NEW QUESTION 1
When configuring a GlobalProtect Portal, what is the purpose of specifying an Authentication Profile?

• A. To enable Gateway authentication to the Portal
• B. To enable Portal authentication to the Gateway
• C. To enable user authentication to the Portal
• D. To enable client machine authentication to the Portal

Answer: C

Explanation: The additional options of Browser and Satellite enable you to specify the authentication profile to use for specific scenarios. Select Browser to specify the authentication profile to use to authenticate a user accessing the portal from a web browser with the intent of downloading the GlobalProtect agent (Windows and Mac). Select Satellite to specify the authentication profile to use to authenticate the satellite. Referencehttps://www.paloaltonetworks.com/documentation/71/pan-os/web-interface-help/globalprotect/network-globalprotect-portals

NEW QUESTION 2
How can a Palo Alto Networks firewall be configured to send syslog messages in a format compatible with non-standard syslog servers?

• A. Enable support for non-standard syslog messages under device management
• B. Check the custom-format check box in the syslog server profile
• C. Select a non-standard syslog server profile
• D. Create a custom log format under the syslog server profile

Answer: D

NEW QUESTION 3
Support for which authentication method was added in PAN-OS 7.0?

• A. RADIUS
• B. LDAP
• C. Diameter
• D. TACACS+

Answer: D

NEW QUESTION 4
What are two benefits of nested device groups in Panorama? (Choose two.)

• A. Reuse of the existing Security policy rules and objects
• B. Requires configuring both function and location for every device
• C. All device groups inherit settings form the Shared group
• D. Overwrites local firewall configuration

Answer: BC

NEW QUESTION 5
To connect the Palo Alto Networks firewall to AutoFocus, which setting must be enabled?

• A. Device>Setup>Services>AutoFocus
• B. Device> Setup>Management >AutoFocus
• C. AutoFocus is enabled by default on the Palo Alto Networks NGFW
• D. Device>Setup>WildFire>AutoFocus
• E. Device>Setup> Management> Logging and Reporting Settings

Answer: B

NEW QUESTION 6
If a template stack is assigned to a device and the stack includes three templates with overlapping settings, which settings are published to the device when the template stack is pushed?

• A. The settings assigned to the template that is on top of the stack.
• B. The administrator will be promoted to choose the settings for that chosen firewall.
• C. All the settings configured in all templates.
• D. Depending on the firewall location, Panorama decides with settings to send.

Answer: B

NEW QUESTION 7
What are three valid actions in a File Blocking Profile? (Choose three)

• A. Forward
• B. Block
• C. Alret
• D. Upload
• E. Reset-both
• F. Continue

Answer: ABC

Explanation: https://live.paloaltonetworks.com/t5/Configuration-Articles/File-Blocking-Rulebase-and-Action-Precedence/ta-p/53623

NEW QUESTION 8
An administrator wants multiple web servers in the DMZ to receive connections initiated from the internet. Traffic destined for 206.15.22.9 port 80/TCP needs to be forwarded to the server at 10.1.1.22
Based on the information shown in the image, which NAT rule will forward web-browsing traffic correctly?

A.
B.
C.
D.

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: C

NEW QUESTION 9
A network security engineer for a large company has just installed a PA-5060 Firewall to isolate the company’s PCI environment from its production network. The company’s engineers made configuration changes to the switches on both network segments, and connected them to the new firewall.
Soon after the cutover, however, users began to complain about latency and some servicers stopped communicating. There are no security policies that deny traffic between the two networks segments. You suspect that there is an interface misconfiguration on Ethernet 1/1.
Which two commands should be used to troubleshoot the issue? (Choose two)

• A. show interface hardware
• B. show interface management
• C. show interface ethernet1/1
• D. show interface logical

Answer: CD

NEW QUESTION 10
Which URL Filtering Security Profile action togs the URL Filtering category to the URL Filtering log?

• A. Log
• B. Alert
• C. Allow
• D. Default

Answer: B

NEW QUESTION 11
Which authentication source requires the installation of Palo Alto Networks software, other than PAN-OS 7x, to obtain a username-to-IP-address mapping?

• A. Microsoft Active Directory
• B. Microsoft Terminal Services
• C. Aerohive Wireless Access Point
• D. Palo Alto Networks Captive Portal

Answer: B

NEW QUESTION 12
Which two virtualized environments support Active/Active High Availability (HA) in PAN-OS 7.0? (Choose two.)

• A. KVM
• B. VMware ESX
• C. VMware NSX
• D. AWS

Answer: AB

NEW QUESTION 13
How can a candidate or running configuration be copied to a host external from Panorama?

• A. Commit a running configuration.
• B. Save a configuration snapshot.
• C. Save a candidate configuration.
• D. Export a named configuration snapshot.

Answer: D

NEW QUESTION 14
An administrator is configuring an IPSec VPN to a Cisco ASA at the administrator's home and experiencing issues completing the connection. the following is the output from the command:

What could be the cause of this problem?

• A. The dead peer detection settings do not match between the Palo Alto Networks Firewall and the ASA.
• B. The Proxy IDs on the Palo Alto Networks Firewall do not match the setting on the ASA.
• C. The public IP addresses do not match for both the Palo Alto Networks Firewall and the ASA.
• D. The shared secrets do not match between the Palo Alto Networks Firewall and the ASA.

Answer: C

NEW QUESTION 15
Which URL Filtering Security Profile action logs the URL Filtering category to the URL Filtering log?

• A. Log
• B. Alert
• C. Allow
• D. Default

Answer: B

Explanation: https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/url- filtering/url-filtering-profile-actions

NEW QUESTION 16
The GlobalProtect Portal interface and IP address have been configured. Which other value needs to be defined to complete the network settings configuration of GlobalPortect Portal?

• A. Server Certificate
• B. Client Certificate
• C. Authentication Profile
• D. Certificate Profile

Answer: A

Explanation: (https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure- GlobalProtect/ta-p/58351)