. The next two
entries show traffic allowed as application SSL.Which action will stop the second
and subsequent encrypted BitTorrent connections from being allowed as SSL?
<div><br></div><div>A. Create a decryption rule matching the encrypted BitTorrent
traffic with action "No-Decrypt," and place the rule at the top of the Decryption
policy.</div><div>B. Create a Security policy rule that matches application
"encrypted BitTorrent" and place the rule at the top of the Security
policy.</div><div>C. Disable the exclude cache option for the
firewall.</div><div>D. Create a Decryption Profile to block traffic using
unsupported cyphers, and attach the profile to the decryption rule.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">175 A company.com wants to enable Application Override. Given the following
screenshot:Which two statements are true if Source and Destination traffic match
the Application Override policy?(Choose two)<div><br></div><div>A. Traffic that
matches "rtp-base" will bypass the App-ID and Content-ID engines.</div><div>B.
Traffic will be forced to operate over UDP Port 16384.</div><div>C. Traffic
utilizing UDP Port 16384 will now be identified as "rtp-base".</div><div>D. Traffic
utilizing UDP Port 16384 will bypass the App-ID and Content-ID engines.</div></div>
</div>

<div class="back">

small">Answer: A C</div>
</div>

</div>
<div
<div class="front">

small">176 Which two subscriptions are available when configuring panorama to push
dynamic updatesto connected devices? (Choose two.)<div><br></div><div>A. Content-
ID</div><div>B. User-ID</div><div>C. Applications and Threats</div><div>D.
Antivirus</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">177 Which command can be used to validate a Captive Portal policy?
<div><br></div><div>A. eval captive-portal policy </div><div>B. request cp-policy-
eval </div><div>C. test cp-policy-match </div><div>D. debug cp-policy </div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">178 How does an administrator schedule an Applications and Threats dynamic
update while delaying installation of the update for a certain amount of time?
<div><br></div><div>A. Configure the option for "Threshold".</div><div>B. Disable
automatic updates during weekdays.</div><div>C. Automatically "download only" and
then install Applications and Threats later, after the administrator approves the
update.</div><div>D. Automatically "download and install" but with the "disable new
applications" option used.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">179 When using the predefined default profile, the policy will inspect for
viruses on the decoders. Match each decoder with its default action.Answer options
may be used more than once or not at all.</div>
</div>

<div class="back">

small">Answer: ExplanationIMAP , POP3 , SMTP - > AlertHTTP,FTP,SMB -> Reset-
both</div>
</div>

</div>
<div
<div class="front">

small">180 A Security policy rule is configured with a Vulnerability Protection
Profile and an action of'Deny". Which action will this cause configuration on the
matched traffic?<div><br></div><div>A. The configuration is invalid. The Profile
Settings section will be grayed out when the Action is settoDeny.</div><div>B. The
configuration will allow the matched session unless a vulnerability signature is
detected. TheDeny action will supersede the per-severity defined actions defined in
the associated Vulnerability Protection Profile.</div><div>C. The configuration is
invalid. It will cause the firewall to skip this Security policy rule. A warning
will be displayed during a commit.</div><div>D. The configuration is valid. It will
cause the firewall to deny the matched sessions. Any configured Security Profiles
have no effect if the Security policy rule action is set to "Deny."</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">181 A company hosts a publically accessible web server behind a Palo Alto
Networks next generation firewall with the following configuration information.*
Users outside the company are in the "Untrust-L3" zone* The web server physically
resides in the "Trust-L3" zone.* Web server public IP address: 23.54.6.10* Web
server private IP address: 192.168.1.10 Which two items must be NAT policy contain
to allow users in the untrust-L3 zone to access the webserver?(Choose
two)<div><br></div><div>A. Untrust-L3 for both Source and Destination
zone</div><div>B. Destination IP of 192.168.1.10</div><div>C. Untrust-L3 for Source
Zone and Trust-L3 for Destination Zone</div><div>D. Destination IP of
23.54.6.10</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">182 Which Panorama administrator types require the configuration of at least
one access domain? (Choose two)<div><br></div><div>A. Dynamic</div><div>B. Custom
Panorama Admin</div><div>C. Role Based</div><div>D. Device Group</div><div>E.
Template Admin</div></div>
</div>
<div class="back">

small">Answer: D E</div>
</div>

</div>
<div
<div class="front">

small">183 A network security engineer is asked to perform a Return Merchandise
Authorization (RMA)on a firewall Which part of files needs to be imported back into
the replacement firewall that is using Panorama?<div><br></div><div>A. Device state
and license files</div><div>B. Configuration and serial number files</div><div>C.
Configuration and statistics files</div><div>D. Configuration and Large Scale VPN
(LSVPN) setups file</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">184 Which Palo Alto Networks VM-Series firewall is valid?
<div><br></div><div>A. VM-25</div><div>B. VM-800</div><div>C. VM-50</div><div>D.
VM-400</div></div>
</div>

<div class="back">

</div>
</div>
<div
<div class="front">

small">185 An administrator has been asked to configure active/passive HA for a
pair of Palo AltoNetworks NGFWs.The administrator assigns priority 100 to the
active firewall.Which priority is correct for the passive firewall?
<div><br></div><div>A. 0</div><div>B. 99</div><div>C. 1</div><div>D.
255</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">186 An administrator needs to determine why users on the trust zone cannot
reach certain websites. The only information available is shown on the following
image. Which configuration change should the administrator make?
<div><br></div><div>A)57</div><div>B)58</div><div>C)</div><div>D)59</div><div>E)</d
iv><div><br></div><div>A. Option A</div><div>B. Option B</div><div>C. Option
C</div><div>D. Option D</div><div>E. Option E</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">187 The company's Panorama server (IP 10.10.10.5) is not able to manage a
firewall that was recently deployed.The firewall's dedicated management port is
being used to connect to the management network.Which two commands may be used to
troubleshoot this issue from the CLI of the new firewall?(Choose
two)<div><br></div><div>A. test panoramas-connect 10.10.10.5</div><div>B. show
panoramas-status </div><div>C. show arp all I match 10.10.10.5</div><div>D. top
dump filter "host 10.10.10.5</div><div>E. debug dataplane packet-diag set capture
on</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">188 Which two logs on the firewall will contain authentication-related
information useful for troubleshooting purpose (Choose two)<div><br></div><div>A.
ms.log</div><div>B. traffic.log</div><div>C. system.log</div><div>D. dp-
monitor.log</div><div>E. authd.log</div></div>
</div>

<div class="back">

small">Answer: C E</div>
</div>

</div>
<div
<div class="front">

small">189 Support for which authentication method was added in PAN-OS 8.0?
<div><br></div><div>A. RADIUS</div><div>B. LDAP</div><div>C. Diameter</div><div>D.
TACACS+</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">19 Which three user authentication services can be modified to provide the
Palo Alto Networks NGFW with both usernames and role names? (Choose
three.)<div><br></div><div>A. TACACS+</div><div>B. Kerberos</div><div>C.
PAP</div><div>D. LDAP</div><div>E. SAML</div><div>F. RADIUS</div></div>
</div>

<div class="back">

small">Answer: A D F</div>
</div>

</div>
<div
<div class="front">

small">190 An administrator is defining protection settings on the Palo Alto
Networks NGFW to guard against resource exhaustion. When platform utilization is
considered, which steps must the administrator take to configure and apply packet
buffer protection?<div><br></div><div>A. Enable and configure the Packet Buffer
protection thresholds.Enable Packet Buffer Protection per ingress
zone.</div><div>B. Enable and then configure Packet Buffer thresholdsEnable
Interface Buffer protection.</div><div>C. Create and Apply Zone Protection Profiles
in all ingress zones.Enable Packet Buffer Protection peringress zone.</div><div>D.
Configure and apply Zone Protection Profiles for all egress zones.Enable Packet
Buffer Protectionpre egress zone.</div><div>E. Enable per-vsys Session Threshold
alerts and triggers for Packet Buffer Limits.Enable Zone BufferProtection per
zone.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">191 Refer to the exhibit.Which will be the egress interface if the traffic's
ingress interface is ethernet 1/7 sourcing from 192.168.111.3 and to the
destination 10.46.41.113?<div><br></div><div>A. ethernet1/6</div><div>B.
ethernet1/3</div><div>C. ethernet1/7</div><div>D. ethernet1/5</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">192 Which is the maximum number of samples that can be submitted to WildFire
per day, based on wildfire subscription?<div><br></div><div>A. 15,000</div><div>B.
10,000</div><div>C. 75,00</div><div>D. 5,000</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">193 An administrator accidentally closed the commit window/screen before the
commit was finished. Which two options could the administrator use to verify the
progress or success of that commit task? (Choose two.)<div><br></div><div>A.
Exhibit A</div><div>B. Exhibit B</div><div>C. Exhibit C</div><div>D. Exhibit
D</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">194 In the following image from Panorama, why are some values shown in red?
<div><br></div><div>A. sg2 session count is the lowest compared to the other
managed devices.</div><div>B. us3 has a logging rate that deviates from the
administrator-configured thresholds.</div><div>C. uk3 has a logging rate that
deviates from the seven-day calculated baseline.</div><div>D. sg2 has misconfigured
session thresholds.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">195 When is the content inspection performed in the packet flow process?
<div><br></div><div>A. after the application has been identified</div><div>B.
before session lookup</div><div>C. before the packet forwarding
process</div><div>D. after the SSL Proxy re-encrypts the packet</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">196 Which tool provides an administrator the ability to see trends in
traffic over periods of time,such as threats detected in the last 30 days?
<div><br></div><div>A. Session Browser</div><div>B. Application Command
Center</div><div>C. TCP Dump</div><div>D. Packet Capture</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">197 A Palo Alto Networks NGFW just submitted a file to WildFire for
analysis. Assume a 5-minute window for analysis. The firewall is configured to
check for verdicts every 5 minutes.How quickly will the firewall receive back a
verdict?<div><br></div><div>A. More than 15 minutes</div><div>B. 5
minutes</div><div>C. 10 to 15 minutes</div><div>D. 5 to 10 minutes</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">198 An administrator has been asked to configure a Palo Alto Networks NGFW
to provide protection against worms and trojans. Which Security Profile type will
protect against worms and trojans?<div><br></div><div>A. Anti-Spyware</div><div>B.
WildFire</div><div>C. Vulnerability Protection</div><div>D. Antivirus</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">199 Which two statements are correct for the out-of-box configuration for
Palo Alto NetworksNGFWs? (Choose two)<div><br></div><div>A. The devices are pre-
configured with a virtual wire pair out the first two interfaces.</div><div>B. The
devices are licensed and ready for deployment.</div><div>C. The management
interface has an IP address of 192.168.1.1 and allows SSH and HTTPS
connections.</div><div>D. A default bidirectional rule is configured that allows
Untrust zone traffic to go to the Trust zone.</div><div>E. The interface are
pingable.<br></div></div>
</div>
<div class="back">

small">Answer: B C</div>
</div>

</div>
<div
<div class="front">

small">20 Which User-ID method maps IP addresses to usernames for users connecting
through an 802.1x-enabled wireless network device that has no native integration
with PAN-OS software?<div><br></div><div>A. XML API</div><div>B. Port
Mapping</div><div>C. Client Probing</div><div>D. Server Monitoring</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">200 Which CLI command can be used to export the tcpdump capture?
<div><br></div><div>A. scp export tcpdump from mgmt.pcap to </div><div>B. scp
extract mgmt-pcap from mgmt.pcap to </div><div>C. scp export mgmt-pcap from
mgmt.pcap to </div><div>D. download mgmt.-pcap</div></div>
</div>

<div class="back">

</div>
</div>
<div
<div class="front">

small">201 Which Palo Alto Networks VM-Series firewall is supported for VMware NSX?
<div><br></div><div>A. VM-100</div><div>B. VM-200</div><div>C. VM-1000-
HV</div><div>D. VM-300</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">202 Which two methods can be configured to validate the revocation status of
a certificate?(Choose two.)<div><br></div><div>A. CRL</div><div>B. CRT</div><div>C.
OCSP</div><div>D. Cert-Validation-Profile</div><div>E. SSL/TLS Service
Profile</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">203 Company.com has an in-house application that the Palo Alto Networks
device doesn't identify correctly. A Threat Management Team member has mentioned
that this in-house application is very sensitive and all traffic being identified
needs to be inspected by the Content-ID engine.Which method should company.com use
to immediately address this traffic on a Palo Alto Networks device?
<div><br></div><div>A. Create a custom Application without signatures, then create
an Application Override policy thatincludes the source, Destination, Destination
Port/Protocol and Custom Application of the traffic.</div><div>B. Wait until an
official Application signature is provided from Palo Alto Networks.</div><div>C.
Modify the session timer settings on the closest referanced application to meet the
needs of thein-house application</div><div>D. Create a Custom Application with
signatures matching unique identifiers of the in-house application
traffic</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">204 A customer wants to set up a VLAN interface for a Layer 2 Ethernet
port.Which two mandatory options are used to configure a VLAN interface? (Choose
two.)<div><br></div><div>A. Virtual router</div><div>B. Security zone</div><div>C.
ARP entries</div><div>D. Netflow Profile</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">205 A firewall administrator is troubleshooting problems with traffic
passing through the PaloAlto Networks firewall. Which method shows the global
counters associated with the traffic after configuring the appropriate packet
filters?<div><br></div><div>A. From the CLI, issue the show counter global filter
pcap yes command.</div><div>B. From the CLI, issue the show counter global filter
packet-filter yes command.</div><div>C. From the GUI, select show global counters
under the monitor tab.</div><div>D. From the CLI, issue the show counter interface
command for the ingress interface.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">206 Decrypted packets from the website https://www.microsoft.com will appear
as which application and service within the Traffic log?<div><br></div><div>A. web-
browsing and 443</div><div>B. SSL and 80</div><div>C. SSL and 443</div><div>D. web-
browsing and 80</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">207 What are two benefits of nested device groups in Panorama? (Choose
two.)<div><br></div><div>A. Reuse of the existing Security policy rules and
objects</div><div>B. Requires configuring both function and location for every
device</div><div>C. All device groups inherit settings form the Shared
group</div><div>D. Overwrites local firewall configuration</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">208 An administrator using an enterprise PKI needs to establish a unique
chain of trust to ensure mutual authentication between Panorama and the managed
firewalls and Log Collectors.How would the administrator establish the chain of
trust?<div><br></div><div>A. Use custom certificates</div><div>B. Enable LDAP or
RADIUS integration</div><div>C. Set up multi-factor authentication</div><div>D.
Configure strong password authentication</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">209 Which log file can be used to identify SSL decryption failures?
<div><br></div><div>A. Configuration</div><div>B. Threats</div><div>C.
ACC</div><div>D. Traffic</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">21 An administrator has left a firewall to use the default port for all
management services.Which three functions are performed by the dataplane? (Choose
three.)<div><br></div><div>A. WildFire updates</div><div>B. NAT</div><div>C.
NTP</div><div>D. antivirus</div><div>E. File blocking</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">210 In which two types of deployment is active/active HA configuration
supported? (Choosetwo.)<div><br></div><div>A. TAP mode</div><div>B. Layer 2
mode</div><div>C. Virtual Wire mode</div><div>D. Layer 3 mode</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">211 Which three firewall states are valid? (Choose
three.)<div><br></div><div>A. Active</div><div>B. Functional</div><div>C.
Pending</div><div>D. Passive</div><div>E. Suspended</div></div>
</div>

<div class="back">

small">Answer: A D E</div>
</div>

</div>
<div
<div class="front">

small">212 Which two options prevent the firewall from capturing traffic passing
through it? (Choosetwo.)<div><br></div><div>A. The firewall is in multi-vsys
mode.</div><div>B. The traffic is offloaded</div><div>.C. The traffic does not
match the packet capture filter.</div><div>D. The firewall's DP CPU is higher than
50%.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">213 Which setting allow a DOS protection profile to limit the maximum
concurrent sessions from a source IP address?<div><br></div><div>A. Set the type to
Aggregate, clear the session's box and set the Maximum concurrent Sessions to
4000<div>B. Set the type to Classified, clear the session's box and set the Maximum
concurrent Sessions to 4000</div><div>C. Set the type Classified, check the
Sessions box and set the Maximum concurrent Sessions to 4000.</div><div>D. Set the
type to aggregate, check the Sessions box and set the Maximum concurrent Sessions
to 4000</div></div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">214 An administrator wants multiple web servers in the DMZ to receive
connections initiated from the internet.Traffic destined for 206.15.22.9 port
80/TCP needs to be forwarded to the server at 10.1.1.22 Based on the information
shown in the image, which NAT rule will forward web-browsing traffic correctly?
A)B)C)D)<div><br></div><div>A. Option A</div><div>B. Option B</div><div>C. Option
C</div><div>D. Option D</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">215 A company wants to install a PA-3060 firewall between two core switches
on a VLAN trunk link. They need to assign each VLAN to its own zone and to assign
untagged (native) traffic to its own zone which options differentiates multiple
VLAN into separate zones?<div><br></div><div>A. Create VLAN objects for each VLAN
and assign VLAN interfaces matching each VLAN ID. Repeat forevery additional
VLANand use a VLAN ID of 0 for untagged traffic. Assign each
interface/subinterfaceto a unique zone.</div><div>B. Create V-Wire objects with two
V-Wire sub interface and assign only a single VLAN ID to the "TagAllowed field one
of the V-Wire object Repeat for every additional VLAN and use a VIAN ID of 0
foruntagged traffic. Assign each interface/subinterfaceto a unique
zone.</div><div>C. Create V-Wire objects with two V-Wire interfaces and define a
range "0- 4096" in the 'Tag Allowedfiled of the V-Wire object.</div><div>D. Create
Layer 3 sub interfaces that are each assigned to a single VLAN ID and a common
virtualrouter. The physical Layer 3interface would handle untagged traffic. Assign
each interface /subinterface to a unique zone. Do not assign any interface an IP
address<br></div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">216 Which virtual router feature determines if a specific destination IP
address is reachable?<div><br></div><div>A. Heartbeat Monitoring</div><div>B.
Failover</div><div>C. Path Monitoring</div><div>D. Ping-Path</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">217 Which Device Group option is assigned by default in Panorama whenever a
new device group is created to manage a Firewall?<div><br></div><div>A.
Master</div><div>B. Universal</div><div>C. Shared</div><div>D. Global</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">218 Which two virtualized environments support Active/Active High
Availability (HA) in PAN-OS8.0? (Choose two.)<div><br></div><div>A.
KVM</div><div>B. VMware ESX</div><div>C. VMware NSX</div><div>D. AWS</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">219 After pushing a security policy from Panorama to a PA-3020 firwall, the
firewalladministrator notices that traffic logs from the PA-3020 are not appearing
in Panorama's traffic logs.What could be the problem?<div><br></div><div>A. A
Server Profile has not been configured for logging to this Panorama
device.</div><div>B. Panorama is not licensed to receive logs from this particular
firewall.</div><div>C. The firewall is not licensed for logging to this Panorama
device.</div><div>D. None of the firewall's policies have been assigned a Log
Forwarding profile</div></div>
</div>

<div class="back">

</div>
</div>
<div
<div class="front">

small">22 The GlobalProtect Portal interface and IP address have been configured.
Which other valueneeds to be defined to complete the network settings configuration
of GlobalPortect Portal?<div><br></div><div>A. Server Certificate</div><div>B.
Client Certificate</div><div>C. Authentication Profile</div><div>D. Certificate
Profile</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">220 What is the purpose of the firewall decryption broker?
<div><br></div><div>A. Decrypt SSL traffic a then send it as cleartext to a
security chain of inspection tools</div><div>B. Force decryption of previously
unknown cipher suites</div><div>C. Inspection traffic within IPsec
tunnel</div><div>D. Reduce SSL traffic to a weaker cipher before sending it to a
security chain of inspection tools</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">221 To connect the Palo Alto Networks firewall to AutoFocus, which setting
must be enabled?<div><br></div><div>A.
Device>Setup>Services>AutoFocus</div><div>B. Device>
Setup>Management >AutoFocus</div><div>C. AutoFocus is enabled by default on
the Palo Alto Networks NGFW</div><div>D. Device>Setup>WildFire>AutoFocusE.
Device>Setup> Management> Logging and Reporting Settings</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">222 The administrator has enabled BGP on a virtual router on the Palo Alto
Networks NGFW, butnew routes do not seem to be populating the virtual router.Which
two options would help the administrator troubleshoot this issue? (Choose
two.)<div><br></div><div>A. View the System logs and look for the error messages
about BGP.</div><div>B. Perform a traffic pcap on the NGFW to see any BGP
problems.</div><div>C. View the Runtime Stats and look for problems with BGP
configuration.</div><div>D. View the ACC tab to isolate routing issues.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">
small">223 The web server is configured to listen for HTTP traffic on port 8080.
The clients access theweb server using the IP address 1.1.1.100 on TCP Port 80. The
destination NAT rule is configured totranslate both IP address and report to
10.1.1.100 on TCP Port 8080.Which NAT and security rules must be configured on the
firewall? (Choose two)<div><br></div><div>A. A security policy with a source of any
from untrust-I3 Zone to a destination of 10.1.1.100 in dmz-I3zone using web-
browsing application</div><div>B. A NAT rule with a source of any from untrust-I3
zone to a destination of 10.1.1.100 in dmz-zoneusing service-http
service.</div><div>C. A NAT rule with a source of any from untrust-I3 zone to a
destination of 1.1.1.100 in untrust-I3zone using service-http service.</div><div>D.
A security policy with a source of any from untrust-I3 zone to a destination of
1.1.100 in dmz-I3zone using web-browsing application.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">224 A network Administrator needs to view the default action for a specific
spyware signature.The administrator follows the tabs and menus through Objects>
Security Profiles> Anti-Spyware andselect default profile.What should be done
next?<div><br></div><div>A. Click the simple-critical rule and then click
the</div><div>B. Click the Exceptions tab and then click</div><div>C. View the
default actions displayed in the Action column.</div><div>D. Click the Rules tab
and then look for rules with "default" in the Action column.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">225 A network security engineer needs to configure a virtual router using
IPv6 addresses.Which two routing options support these addresses? (Choose
two)<div><br></div><div>A. BGP not sure</div><div>B. OSPFv3</div><div>C.
RIP</div><div>D. Static Route</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">226 Which protection feature is available only in a Zone Protection Profile?
<div><br></div><div>A. SYN Flood Protection using SYN Flood Cookies</div><div>B.
ICMP Flood Protection</div><div>C. Port Scan Protection</div><div>D. UDP Flood
Protections</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">227 Which feature can be configured on VM-Series firewalls?
<div><br></div><div>A. aggregate interfaces</div><div>B. machine
learning</div><div>C. multiple virtual systems</div><div>D.
GlobalProtect</div></div>
</div>
<div class="back">

</div>

</div>
<div
<div class="front">

small">228 Palo Alto Networks maintains a dynamic database of malicious
domains.Which two Security Platform components use this database to prevent
threats? (Choose two)<div><br></div><div>A. Brute-force signatures</div><div>B.
BrightCloud Url Filtering</div><div>C. PAN-DB URL Filtering</div><div>D. DNS-based
command-and-control signatures</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">229 If an administrator does not possess a website's certificate, which SSL
decryption mode willallow the Palo Alto networks NGFW to inspect when users browse
to HTTP(S) websites?<div><br></div><div>A. SSL Forward Proxy</div><div>B. SSL
Inbound Inspection</div><div>C. TLS Bidirectional proxy</div><div>D. SSL Outbound
Inspection</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">23 Refer to the exhibit.An administrator is using DNAT to map two servers to
a single public IP address. Traffic will besteered to the specific server based on
the application, where Host A (10.1.1.100) received HTTPtraffic and host
B(10.1.1.101) receives SSH traffic.Which two security policy rules will accomplish
this configuration? (Choose two)<div><br></div><div>A. Untrust (Any) to Untrust
(10.1.1.1) Ssh-Allow</div><div>B. Untrust (Any) to DMZ (1.1.1.100) Ssh-
Allow</div><div>C. Untrust (Any) to DMZ (1.1.1.100) Web-browsing
-Allow</div><div>D. Untrust (Any) to Untrust (10.1.1.1) Web-browsing
-Allow</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">230 Which three settings are defined within the Templates object of
Panorama? (Choose three.)<div><br></div><div>A. Setup</div><div>B. Virtual
Routers</div><div>C. Interfaces</div><div>D. Security</div><div>E. Application
Override</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">231 How is the Forward Untrust Certificate used?<div><br></div><div>A. It is
used for Captive Portal to identify unknown users.</div><div>B. It is presented to
clients when the server they are connecting to is signed by a certificate
authoritythat is not trusted by firewall.</div><div>C. It issues certificates
encountered on the Untrust security zone when clients attempt to connect to a site
that has be decrypted/</div><div>D. It is used when web servers request a client
certificate.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">232 A session in the Traffic log is reporting the application as
"incomplete." What doesincomplete mean?<div><br></div><div>A. The three-way TCP
handshake did not complete.</div><div>B. The three-way TCP handshake was observed,
but the application could not be identified.</div><div>C. The traffic is coming
across UDP, and the application could not be identified.</div><div>D. Data was
received but was instantly discarded because of a Deny policy was applied before
App-ID could be applied.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">233 Which log file can be used to identify SSL decryption failures?
<div><br></div><div>A. Traffic</div><div>B. Configuration</div><div>C.
Threats</div><div>D. ACC</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">234 Which event will happen if an administrator uses an Application Override
Policy?<div><br></div><div>A. Threat-ID processing time is decreased.</div><div>B.
The Palo Alto Networks NGFW stops App-ID processing at Layer 4.</div><div>C. The
application name assigned to the traffic by the security rule is written to the
Traffic log.</div><div>D. App-ID processing time is increased.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">235 What are the differences between using a service versus using an
application for SecurityPolicy match?<div><br></div><div>A. Use of a "service"
enables the firewall to take action after enough packets allow for App-ID
identification</div><div>B. Use of a "service" enables the firewall to take
immediate action with the first observed packet based on port numbers Use of an
"application" allows the firewall to take action after enough packets allow for
App-ID identification regardless of the ports being used.</div><div>C. There are no
differences between "service" or "application" Use of an "application" simplifies
configuration by allowing use of a friendly application name instead of port
numbers.</div><div>D. Use of a "service" enables the firewall to take immediate
action with the first observed packet based on port numbers. Use of an
"application" allows the firewall to take immediate action it the port being used
is a member of the application standard port list</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">236 Which URL Filtering Security Profile action togs the URL Filtering
category to the URLFiltering log?<div><br></div><div>A. Log</div><div>B.
Alert</div><div>C. Allow</div><div>D. Default</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">237 An administrator pushes a new configuration from Panorama to a pair of
firewalls that are configured as an active/passive HA pair. Which NGFW receives the
configuration from Panorama?<div><br></div><div>A. The Passive firewall, which then
synchronizes to the active firewall</div><div>B. The active firewall, which then
synchronizes to the passive firewall</div><div>C. Both the active and passive
firewalls, which then synchronize with each other</div><div>D. Both the active and
passive firewalls independently, with no synchronization afterward</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">238 Which three options are supported in HA Lite? (Choose
three.)<div><br></div><div>A. Virtual link</div><div>B. Active/passive
deployment</div><div>C. Synchronization of IPsec security associations</div><div>D.
Configuration synchronization</div><div>E. Session synchronization</div></div>
</div>

<div class="back">

small">Answer: B C D</div>
</div>

</div>
<div
<div class="front">

small">239 Which two settings can be configured only locally on the firewall and
not pushed from a Panorama template or template stack? (Choose
two)<div><br></div><div>A. HA1 IP Address</div><div>B. Network Interface
Type</div><div>C. Master Key</div><div>D. Zone Protection Profile</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">24 A distributed log collection deployment has dedicated log Collectors. A
developer needs adevice to send logs to Panorama instead of sending logs to the
Collector Group.What should be done first?<div><br></div><div>A. Remove the cable
from the management interface, reload the log Collector and then re-connectthat
cable</div><div>B. Contact Palo Alto Networks Support team to enter kernel mode
commands to allow adjustments</div><div>C. remove the device from the Collector
Group</div><div>D. Revert to a previous configuration</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">240 How is the Forward Untrust Certificate used?<div><br></div><div>A. It
issues certificates encountered on the Untrust security zone when clients attempt
to connect toa site that has be decrypted/</div><div>B. It is used when web servers
request a client certificate.</div><div>C. It is presented to clients when the
server they are connecting to is signed by a certificate authoritythat is not
trusted by firewall.</div><div>D. It is used for Captive Portal to identify unknown
users.</div></div>
</div>

<div class="back">

</div>
</div>
<div
<div class="front">

small">241 People are having intermittent quality issues during a live meeting via
web application.<div><br></div><div>A. Use QoS profile to define QoS
Classes</div><div>B. Use QoS Classes to define QoS Profile</div><div>C. Use QoS
Profile to define QoS Classes and a QoS Policy</div><div>D. Use QoS Classes to
define QoS Profile and a QoS Policy</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">242 Which three options does the WF-500 appliance support for local
analysis? (Choose three)<div><br></div><div>A. E-mail links</div><div>B. APK
files</div><div>C. jar files</div><div>D. PNG files</div><div>E. Portable
Executable (PE) files</div></div>
</div>

<div class="back">

small">Answer: A C E</div>
</div>

</div>
<div
<div class="front">

small">243 How can a Palo Alto Networks firewall be configured to send syslog
messages in a format compatible with non-standard syslog servers?
<div><br></div><div>A. Enable support for non-standard syslog messages under device
management</div><div>B. Check the custom-format check box in the syslog server
profile</div><div>C. Select a non-standard syslog server profile</div><div>D.
Create a custom log format under the syslog server profile</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">244 An administrator has users accessing network resources through Citrix
XenApp 7 x. WhichUser-ID mapping solution will map multiple users who are using
Citrix to connect to the network andaccess resources?<div><br></div><div>A. Client
Probing</div><div>B. Terminal Services agent</div><div>C.
GlobalProtect</div><div>D. Syslog Monitoring</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">245 VPN traffic intended for an administrator's Palo Alto Networks NGFW is
being maliciouslyintercepted and retransmitted by the interceptor. When creating a
VPN tunnel, which protectionprofile can be enabled to prevent this malicious
behavior?<div><br></div><div>A. Zone Protection</div><div>B. Replay</div><div>C.
Web Application</div><div>D. DoS Protection</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">246 SAML SLO is supported for which two firewall features? (Choose
two.)<div><br></div><div>A. GlobalProtect Portal</div><div>B.
CaptivePortal</div><div>C. WebUI</div><div>D. CLI</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">247 Click the Exhibit button below,A firewall has three PBF rules and a
default route with a next hop of 172.20.10.1 that is configured in the default VR.
A user named Will has a PC with a 192.168.10.10 IP address. He makes an HTTPS
connection to 172.16.10.20.Which is the next hop IP address for the HTTPS traffic
from Will's PC?<div><br></div><div>A. 172.20.30.1</div><div>B.
172.20.40.1</div><div>C. 172.20.20.1</div><div>D. 172.20.10.1</div></div>
</div>

<div class="back">
</div>

</div>
<div
<div class="front">

small">248 What are the two behavior differences between Highlight Unused Rules and
the Rule Usage Hit counter when a firewall is rebooted? (Choose
two.)<div><br></div><div>A. Rule Usage Hit counter will not be reset</div><div>B.
Highlight Unused Rules will highlight all rules.</div><div>C. Highlight Unused
Rules will highlight zero rules.</div><div>D. Rule Usage Hit counter will
reset.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">249 A web server is hosted in the DMZ and the server is configured to listen
for incomingconnections on TCP port 443. A Security policies rules allowing access
from the Trust zone to the DMZzone needs to be configured to allow web-browsing
access. The web server hosts its contents overHTTP(S). Traffic from Trust to DMZ is
being decrypted with a Forward Proxy rule.Which combination of service and
application, and order of Security policy rules, needs to beconfigured to allow
cleartext web- browsing traffic to this server on tcp/443.<div><br></div><div>A.
Rule #1: application: web-browsing; service: application-default; action: allow
Rule #2: application:ssl; service: application-default; action: allow</div><div>B.
Rule #1: application: web-browsing; service: service-https; action: allow Rule #2:
application: ssl;service: application-default; action: allow</div><div>C. Rule # 1:
application: ssl; service: application-default; action: allow Rule #2: application:
webbrowsing;service: application-default; action: allow</div><div>D. Rule #1:
application: web-browsing; service: service-http; action: allow Rule #2:
application: ssl;service: application-default; action: allow</div></div>
</div>
<div class="back">

</div>

</div>
<div
<div class="front">

small">25 An administrator has been asked to configure a Palo Alto Networks NGFW to
provide protection against external hosts attempting to exploit a flaw in an
operating system on an internal system.Which Security Profile type will prevent
this attack?<div><br></div><div>A. Vulnerability Protection</div><div>B. Anti-
Spyware</div><div>C. URL Filtering</div><div>D. Antivirus</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">250 Site-A and Site-B have a site-to-site VPN set up between them. OSPF is
configured to dynamically create the routes between the sites. The OSPF
configuration in Site-A is configured properly, but the route for the tunner is not
being established. The Site-B interfaces in the graphic are using a broadcast Link
Type. The administrator has determined that the OSPF configuration in Site-Bis
using the wrong Link Type for one of its interfaces.Which Link Type setting will
correct the error?<div><br></div><div>A. Set tunnel. 1 to p2p</div><div>B. Set
tunnel. 1 to p2mp</div><div>C. Set Ethernet 1/1 to p2mp</div><div>D. Set Ethernet
1/1 to p2p</div></div>
</div>

<div class="back">
</div>

</div>
<div
<div class="front">

small">251 If the firewall has the link monitoring configuration, what will cause a
failover?<div><br></div><div>A. ethernet1/3 and ethernet1/6 going down</div><div>B.
ethernet1/3 going down</div><div>C. ethernet1/3 or Ethernet1/6 going
down</div><div>D. ethernet1/6 going down</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">252 Auser's traffic traversing a Palo Alto Networks NGFW sometimes can reach
http://www.company.com.At other times the session times out. The NGFW has been
configured with a PBF rule that the user'straffic matches when it goes to
http://www.company.com.How can the firewall be configured automatically disable the
PBF rule if the next hop goes down?<div><br></div><div>A. Create and add a Monitor
Profile with an action of Wait Recover in the PBF rule in question:.</div><div>B.
Create and add a Monitor Profile with an action of Fail Over in the PBF rule in
question:.</div><div>C. Enable and configure a Link Monitoring Profile for the
external interface of the firewall.</div><div>D. Configure path monitoring for the
next hop gateway on the default route in the virtual router.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">253 The certificate information displayed in the following image is for
which type of certificate?Exhibit:<div><br></div><div>A. Forward Trust
certificate</div><div>B. Self-Signed Root CA certificate</div><div>C. Web Server
certificate</div><div>D. Public CA signed certificate</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">254 Which three function are found on the dataplane of a PA-5050? (Choose
three)<div><br></div><div>A. Protocol Decoder</div><div>B. Dynamic
routing</div><div>C. Management</div><div>D. Network Processing</div><div>E.
Signature Match</div></div>
</div>

<div class="back">

small">Answer: B D E</div>
</div>

</div>
<div
<div class="front">

small">255 An administrator needs to upgrade a Palo Alto Networks NGFW to the most
current version of PAN-OS software. The firewall has internet connectivity through
an Ethernet interface, but nointernet connectivity from the management interface.
The Security policy has the default security rules and a rule that allows all web-
browsing traffic from any to any zone. What must the administrator configure so
that the PAN-OS software can be upgraded?<div><br></div><div>A. Security policy
rule</div><div>B. CRL</div><div>C. Service route</div><div>D. Scheduler</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">256 Which two actions would be part of an automatic solution that would
block sites withuntrusted certificates without enabling SSL Forward Proxy? (Choose
two.)<div><br></div><div>A. Create a no-decrypt Decryption Policy
rule.</div><div>B. Configure an EDL to pull IP addresses of known sites resolved
from a CRL.</div><div>C. Create a Dynamic Address Group for untrusted
sites</div><div>D. Create a Security Policy rule with vulnerability Security
Profile attached.</div><div>E. Enable the "Block sessions with untrusted issuers"
setting.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">
small">257 A network engineer has revived a report of problems reaching
98.139.183.24 through vr1 on the firewall. The routing table on this firewall is
extensive and complex.Which CLI command will help identify the issue?
<div><br></div><div>A. test routing fib virtual-router vr1</div><div>B. show
routing route type static destination 98.139.183.24</div><div>C. test routing fib-
lookup ip 98.139.183.24 virtual-router vr1</div><div>D. show routing
interface</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">258 A file sharing application is being permitted and no one knows what this
application is used for.How should this application be blocked?
<div><br></div><div>A. Block all unauthorized applications using a security
policy</div><div>B. Block all known internal custom applications</div><div>C.
Create a WildFire Analysis Profile that blocks Layer 4 and Layer 7
attacks</div><div>D. Create a File blocking profile that blocks Layer 4 and Layer 7
attacks</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">26 How are IPV6 DNS queries configured to user interface ethernet1/3?
<div><br></div><div>A. Network > Virtual Router > DNS Interface</div><div>B.
Objects > CustomerObjects > DNS</div><div>C. Network > Interface
Mgrnt</div><div>D. Device > Setup > Services > Service Route
Configuration</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">27 How does Panorama prompt VMWare NSX to quarantine an infected VM?
<div><br></div><div>A. HTTP Server Profile</div><div>B. Syslog Server
Profile</div><div>C. Email Server Profile</div><div>D. SNMP Server
Profile</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">28 Which three rule types are available when defining policies in Panorama?
(Choose three.)<div><br></div><div>A. Pre Rules</div><div>B. Post
Rules</div><div>C. Default Rules</div><div>D. Stealth Rules</div><div>E. Clean Up
Rules</div></div>
</div>

<div class="back">
</div>

</div>
<div
<div class="front">

small">29 A Palo Alto Networks firewall is being targeted by an NTP Amplification
attack and is beingflooded with tens thousands of bogus UDP connections per second
to a single destination IP addressand post.Which option when enabled with the
correction threshold would mitigate this attack withoutdropping legitirnate traffic
to other hosts insides the network?<div><br></div><div>A. Zone Protection Policy
with UDP Flood Protection</div><div>B. QoS Policy to throttle traffic below maximum
limit</div><div>C. Security Policy rule to deny trafic to the IP address and port
that is under attack</div><div>D. Classified DoS Protection Policy using
destination IP only with a Protect action</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">30 A network security engineer has a requirement to allow an external server
to access aninternal web server.The internal web server must also initiate
connections with the external server.What can be done to simplify the NAT policy?
<div><br></div><div>A. Configure ECMP to handle matching NAT traffic</div><div>B.
Configure a NAT Policy rule with Dynamic IP and Port</div><div>C. Create a new
Source NAT Policy rule that matches the existing traffic and enable the Bi-
directionaloption</div><div>D. Create a new Destination NAT Policy rule that
matches the existing traffic and enable the Bidirectionaloption</div></div>
</div>

<div class="back">
</div>

</div>
<div
<div class="front">

small">31 An administrator has configured a QoS policy rule and a QoS profile that
limits the maximumallowable bandwidth for the YouTube application. However ,
YouTube is consuming more than themaximum bandwidth allotment configured.Which
configuration step needs to be configured to enable QoS?<div><br></div><div>A.
Enable QoS Data Filtering Profile</div><div>B. Enable QoS monitor</div><div>C.
Enable Qos interface</div><div>D. Enable Qos in the interface Management
Profile.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">32 Which feature must you configure to prevent users form accidentally
submitting theircorporate credentials to a phishing website?<div><br></div><div>A.
URL Filtering profile</div><div>B. Zone Protection profile</div><div>C. Anti-
Spyware profile</div><div>D. Vulnerability Protection profile</div></div>
</div>

<div class="back">

</div>
</div>
<div
<div class="front">

small">33 Refer to the exhibit.An administrator cannot see any of the Traffic logs
from the Palo Alto Networks NGFW on Panorama.The configuration problem seems to be
on the firewall side. Where is the best place on the Palo AltoNetworks NGFW to
check whether the configuration is correct?A)B)C)D<div><br></div><div>A. Option
A</div><div>B. Option B</div><div>C. Option C</div><div>D. Option D</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">34 Which logs enable a firewall administrator to determine whether a session
was decrypted?<div><br></div><div>A. Correlated Event</div><div>B.
Traffic</div><div>C. Decryption</div><div>D. Security Policy</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">
small">35 Which method does an administrator use to integrate all non-native MFA
platforms in PANOS software?<div><br></div><div>A. Okta</div><div>B.
DUO</div><div>C. RADIUS</div><div>D. PingID</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">36 A company hosts a publicly accessible web server behind a Palo Alto
Networks nextgenerationfirewall with the following configuration information:*
Users outside the company are in the "Untrust-L3" zone.* The web server physically
resides in the "Trust-L3" zone.* Web server public IP address: 23.54.6.10* Web
server private IP address: 192.168.1.10Which two items must the NAT policy contain
to allow users in the Untrust-L3 zone to access the webserver?(Choose
two.)<div><br></div><div>A. Destination IPof 23.54.6.10</div><div>B. UntrustL3 for
both Source and Destination Zone</div><div>C. Destination IP of
192.168.1.10</div><div>D. UntrustL3 for Source Zone and Trust-L3 for Destination
Zone</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">37 An administrator needs to optimize traffic to prefer business-critical
applications over noncriticalapplications. QoS natively integrates with which
feature to provide service quality?<div><br></div><div>A. Port
Inspection</div><div>B. Certificate revocation</div><div>C. Content-ID</div><div>D.
App-ID</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">38 A global corporate office has a large-scale network with only one User-ID
agent, which creates a bottleneck near the User-ID agent server. Which solution in
PAN-OS software would help in this case?<div><br></div><div>A. Application
override</div><div>B. Redistribution of user mappings</div><div>C. Virtual Wire
mode</div><div>D. Content inspection</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">39 A host attached to Ethernet 1/4 cannot ping the default gateway. The
widget on thedashboard shows Ethernet1/1 and Ethernet 1/4 to be green. The IP
address of Ethernet 1/1 is 192.168.1.7 and the IP address of Ethernet1/4 is
10.1.1.7. The default gateway is attached to Ethernet 1/1. A default route is
properly configured.What can be the cause of this problem?<div><br></div><div>A. No
Zone has been configured on Ethernet 1/4.</div><div>B. Interface Ethernet 1/1 is in
Virtual Wire Mode.</div><div>C. DNS has not been properly configured on the
firewall.</div><div>D. DNS has not been properly configured on the
host.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">40 Which two methods can be used to verify firewall connectivity to
AutoFocus? (Choose two.)<div><br></div><div>A. Verify AutoFocus status using
CLI.</div><div>B. Check the WebUI Dashboard AutoFocus widget.</div><div>C. Check
for WildFire forwarding logs.</div><div>D. Check the license</div><div>E. Verify
AutoFocus is enabled below Device Management tab.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">41 Which three fields can be included in a pcap filter? (Choose
three)<div><br></div><div>A. Egress interface</div><div>B. Source IP</div><div>C.
Rule number</div><div>D. Destination IP</div><div>E. Ingress interface</div></div>
</div>

<div class="back">

small">Answer: B C D</div>
</div>
</div>
<div
<div class="front">

small">42 Which PAN-OS policy must you configure to force a user to provide
additional credentialsbefore he is allowed to access an internal application that
contains highly-sensitive business data?<div><br></div><div>A. Security
policy</div><div>B. Decryption policy</div><div>C. Authentication
policy</div><div>D. Application Override policy</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">43 Which menu item enables a firewall administrator to see details about
traffic that is currentlyactive through the NGFW?<div><br></div><div>A. App
Scope</div><div>B. ACC</div><div>C. Session Browser</div><div>D. System
Logs</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">44 Which three split tunnel methods are supported by a globalProtect
gateway? (Choose three.)<div><br></div><div>A. video streaming
application</div><div>B. Client Application Process</div><div>C. Destination
Domain</div><div>D. Source Domain</div><div>E. Destination user/group</div><div>F.
URL Category</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">45 A customer wants to set up a site-to-site VPN using tunnel interfaces?
Which two formats are correct for naming tunnel interfaces? (Choose
two.)<div><br></div><div>A. Vpn-tunnel.1024</div><div>B. vpn-tunne.1</div><div>C.
tunnel 1025</div><div>D. tunnel. 1</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">46 Which prerequisite must be satisfied before creating an SSH proxy
Decryption policy?<div><br></div><div>A. Both SSH keys and SSL certificates must be
generated.</div><div>B. No prerequisites are required.</div><div>C. SSH keys must
be manually generated.</div><div>D. SSL certificates must be generated.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">47 An administrator has a requirement to export decrypted traffic from the
Palo Alto NetworksNGFW to a third-party, deep-level packet inspection
appliance.Which interface type and license feature are necessary to meet the
requirement?<div><br></div><div>A. Decryption Mirror interface with the Threat
Analysis license</div><div>B. Virtual Wire interface with the Decryption Port
Export license</div><div>C. Tap interface with the Decryption Port Mirror
license</div><div>D. Decryption Mirror interface with the associated Decryption
Port Mirror license</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">48 Which two options support a dedicated log collector function? (Choose
two)<div><br></div><div>A. Panorama virtual appliance on ESX(i) only</div><div>B.
M-500</div><div>C. M-100 with Panorama installed</div><div>D. M-100</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">49 Which processing order will be enabled when a Panorama administrator
selects the settingObjects defined in ancestors will take higher precedence?
<div><br></div><div>A. Descendant objects will take precedence over other
descendant objects.</div><div>B. Descendant objects will take precedence over
ancestor objects.</div><div>C. Ancestor objects will have precedence over
descendant objects.</div><div>D. Ancestor objects will have precedence over other
ancestor objects.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">50 Exhibit:What will be the egress interface if the traffic's ingress
interface is ethernet1/6 sourcing from192.168.111.3 and to the destination
10.46.41.113 during the time shown in the image?<div><br></div><div>A.
ethernet1/7</div><div>B. ethernet1/5</div><div>C. ethernet1/6</div><div>D.
ethernet1/3</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">51 Which authentication source requires the installation of Palo Alto
Networks software, otherthan PAN-OS 7x, to obtain a username-to-IP-address mapping?
<div><br></div><div>A. Microsoft Active Directory</div><div>B. Microsoft Terminal
Services</div><div>C. Aerohive Wireless Access Point</div><div>D. Palo Alto
Networks Captive Portal</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">52 Several offices are connected with VPNs using static IPV4 routes. An
administrator has beentasked with implementing OSPF to replace static routing.Which
step is required to accoumplish this goal?<div><br></div><div>A. Assign an IP
address on each tunnel interface at each site</div><div>B. Enable OSPFv3 on each
tunnel interface and use Area ID 0.0.0.0</div><div>C. Assign OSPF Area ID 0.0.0.0
to all Ethernet and tunnel interfaces</div><div>D. Create new VPN zones at each
site to terminate each VPN connection</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">53 If an administrator wants to decrypt SMTP traffic and possesses the
server's certificate, whichSSL decryption mode will allow the Palo Alto Networks
NGFW to inspect traffic to the server?<div><br></div><div>A. TLS Bidirectional
Inspection</div><div>B. SSL Inbound Inspection</div><div>C. SSH Forward
Proxy</div><div>D. SMTP Inbound Decryption</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">54 When a malware-infected host attempts to resolve a known command-and-
control server,the traffic matches a security policy with DNS sinhole enabled,
generating a traffic log.What will be the destination IP Address in that log entry?
<div><br></div><div>A. The IP Address of sinkhole.paloaltonetworks.com</div><div>B.
The IP Address of the command-and-control server</div><div>C. The IP Address
specified in the sinkhole configuration</div><div>D. The IP Address of one of the
external DNS servers identified in the anti-spyware database</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">55 Which two methods can be used to mitigate resource exhaustion of an
application server?(Choose two)<div><br></div><div>A. Vulnerability
Object</div><div>B. DoS Protection Profile</div><div>C. Data Filtering
Profile</div><div>D. Zone Protection Profile</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">56 Which three authentication factors does PAN-OS software support for MFA
(Choose three.)<div><br></div><div>A. Push</div><div>B. Pull</div><div>C. Okta
Adaptive</div><div>D. Voice</div><div>E. SMS</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">57 Which GlobalProtect Client connect method requires the distribution and
use of machine certificates?<div><br></div><div>A. User-logon (Always
on)</div><div>B. At-boot</div><div>C. On-demand</div><div>D. Pre-logon</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">58 Several offices are connected with VPNs using static IPv4 routes. An
administrator has beentasked with implementing OSPF to replace static routing.Which
step is required to accomplish this goal?<div><br></div><div>A. Assign an IP
address on each tunnel interface at each site</div><div>B. Enable OSPFv3 on each
tunnel interface and use Area ID 0.0.0.0</div><div>C. Assign OSPF Area ID 0.0.0.0
to all Ethernet and tunnel interfaces</div><div>D. Create new VPN zones at each
site to terminate each VPN connection</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">59 A company has a web server behind a Palo Alto Networks next-generation
firewall that itwants to make accessible to the public at 1.1.1.1. The company has
decided to configure adestination NAT Policy rule.Given the following zone
information:*DMZ zone: DMZ-L3*Public zone: Untrust-L3*Guest zone: Guest-L3*Web
server zone: Trust-L3*Public IP address (Untrust-L3): 1.1.1.1*Private IP address
(Trust-L3): 192.168.1.50What should be configured as the destination zone on the
Original Packet tab of NAT Policy rule?<div><br></div><div>A. Untrust-
L3</div><div>B. DMZ-L3</div><div>C. Guest-L3</div><div>D. Trust-L3</div></div>
</div>

<div class="back">

</div>
</div>
<div
<div class="front">

small">60 Which CLI command is used to simulate traffic going through the firewall
and determinewhich Security policy rule, NAT translation, static route, or PBF rule
will be triggered by the traffic?<div><br></div><div>A. check</div><div>B.
find</div><div>C. test</div><div>D. sim</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">61 Firewall administrators cannot authenticate to a firewall GUI.Which two
logs on that firewall will contain authentication-related information useful
introubleshooting this issue? (Choose two.)<div><br></div><div>A. ms
log</div><div>B. authd log</div><div>C. System log</div><div>D. Traffic
log</div><div>E. dp-monitor .log</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">62 The firewall is not downloading IP addresses from MineMeld. Based, on the
image, whatmost likely is wrong?A. <div><br></div><div>A Certificate Profile that
contains the client certificate needs to be selected.</div><div>B. The source
address supports only files hosted with an ftp://.</div><div>C. External Dynamic
Lists do not support SSL connections.</div><div>D. A Certificate Profile that
contains the CA certificate needs to be selected.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">63 An administrator just submitted a newly found piece of spyware for
WildFire analysis. Thespyware passively monitors behavior without the user's
knowledge.What is the expected verdict from WildFire?<div><br></div><div>A. Gray
ware</div><div>B. Malware</div><div>C. Spyware</div><div>D. Phishing</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">64 An administrator creates a custom application containing Layer 7
signatures. The latestapplication and threat dynamic update is downloaded to the
same NGFW. The update contains anapplication that matches the same traffic
signatures as the custom application. Which applicationshould be used to identify
traffic traversing the NGFW?<div><br></div><div>A. Custom application</div><div>B.
System logs show an application error and neither signature is used.</div><div>C.
Downloaded application</div><div>D. Custom and downloaded application signature
files are merged and both are used</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">65 Which two virtualization platforms officially support the deployment of
Palo Alto NetworksVM-Series firewalls? (Choose two.)<div><br></div><div>A. Red Hat
Enterprise Virtualization (RHEV)</div><div>B. Kernel Virtualization Module
(KVM)</div><div>C. Boot Strap Virtualization Module (BSVM)</div><div>D. Microsoft
Hyper-V</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">66 Which three options are available when creating a security profile?
(Choose three)<div><br></div><div>A. Anti-Malware</div><div>B. File
Blocking</div><div>C. Url Filtering</div><div>D. IDS/ISPE. Threat
Prevention</div><div>F. Antivirus</div></div>
</div>

<div class="back">

small">Answer: A B F</div>
</div>

</div>
<div
<div class="front">

small">67 Which three steps will reduce the CPU utilization on the management
plane? (Choose three.)<div><br></div><div>A. Disable SNMP on the management
interface.</div><div>B. Application override of SSL application.</div><div>C.
Disable logging at session start in Security policies.</div><div>D. Disable
predefined reports.</div><div>E. Reduce the traffic being decrypted by the
firewall.</div></div>
</div>

<div class="back">

small">Answer: C D E</div>
</div>

</div>
<div
<div class="front">

small">68 Which Public Key infrastructure component is used to authenticate users
for GlobalProtectwhen the Connect Method is set to pre-logon?<div><br></div><div>A.
Certificate revocation list</div><div>B. Trusted root certificate</div><div>C.
Machine certificate</div><div>D. Online Certificate Status Protocol</div></div>
</div>

<div class="back">

</div>
</div>
<div
<div class="front">

small">69 Which DoS protection mechanism detects and prevents session exhaustion
attacks?<div><br></div><div>A. Packet Based Attack Protection</div><div>B. Flood
Protection</div><div>C. Resource Protection</div><div>D. TCP Port Scan
Protection</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">7 A client is deploying a pair of PA-5000 series firewalls using High
Availability (HA) in Active/Passive mode.Which statement is true about this
deployment?<div><br></div><div>A. The two devices must share a routable floating IP
address</div><div>B. The two devices may be different models within the PA-5000
series</div><div>C. The HA1 IP address from each peer must be on a different
subnet</div><div>D. The management port may be used for a backup control
connection</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">70 When is it necessary to activate a license when provisioning a new Palo
Alto Networks firewall?<div><br></div><div>A. When configuring Certificate
Profiles</div><div>B. When configuring GlobalProtect portal</div><div>C. When
configuring User Activity Reports</div><div>D. When configuring Antivirus Dynamic
Updates</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">71 VPN traffic intended for an administrator's Palo Alto Networks NGFW is
being maliciously intercepted and retransmitted by the interceptor. When creating a
VPN tunnel, which protection profile can be enabled to prevent this malicious
behavior?<div><br></div><div>A. Zone Protection</div><div>B. DoS
Protection</div><div>C. Web Application</div><div>D. Replay</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">72 When backing up and saving configuration files, what is achieved using
only the firewall and is not available in Panorama?<div><br></div><div>A. Load
named configuration snapshot</div><div>B. Load configuration version</div><div>C.
Save candidate config</div><div>D. Export device state</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">73 Which feature prevents the submission of corporate login information into
website forms?<div><br></div><div>A. Data filtering</div><div>B. User-
ID</div><div>C. File blocking</div><div>D. Credential phishing
prevention</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">74 A customer has an application that is being identified as unknown-top for
one of their custom PostgreSQL database connections. Which two configuration
options can be used to correctly categorize their custom database application?
(Choose two.)<div><br></div><div>A. Application Override policy.</div><div>B.
Security policy to identify the custom application.</div><div>C. Custom
application.</div><div>D. Custom Service object.</div></div>
</div>

<div class="back">
</div>

</div>
<div
<div class="front">

small">75 The IT department has received complaints abou VoIP call jitter when the
sales staff is making or receiving calls. QoS is enabled on all firewall
interfaces, but there is no QoS policy written in the rulebase. The IT manager
wants to find out what traffic is causing the jitter in real time when a user
reports the jitter. Which feature can be used to identify, in real time, the
applications taking up the most bandwidth?<div><br></div><div>A. QoS
Statistics</div><div>B. Applications Report</div><div>C. Application Command Center
(ACC)</div><div>D. QoS Log</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">76 When configuring the firewall for packet capture, what are the valid
stage types?<div><br></div><div>A. Receive, management , transmit , and
drop</div><div>B. Receive , firewall, send , and non-syn</div><div>C. Receive
management , transmit, and non-syn</div><div>D. Receive , firewall, transmit, and
drop</div></div>
</div>

<div class="back">

</div>
</div>
<div
<div class="front">

small">77 An administrator sees several inbound sessions identified as unknown-tcp
in the traffic logs.The administrator determines that these sessions are from
external users accessing the company's proprietary accounting application. The
administrator wants to reliably identify this as their accounting application and
to scan this traffic for threats. Which option would achieve this result?
<div><br></div><div>A. Create an Application Override policy and a custom threat
signature for the application</div><div>B. Create an Application Override
policy</div><div>C. Create a custom App-ID and use the "ordered conditions" check
box</div><div>D. Create a custom App ID and enable scanning on the advanced
tab</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">78 A network security engineer is asked to provide a report on bandwidth
usage. Which tab in the ACC provides the information needed to create the report?
<div><br></div><div>A. Blocked Activity</div><div>B. Bandwidth
Activity</div><div>C. Threat Activity</div><div>D. Network Activity</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">79 For which two reasons would a firewall discard a packet as part of the
packet flow sequence?(Choose two )<div><br></div><div>A. equal-cost
multipath</div><div>B. ingress processing errors</div><div>C. rule match with
action "allow"</div><div>D. rule match with action "deny"</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">8 A customer wants to combine multiple Ethernet interfaces into a single
virtual interface using link aggregation. Which two formats are correct for naming
aggregate interfaces? (Choose two.)<div><br></div><div>A. ae.8</div><div>B.
aggregate.1</div><div>C. ae.1</div><div>D. aggregate.8</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">80 Which data flow describes redistribution of user mappings?
<div><br></div><div>A. User-ID agent to firewall</div><div>B. firewall to
firewall</div><div>C. Domain Controller to User-ID agent</div><div>D. User-ID agent
to Panorama</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">81 A company is upgrading its existing Palo Alto Networks firewall from
version 7.0.1 to 7.0.4.Which three methods can the firewall administrator use to
install PAN-OS 8.0.4 across the enterprise?( Choose three)<div><br></div><div>A.
Download PAN-OS 8.0.4 files from the support site and install them on each firewall
after manually uploading.</div><div><br></div><div>B. Download PAN-OS 8.0.4 to a
USB drive and the firewall will automatically update after the USB drive is
inserted in the firewall.</div><div><br></div><div>C. Push the PAN-OS 8.0.4 updates
from the support site to install on each firewall.</div><div><br></div><div>D. Push
the PAN-OS 8.0.4 update from one firewall to all of the other remaining after
updating one firewall.</div><div><br></div><div>E. Download and install PAN-OS
8.0.4 directly on each firewall.</div><div><br></div><div>F. Download and push PAN-
OS 8.0.4 from Panorama to each firewall.</div></div>
</div>

<div class="back">

small">Answer: A C F</div>
</div>

</div>
<div
<div class="front">

small">82 Which Panorama feature allows for logs generated by Panorama to be
forwarded to an external Security Information and Event Management(SIEM) system?
<div><br></div><div>A. Panorama Log Settings</div><div>B. Panorama Log
Templates</div><div>C. Panorama Device Group Log Forwarding</div><div>D. Collector
Log Forwarding for Collector Groups</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">83 Which version of GlobalProtect supports split tunneling based on
destination domain, client process, and HTTP/HTTPS video streaming application?
<div><br></div><div>A. GlobalProtect version 4.0 with PAN-OS 8.1</div><div>B.
GlobalProtect version 4.1 with PAN-OS 8.1</div><div>C. GlobalProtect version 4.1
with PAN-OS 8.0</div><div>D. GlobalProtect version 4.0 with PAN-OS
8.0<br></div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">84 Which four NGFW multi-factor authentication factors are supported by PAN-
OSS? (Choosefour.)<div><br></div><div>A. User logon</div><div>B. Short message
service</div><div>C. Push</div><div>D. SSH key</div><div>E. One-Time
Password</div><div>F. Voice</div></div>
</div>

<div class="back">

small">Answer: B C E F</div>
</div>

</div>
<div
<div class="front">

small">85 Which feature can provide NGFWs with User-ID mapping information?
<div><br></div><div>A. GlobalProtect</div><div>B. Web Captcha</div><div>C. Native
802.1q authentication</div><div>D. Native 802.1x authentication</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">86 Which item enables a firewall administrator to see details about traffic
that is currently activethrough the NGFW?<div><br></div><div>A. ACC</div><div>B.
System Logs</div><div>C. App Scope</div><div>D. Session Browser</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">87 Where can an administrator see both the management plane and data plane
CPU utilization in the WebUI?<div><br></div><div>A. System log</div><div>B. CPU
Utilization widget</div><div>C. Resources widget</div><div>D. System Utilization
log</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">88 A critical US-CERT notification is published regarding a newly discovered
botnet. The malware is very evasive and is not reliably detected by endpoint
antivirus software. Furthermore, SSL is used to tunnel malicious traffic to
command-and-control servers on the internet and SSL Forward Proxy Decryption is not
enabled.Which component once enabled on a perirneter firewall will allow the
identification of existing infected hosts in an environment?<div><br></div><div>A.
Anti-Spyware profiles applied outbound security policies with DNS Query action set
to sinkhole</div><div>B. File Blocking profiles applied to outbound security
policies with action set to alert</div><div>C. Vulnerability Protection profiles
applied to outbound security policies with action set to block</div><div>D.
Antivirus profiles applied to outbound security policies with action set to
alert</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">89 A client is concerned about resource exhaustion because of denial-of-
service attacks against their DNS servers.Which option will protect the individual
servers?<div><br></div><div>A. Enable packet buffer protection on the Zone
Protection Profile.</div><div>B. Apply an Anti-Spyware Profile with DNS
sinkholing.</div><div>C. Use the DNS App-ID with application-default.</div><div>D.
Apply a classified DoS Protection Profile.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">9 A Network Administrator wants to deploy a Large Scale VPN solution. The
Network Administrator has chosen a Global Protect Satellite solution. This
configuration needs to be deployed to multiple remote offices and the Network
Administrator decides to use Panorama to deploy the configurations. How should this
be accomplished?<div><br></div><div>A. Create a Template with the appropriate IKE
Gateway settings</div><div>B. Create a Template with the appropriate IPSec tunnel
settings</div><div>C. Create a Device Group with the appropriate IKE Gateway
settings</div><div>D. Create a Device Group with the appropriate IPSec tunnel
settings</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">90 A session in the Traffic log is reporting the application as
"incomplete." What does incomplete mean?<div><br></div><div>A. The three-way TCP
handshake was observed, but the application could not be identified.</div><div>B.
The three-way TCP handshake did not complete.</div><div>C. The traffic is coming
across UDP, and the application could not be identified.</div><div>D. Data was
received but was instantly discarded because of a Deny policy was applied before
App-IDcould be applied.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">91 An administrator sees several inbound sessions identified as unknown-tcp
in the Traffic logs.The administrator determines that these sessions are form
external users accessing the company's proprietary accounting application. The
administrator wants to reliably identify this traffic as their accounting
application and to scan this traffic for threats.Which option would achieve this
result?<div><br></div><div>A. Create a custom App-ID and enable scanning on the
advanced tab.</div><div>B. Create an Application Override policy.</div><div>C.
Create a custom App-ID and use the "ordered conditions" check box.</div><div>D.
Create an Application Override policy and custom threat signature for the
application.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">92 An administrator needs to implement an NGFW between their DMZ and Core
network. EIGRPRouting between the two environments is required. Which interface
type would support thisbusiness requirement?<div><br></div><div>A. Virtual Wire
interfaces to permit EIGRP routing to remain between the Core and DMZ</div><div>B.
Layer 3 or Aggregate Ethernet interfaces, but configuring EIGRP on subinterfaces
only</div><div>C. Tunnel interfaces to terminate EIGRP routing on an IPsec tunnel
(with the GlobalProtect License tosupport LSVPN and EIGRPprotocols)</div><div>D.
Layer 3 interfaces, but configuring EIGRP on the attached virtual
router</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">93 Which three log-forwarding destinations require a server profile to be
configured? (Choosethree)<div><br></div><div>A. SNMP Trap</div><div>B.
Email</div><div>C. RADIUS</div><div>D. Kerberos</div><div>E. Panorama</div><div>F.
Syslog</div></div>
</div>

<div class="back">

small">Answer: A B F</div>
</div>

</div>
<div
<div class="front">

small">94 An administrator wants a new Palo Alto Networks NGFW to obtain automatic
application updates daily, so it is configured to use a scheduler for the
application database. Unfortunately, they required the management network to be
isolated so that it cannot reach the internet. Which configuration will enable the
firewall to download and install application updates automatically?
<div><br></div><div>A. Configure a Policy Based Forwarding policy rule for the
update server IP address so that traffic sourced from the management interfaced
destined for the update servers goes out of the interface acting as your internet
connection.</div><div>B. Configure a security policy rule to allow all traffic to
and from the update servers.</div><div>C. Download and install application updates
cannot be done automatically if the MGT port cannotreach the internet.</div><div>D.
Configure a service route for Palo Alto networks services that uses a dataplane
interface that canroute traffic to the internet, and create a security policy rule
to allow the traffic from that interface to the update servers if
necessary.</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">95 A company needs to preconfigure firewalls to be sent to remote sites with
the least amount of reconfiguration.Once deployed, each firewall must establish
secure tunnels back to multiple regional data centers to include the future
regional data centers.Which VPN configuration would adapt to changes when deployed
to the future site?<div><br></div><div>A. Preconfigured GlobalProtect
satellite</div><div>B. Preconfigured GlobalProtect client</div><div>C.
Preconfigured IPsec tunnels</div><div>D. Preconfigured PPTP Tunnels</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">96 A host attached to ethernet1/3 cannot access the internet. The default
gateway is attached to ethernet1/4. After troubleshooting. It is determined that
traffic cannot pass from the ethernet1/3to ethernet1/4. What can be the cause of
the problem?<div><br></div><div>A. DHCP has been set to Auto.</div><div>B.
Interface ethernet1/3 is in Layer 2 mode and interface ethernet1/4 is in Layer 3
mode.</div><div>C. Interface ethernet1/3 and ethernet1/4 are in Virtual Wire
Mode.</div><div>D. DNS has not been properly configured on the firewall</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">97 Which CLI command enables an administrator to check the CPU utilization
of the dataplane?<div><br></div><div>A. show running resource-monitor</div><div>B.
debug data-plane dp-cpu</div><div>C. show system resources</div><div>D. debug
running resources</div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">98 A firewall administrator has completed most of the steps required to
provision a standalone Palo Alto Networks Next-Generation Firewall. As a final
step, the administrator wants to test one of the security policies.Which CLI
command syntax will display the rule that matches the test?<div><br></div><div>A.
test security -policy- match source destination destination port protocol
destination destination port protocol <div>C. test security rule source
destination destination port protocol<div>D. show security-policy-match source
destination destination port protocol test security-policy-match
source</div></div></div></div>
</div>

<div class="back">

</div>

</div>
<div
<div class="front">

small">99 Which option is part of the content inspection process?
<div><br></div><div>A. Packet forwarding process</div><div>B. SSL Proxy re-
encrypt</div><div>C. IPsec tunnel encryption</div><div>D. Packet egress
process</div></div>
</div>

<div class="back">

</div>

</div>
</div> 

</div> 
<div class="seo__right-rail-container" id="right-rail">
<div style="padding-left:5px; width: 300px; height: 250px; margin-bottom:20px;">

<div class="card card-ad">
<div id="seo-deck__ad-300by250">
</div>
</div>
</div>
const AD_NAME_MOBILE = 'SB_M_STUDYBLUE_R1_S';
const AD_NAME_DESKTOP = 'SB_D_STUDYBLUE_R1_S';
let widthOfWindow = Math.min(window.innerWidth,

document.documentElement.clientWidth);
if (widthOfWindow < 660){
displayGoogleAd(AD_NAME_MOBILE, 300, 250, "seo-deck__ad-300by250");
}
else {
displayGoogleAd(AD_NAME_DESKTOP, 300, 250, "seo-deck__ad-300by250");
}
</script>
<h2 class="seo__right-rail__content-header">Recent Class Questions</h2>

<div class="seo-deck__other-materials" id="seo-deck__recent-class-questions">
<div class="seo-cat-card__content capitalize-list">
<div class="seo-cat-card__col-one-full-width">
<ul class="content-wrap">
<li>
<h3 class="seo_deck__other-materials-header">
<a href="/notes/hh/teenager-notices-his-new-employer-
likes-boast-matter-background-identity-new-applicants-she-always-
gives/23308382328013398" title="a teenager notices that his new employer likes to
boast that no matter the background and identity of new applicants, she always
gives people equal consideration when it comes to hiring. what sort of sociological
question could be based on this teenager’s observations?" data-material-count="1"
itemprop="name">a teenager notices that his new employer likes to boast that no
matter the background and identity of new applicants, she always gives people equal
consideration when it comes to hiring. what sort of sociological question could be
based on this teenager’s observations?</a>
</h3>
</li>
<li>
<a href="/notes/hh/relative-other-disciplines-
economics-political-science-sociology-engages-interdisciplinary-
research/022115301168347718" title="relative to other disciplines, such as
economics and political science, sociology __________ engage(s) in
interdisciplinary research." data-material-count="2" itemprop="name">relative to
other disciplines, such as economics and political science, sociology __________
engage(s) in interdisciplinary research.</a>
</h3>
</li>
<li>
<a href="/notes/hh/which-following-best-describes-how-
people-commonly-develop-stereotypes/024088064888678991" title="which of the
following best describes how people commonly develop stereotypes" data-material-
count="3" itemprop="name">which of the following best describes how people commonly
develop stereotypes</a>
</h3>
</li>
</ul>
</div>
</div>
</div>
var recentQuestionsCount = "3";
//Added DOMContentLoaded event listener because

//of deferred loading of GA and jQuery scripts
document.addEventListener("DOMContentLoaded",function(){
var itemNo;
try {
if (_gaq){
_gaq.push(['_trackEvent', 'logged out deck', 'view recent
questions', recentQuestionsCount, , '1']);
}
else {
console.error("GA script not loaded yet!");
}
}
catch (e){
console.log(e);
}
$('#seo-deck__recent-class-questions li a').click(function(event) {
event.preventDefault();
var href = this.href;
itemNo = $(this).data("material-count").toString();
try {
if (_gaq){
_gaq.push(['_trackEvent', 'logged out deck', 'click recent
questions', itemNo]);
window.location.href = href;
}
else {
}
}
catch (e){
console.log(e);
}
});
});
</script> </div>
</div> 
<div id="popular-study-materials" class="seo-deck__popular-study-
materials">
<h2 class="seo-cat-card__header">Popular Study Materials from Information And

Communications Technology 3365</h2>
<div class="seo-cat-card seo-deck__other-materials" id="seo-deck__popular-study-
materials">
<div class="seo-cat-card__content capitalize-list">
<div class="seo-cat-card__col-one">
<ul class="content-wrap">
<li class="grid_5">
<h3><a href="/notes/note/n/midterm-mcq/deck/738233"
title="Midterm MCQ" data-material-count="1" class="${doc.type}"
itemprop="name">midterm mcq</a></h3>
</li>
<li class="grid_5">
<h3><a href="/notes/note/n/hdcs-ch-3-the-income-
statement/deck/20014831" title="HDCS Ch. 3 - The Income Statement" data-material-
count="2" class="${doc.type}" itemprop="name">hdcs ch. 3 - the income
statement</a></h3>
</li>
<li class="grid_5">
<h3><a href="/notes/note/n/hdcs-ch-2-the-balance-
sheet/deck/20014642" title="HDCS Ch. 2 - The Balance Sheet" data-material-count="3"
class="${doc.type}" itemprop="name">hdcs ch. 2 - the balance sheet</a></h3>
</li>
</ul>
</div>
</div>
</div>
var popularMaterialsCount = "3";
//Added DOMContentLoaded event listener because

//of deferred loading of GA and jQuery scripts
document.addEventListener("DOMContentLoaded",function(){
var itemNo;
try {
if (_gaq){
_gaq.push(['_trackEvent', 'logged out deck', 'view popular
materials', popularMaterialsCount,, '1']);
}
else {
}
}
catch (e){
console.log(e);
}
$('#seo-deck__popular-study-materials li a').click(function(event) {
event.preventDefault();
var href = this.href;
itemNo = $(this).data("material-count").toString();
try {
if (_gaq){
_gaq.push(['_trackEvent', 'logged out deck', 'click popular
materials', itemNo]);
window.location.href = href;
}
else {
}
}
catch (e){
console.log(e);
}
});
});
</script> </div> 
</div> 
</div> 
</div> 
</section>
</main>
<div class="slideup-banner js-slideup-banner">
<div class="slideup-banner__close js-slide-banner-close"
onClick="removeBanner();"></div>
<div class="slideup-banner__signup">
<p class="slideup-banner__signup-text">Sign up for free and study better.
<br/>Anytime, anywhere.</p>
<p class="slideup-banner__signup-button sbbutton sbbutton--primary js-
button-join">Get started today!</p>
</div>
<div class="slideup-banner__search">
<div class="slideup-banner__search-text">Find materials for your
class:</div>
<div class="slideup-banner__search-block">
<div id="slideup-banner__search-school"></div>
<div id="slideup-banner__search-class"></div>
<p class="header-search class-search-icon search-logo js-search-
button"></p>
</div>
</div>
<div class="slideup-banner__mobile">
<div class="slideup-banner__mobile-text">Download our app to study better.
Anytime, anywhere.</div>
</div>
</div>
function removeBanner() {
$('.slideup-banner').removeClass('slide-in');
}
</script> <footer class="seo-footer">
<div class="footer__links-container">
<div class="footer__links">
<div class="footer__links-col">
<div class="footer__links-col-header">COMPANY</div>
<a href="/about-us">About Us</a>
<a href="https://www.studyblue.com/contact-us">Contact</a>
<a href="https://help.studyblue.com">Help</a>
</div>
<div class="footer__links-col">
<div class="footer__links-col-header">STUDY MATERIALS</div>
<a href="https://www.studyblue.com/notes">By College</a>
<a href="https://www.studyblue.com/notes/high-schools">By High
School</a>
<a href="https://www.studyblue.com/notes/international">By
Country</a>
</div>
</div>
<div class="footer__app-links">
<p class="footer__app-text"> Download our app to study better. Anytime,
anywhere.</p>
<div class="footer__badges">
<a onClick="_gaq.push(['_trackEvent', 'app_store_apple',
'mobile_app_footer_click', location.pathname])"
class="apple-store-logo"
href="https://itunes.apple.com/us/app/studyblue/id323887414" target="_blank">
<span>Download on the App Store</span>
</a>
<a onClick="_gaq.push(['_trackEvent', 'lapp_store_apple',
'mobile_app_footer_click', location.pathname])"
class="google-store-logo"
href="https://play.google.com/store/apps/details?id=com.studyblue" target="_blank">
<span>Get it on Google Play</span>
</a>
</div>
</div>
<hr class="footer__mobile-divider">
</div>
<hr class="footer__desktop-divider">
<div class="footer__other-links-container">
<div class="studyblue-logo">
</div>
<div class="footer__notice">
<div class="footer__other-links">
<div id="copy-year" class="footer__copyright">
©2018 StudyBlue Inc. All rights reserved.
</div>
<div class="footer__copyright">
<a href="http://www.studyblue.com/about/legal">Legal, </a>
<a href="http://www.studyblue.com/about/legal/terms">Terms
</a> & <a href="http://www.studyblue.com/about/legal/privacy"> Privacy</a>
</div>
</div>
<div class="footer__social-links">
<div class="footer__social-links-text">
Follow us, we're friendly!
</div>
<div class="footer__social-link-icons">
<a class="footer__facebook-icon icon"
href="https://www.facebook.com/studyblue/">
<span class="footer__facebook-icon icon"></span>
</a>
<a class="footer__instagram-icon icon"
href="https://www.instagram.com/studyblue/">
<span class="footer__instagram-icon icon"></span>
</a>
<a class="footer__twitter-icon icon"
href="https://www.twitter.com/studyblue">
<span class="footer__twitter-icon icon"> </span>
</a>
<a class="footer__linkedin-icon icon"
href="https://www.linkedin.com/company/studyblue/">
<span class="footer__linkedin-icon icon"> </span>
</a>
<a class="footer__pinterest-icon icon"
href="https://www.pinterest.com/studyblue/">
<span class="footer__pinterest-icon icon"> </span>
</a>
</div>
</div>
</div>
</div>
</footer>
<div class="conversion-footer">


function signupCompleted() {

dataLayer.push({
'event': 'signup',
'pricePaid': '0'
});
window.optimizely.push(["trackEvent", "successfulSignup"]);
}
SB.signupCompleted = function(){

dataLayer.push({
'event': 'signup',
'pricePaid': '0'
});
}
</script></div>
<script
src="https://webassets.studyblue.com/static/bundle/runtime.3f7d12e7c1f182b7e1f6.js"
charset="utf-8"></script><script
src="https://webassets.studyblue.com/static/bundle/commons.1edcf7b694b8f9423a42.js"
charset="utf-8"></script><script
src="https://webassets.studyblue.com/static/bundle/loggedOut.6fbbc502f32d4b6714f7.j
s" charset="utf-8"></script>



var _gaq = _gaq || [];
var gaAccount = (window.location.host.indexOf('127.0.0.1') > -1 ||
window.location.host.indexOf('localhost') > -1 ||
window.location.host.indexOf('staging.studyblue.com') > -1 ||
window.location.host.indexOf('dev.studyblue.com') > -1) ? gaAccount = "UA-2252691-
5" : gaAccount = "UA-2252691-6";
_gaq.push(['_setAccount', gaAccount]);
_gaq.push(['_trackPageview']);
</script>

<div id="fb-root"></div>
<script>
// load the FB SDK
(function (d) {
try {
var id = 'facebook-jssdk';
if (d.getElementById(id)) return;
var js = d.createElement('script');
js.id = id;
js.async = true;
js.src = '//connect.facebook.net/en_US/sdk.js';
var firstScriptTag = d.getElementsByTagName('script')[0];

firstScriptTag.parentNode.insertBefore(js, firstScriptTag);
} catch (e) {
console.error("could not load FB sdk");
}
}(document));
// call FB.init() when the SDK finishes loading

window.fbAsyncInit = function () {
var channelUrl = document.location.protocol
+ '//'
+ document.location.host
+ '/css/javascripts/channel.html';
try {
FB.init({
appId: '102540830008',
status: true,
cookie: true,
version: 'v3.1',
xfbml: true,
channelUrl: channelUrl,
});
} catch (e) {
console.error("could not initialize FB sdk");
}
};
</script>
</div>
</body>
</html>
<script>
function overlayOff() {
document.getElementById("overlay").style.display = "none";
//remove search activated class
$("#main-nav").removeClass("is-search-activated");
clicked");
}
$(document).on("pagecreate",".logged-out-main",function(){
$("#overlay").on("tap",function(){
$(this).hide();
//remove search activated class
$("#main-nav").removeClass("is-search-activated");
clicked");
});
});
</script>

PCNSEcode

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

PCNSEcode

Hochgeladen von

Copyright:

Verfügbare Formate

<!

<link rel="icon" type="image/png" href="/css/images/favicon.ico"/>

<link rel="stylesheet" type="text/css"

<meta id="fbAppIdProd" property="fb:app_id" content="102540830008"/>

<meta property="og:title" content="PCNSE Exam - Information And Communications

// Prefer the new Adjust attribution

<div class="main_nav main-nav__left main-nav__menu-item">

$('#main-nav__search-class input').prop('disabled', true);

$('#main-nav__search-school input').on('input', function(event) {

//Remove error class

$('#slideup-banner__search-school input').on('input', function(event) {

//Remove error class

$('#main-nav__mobile-search-school input').on('input', function(event) {

//Remove error class

// Case I: No entry in school input field or field cleared

var ad = googletag.defineSlot(s, size, id);

for(var key in targets) {

<div id="deck-preview-toolbar__right" class="toolbar__right">

<section class="content-block content-block-body">

<li> Pcnse Exam</li>

<div class="card js-button-join" id="card1" onClick="_gaq.push(['_trackEvent',

<div class="side side-text">

</div>

<div class="side side-text">

</div>

<div class="side side-text">

</div>

<div class="side side-text">

</div>

<div class="side side-text">

</div>

<div class="side side-text">

</div>

<div class="side side-text">

</div>

<div class="side side-text">

</div>

<div class="side side-text">

</div>

<div class="side side-text">

</div>

<div class="side side-text">

</div>

<div class="side side-text">

</div>

<div class="side side-text">

</div>

<div class="side side-text">

</div>

</div>

<div class="side side-text">

</div>

<div class="side side-text">

</div>

<div class="side side-text">

</div>

<div class="side side-text">

</div>

<div class="side side-text">

</div>

<div class="side side-text">

</div>

<div class="side side-text">

<div class="main_nav main-navleft main-navmenu-item">

<div id="deck-preview-toolbarright" class="toolbarright">