A client downloads a malicious file from the internet. The Palo Alto firewall
has a valid WildFire subscription. The Security policy rule shown above
matches the client HTTP session: Which three actions take place when the
firewall's Content-ID engine detects a virus in the file and the decoder
action is set to "block"? (Choose three.) Correct Ans - A threat log
entry is generated.
The file download is terminated.
The client receives a block page.
A company has a pair of PA-3050s running PAN-OS 6.0.4. Antivirus, Threat
Prevention, and URL Filtering Profiles are in place and properly configured
on both inbound and outbound policies. A Security Operation Center (SOC)
engineer starts his shift and faces the traffic logs presented in the
screenshot shown above. He notices that the traffic is being allowed
outbound. Which actions should the SOC engineer take to safely allow
known but not yet qualified applications, without disrupting the remaining
traffic policies? Correct Ans - Create Application Override policies
after a packet capture to identify the applications that are triggering the
"unknown-tcp". Then create new custom applications for those policies,
and add these new policies above the current policy that allows the traffic.
A company has a Palo Alto Networks firewall configured with the following
three zones: Internet DMZ Inside. All users are located on the Inside zone
and are using public DNS servers for name resolution. The company hosts a
publicly accessible web application on a server in the DMZ zone. Which
NAT rule configuration will allow users on the Inside zone to access the
web application using its public IP address? Correct Ans - Three
zone U-turn NAT
A company has a Palo Alto Networks firewall configured with the following
three zones: Untrust-L3 DMZ Trust-L3. The company hosts a publicly
accessible web application on a server that resides in the Trust-L3 zone.
The web server is associated with the following IP addresses: Web Server
Public IP: 2.2.2.1/24 , Web Server Private IP: 192.168.1.10/24 . The
security administrator configures the following two-zone U-Turn NAT rule
, to allow users using 10.10.1.0/24 on the "Trust-L3" zone to access the web
server using its public IP address in the Untrust-L3 zone: Which statement
is true in this situation? Correct Ans - The traffic will be considered
intra-zone based on the translated destination zone.
A company is deploying a pair of PA-5060 firewalls in an environment
requiring support for asymmetric routing. Which High Availability (HA)
mode best supports this design requirement? Correct Ans - Active-
Active mode
A company policy dictates that logs must be retained in their original
format for a period of time that would exceed the space limitations of the
Palo Alto Networks firewall's internal storage. Which two options will
allow the company to meet this requirement? (Choose two.) Correct
Ans - Palo Alto Networks Log Collector
Panorama Virtual Machine with NFS storage
A company uses Active Directory and RADIUS to capture User-ID
information and implement user-based policies to control web access.
Many Linux and Mac computers in the environment that do not have IP-
address-to-user mappings. What is the best way to collect user information
for those systems? Correct Ans - Use Captive Portal to capture user
information
A company wants to run their pair of PA-200 firewalls in a High Availability
active/passive mode and will be using HA-Lite. Which capability can be
used in this situation? Correct Ans - Configuration Sync
A Management Profile to allow SSH access has been created and applied to
interface ethernet1/1. A security rule with the action "deny" is applied to
packets from "any" source zone to "any" destination zone. What will
happen when someone attempts to initiate an SSH connection to
ethernet1/1? Correct Ans - SSH access to the interface will be
denied because intra-zone traffic is denied.
A network administrator needs to view the default action for a specific
spyware signature. The administrator follows the tabs and menus through
Objects > Security Profiles > Anti-Spyware, and selects the default Profile.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Studyhall. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.49. You're not tied to anything after your purchase.