Which method will dynamically register tags on the Palo Alto Networks NGFW?

A. Restful API or the VMWare API on the firewall or on the User-ID agent or the read-only domain controller (RODC)

B. Restful API or the VMware API on the firewall or on the User-ID agent

C. XML-API or the VMware API on the firewall or on the User-ID agent or the CLI

D. XML API or the VM Monitoring agent on the NGFW or on the User-ID agent

Which two virtualization platforms officially support the deployment of Palo Alto Networks VM- Series firewalls? (Choose two.)

A. Red Hat Enterprise Virtualization (RHEV)

B. Kernel Virtualization Module (KVM)

C. Boot Strap Virtualization Module (BSVM)

D. Microsoft Hyper-V

Which protection feature is available only in a Zone Protection Profile?

A. SYN Flood Protection using SYN Flood Cookies

B. ICMP Flood Protection

C. Port Scan Protection

D. UDP Flood Protections

If an administrator does not possess a website's certificate, which SSL decryption mode will allow the Palo Alto networks NGFW to inspect when users browse to HTTP(S) websites?

A. SSL Forward Proxy

B. SSL Inbound Inspection

C. TLS Bidirectional proxy

D. SSL Outbound Inspection

Which three firewall states are valid? (Choose three.)

A. Active

B. Functional

C. Pending

D. Passive

E. Suspended

Which virtual router feature determines if a specific destination IP address is reachable?

A. Heartbeat Monitoring

B. Failover

C. Path Monitoring

D. Ping-Path

A company wants to install a PA-3060 firewall between two core switches on a VLAN trunk link. They need to assign each VLAN to its own zone and to assign untagged (native) traffic to its own zone, which options differentiates multiple VLAN into separate zones?

A. Create VLAN objects for each VLAN and assign VLAN interfaces matching each VLAN ID. Repeat for every additional VLANand use a VLAN ID of 0 for untagged traffic. Assign each interface/subinterface to a unique zone.

B. Create V-Wire objects with two V-Wire sub interface and assign only a single VLAN ID to the "Tag Allowed field one of the V-Wire object Repeat for every additional VLAN and use a VIAN ID of 0 for untagged traffic. Assign each interface/ subinterfaceto a unique zone.

C. Create V-Wire objects with two V-Wire interfaces and define a range "0- 4096" in the 'Tag Allowed filed of the V-Wire object.

D. Create Layer 3 sub interfaces that are each assigned to a single VLAN ID and a common virtual router. The physical Layer 3interface would handle untagged traffic. Assign each interface /subinterface to a unique zone. Do not assign any interface anIP address

Given the following table.

Which configuration change on the firewall would cause it to use 10.66.24.88 as the next hop for the 192.168.93.0/30 network?

A. Configuring the administrative Distance for RIP to be lower than that of OSPF Int.

B. Configuring the metric for RIP to be higher than that of OSPF Int.

C. Configuring the administrative Distance for RIP to be higher than that of OSPF Ext.

D. Configuring the metric for RIP to be lower than that OSPF Ext.

Which two methods can be used to mitigate resource exhaustion of an application server? (Choose two)

A. Vulnerability Object

B. DoS Protection Profile

C. Data Filtering Profile

D. Zone Protection Profile

Which two actions are required to make Microsoft Active Directory users appear in a firewall traffic log? (Choose two.)

A. Run the User-ID Agent using an Active Directory account that has "event log viewer" permissions

B. Enable User-ID on the zone object for the destination zone

C. Run the User-ID Agent using an Active Directory account that has "domain administrator" permissions

D. Enable User-ID on the zone object for the source zone

E. Configure a RADIUS server profile to point to a domain controller