Palo Alto 2024 Exam Questions with
Revised Answers
What does "Load configuration version" do? - Answer-Restore a previous version of the
running configuration that is stored on the firewall.
The firewall creates a version whenever you commit configuration changes.
What does "Import named configuration snapshot" do? - Answer-Restore a running or
candidate configuration that you previously exported to an external host.
What does "Import device state" do? - Answer-Restore state information that you
exported from a firewall.
It includes the running config, device group and template settings from Panaroma
If the firewall is a GlobalProtect portal, the information also includes certificate
information, a list of satellites, and satellite authentication information.
What does a 'commit lock' do? - Answer-Blocks other admins from committing the
candidate configuration
What does a 'config lock' do? - Answer-Blocks other admins from changing the
candidate configuration
Who can remove locks? - Answer-The administrator that created them, or an admin with
SuperUser privileges
Which four items are possible network traffic match criteria in a Security policy on a
Palo Alto networks firewall (choose. four)
A. Source Zone
B. Username
C. DNS Domain
D. URL
E. Application - Answer-A. Source Zone
B. Username
D. URL
E. Application
Which of the three types of Security policy rules that can be created is the default rule
type?
A. Intrazone
B. Interzone
C. Universal - Answer-C. Universal
,True or False? The intrazone-default and interzone-default rules cannot be modified?
A. True
B. False - Answer-B. False
True or False? Logging on intrazone-default and interzone-default Security policy rules
is enabled by default
A. True
B. False - Answer-B. False
Which item is the name of an object that dynamically groups applications based on
application attributes that you define: Category, Subcategory, Technology, Risk, and
Characteristic?
A. Application
B. Application Filter
C. Application Group
D. Application Profile - Answer-B. Application Filter
True or False? In Palo Alto network terms, an application is a specific program or
feature that can be detected, monitored, and blocked if neccessary.
A. True
B. False - Answer-A. True
Before App-ID would identify traffic as facebook-base, it would first identify the traffic as
which application?
A. unknown-tcp
B. unknown-udp
C. web-browsing - Answer-C. web-browsing
Which three statements are true regarding App-ID? (choose three.)
A. It addresses the traffic classification limitations of traditional firewalls
B. It is the Palo Alto Networks traffic classification mechanism
C. It uses multiple identification mechanisms to determine the exact identity of
applications traversing the network
D. It is still in developmental stage and is not yet released - Answer-A. It addresses the
traffic classification limitations of traditional firewalls
B. It is the Palo Alto Networks traffic classification mechanism
C. It uses multiple identification mechanisms to determine the exact identity of
applications traversing the network
True or False? Application groups can contain applications, filters, or other application
groups.
A. True
B. False - Answer-A. True
, An Antivirus Security Profile specifies Actions and WildFire Actions. Wildfire Actions
enable you to configure the firewall to perform which operation?
A. Delete packet data when a virus is suspected.
B. Download new antivirus signatures from WildFire.
C. Block traffic when a WildFire virus signature is detected.
D. Upload traffic to WildFire when a virus is suspected. - Answer-D. Upload traffic to
WildFire when a virus is suspected.
An Interface Management Profile can be attached to which two interface types?
(Choose two.)
A. Tap
B. Layer 2
C. Loopback
D. Layer 3
E. Virtual Wire - Answer-C. Loopback
D. Layer 3
App-ID running on a firewall identifies applications using which three methods? (Choose
three.)
A. PAN-DB lookups
B. WildFire lookups
C. Application signatures
D. Program heuristics
E. Known protocol decoders - Answer-C. Application signatures
D. Program heuristics
E. Known protocol decoders
Application block pages can be enabled for which applications?
A. any
B. web-based
C. MGT port-based
D. non-TCP/IP - Answer-B. web-based
Because a firewall examines every packet in a session, a firewall can detect application
________?
A. shifts
B. errors
C. groups
D. filters - Answer-A. shifts
Revised Answers
What does "Load configuration version" do? - Answer-Restore a previous version of the
running configuration that is stored on the firewall.
The firewall creates a version whenever you commit configuration changes.
What does "Import named configuration snapshot" do? - Answer-Restore a running or
candidate configuration that you previously exported to an external host.
What does "Import device state" do? - Answer-Restore state information that you
exported from a firewall.
It includes the running config, device group and template settings from Panaroma
If the firewall is a GlobalProtect portal, the information also includes certificate
information, a list of satellites, and satellite authentication information.
What does a 'commit lock' do? - Answer-Blocks other admins from committing the
candidate configuration
What does a 'config lock' do? - Answer-Blocks other admins from changing the
candidate configuration
Who can remove locks? - Answer-The administrator that created them, or an admin with
SuperUser privileges
Which four items are possible network traffic match criteria in a Security policy on a
Palo Alto networks firewall (choose. four)
A. Source Zone
B. Username
C. DNS Domain
D. URL
E. Application - Answer-A. Source Zone
B. Username
D. URL
E. Application
Which of the three types of Security policy rules that can be created is the default rule
type?
A. Intrazone
B. Interzone
C. Universal - Answer-C. Universal
,True or False? The intrazone-default and interzone-default rules cannot be modified?
A. True
B. False - Answer-B. False
True or False? Logging on intrazone-default and interzone-default Security policy rules
is enabled by default
A. True
B. False - Answer-B. False
Which item is the name of an object that dynamically groups applications based on
application attributes that you define: Category, Subcategory, Technology, Risk, and
Characteristic?
A. Application
B. Application Filter
C. Application Group
D. Application Profile - Answer-B. Application Filter
True or False? In Palo Alto network terms, an application is a specific program or
feature that can be detected, monitored, and blocked if neccessary.
A. True
B. False - Answer-A. True
Before App-ID would identify traffic as facebook-base, it would first identify the traffic as
which application?
A. unknown-tcp
B. unknown-udp
C. web-browsing - Answer-C. web-browsing
Which three statements are true regarding App-ID? (choose three.)
A. It addresses the traffic classification limitations of traditional firewalls
B. It is the Palo Alto Networks traffic classification mechanism
C. It uses multiple identification mechanisms to determine the exact identity of
applications traversing the network
D. It is still in developmental stage and is not yet released - Answer-A. It addresses the
traffic classification limitations of traditional firewalls
B. It is the Palo Alto Networks traffic classification mechanism
C. It uses multiple identification mechanisms to determine the exact identity of
applications traversing the network
True or False? Application groups can contain applications, filters, or other application
groups.
A. True
B. False - Answer-A. True
, An Antivirus Security Profile specifies Actions and WildFire Actions. Wildfire Actions
enable you to configure the firewall to perform which operation?
A. Delete packet data when a virus is suspected.
B. Download new antivirus signatures from WildFire.
C. Block traffic when a WildFire virus signature is detected.
D. Upload traffic to WildFire when a virus is suspected. - Answer-D. Upload traffic to
WildFire when a virus is suspected.
An Interface Management Profile can be attached to which two interface types?
(Choose two.)
A. Tap
B. Layer 2
C. Loopback
D. Layer 3
E. Virtual Wire - Answer-C. Loopback
D. Layer 3
App-ID running on a firewall identifies applications using which three methods? (Choose
three.)
A. PAN-DB lookups
B. WildFire lookups
C. Application signatures
D. Program heuristics
E. Known protocol decoders - Answer-C. Application signatures
D. Program heuristics
E. Known protocol decoders
Application block pages can be enabled for which applications?
A. any
B. web-based
C. MGT port-based
D. non-TCP/IP - Answer-B. web-based
Because a firewall examines every packet in a session, a firewall can detect application
________?
A. shifts
B. errors
C. groups
D. filters - Answer-A. shifts
