Palo Alto Networks publishes updated Command and Control signatures. How frequently should the related signatures schedule be set?

A. Once an hour

B. Once every minute

C. Once a week

D. Once a day

A service provider has acquired a pair of PA-7080s for its data center to secure its customer base's traffic. The server provider's traffic is largely generated by smart phones and averages 6,000,000 concurrent sessions.

Which Network Processing Card should be recommended in the Bill of Materials?

A. PA-7000-40G-NPC

B. PA-7000-20GQ-NPC

C. PA-7000-20GQXM-NPC

D. PA-7000-20G-NPC

DNS sinkholing helps identify infected hosts on the protected network using DNS traffic in situations where the firewall cannot see the infected client's DNS query (that is, the firewall cannot see the originator of DNS query)

Which of the following Statements is true?

A. DNS Sinkholing requires the Vulnerability Protection Profile be enabled.

B. Sinkholing malware DNS queries solves this visibilty problem by forging responses to the client host queries directed at fake domains created in a controlled "Fake Internet" called Zanadu which designed for testing and honeypots.

C. Infected hosts can then be easily identified in the traffic logs because any host that attempts to connect the sinkhole IP address are most likely infected with malware.

D. DNS Sinkholing requires a license SinkHole license in order to activate.

What are the two group options for database when creating a custom report? (Choose two)

A. Oracle

B. SQL

C. Detailed Logs

D. Summary Databases

A customer is seeing an increase in the number of malicious files coming in from undetectable sources in

their network.

These files include doc and .pdf file types. The customer believes that someone has clicked an email that

might have contained a malicious file type. The customer already uses a firewall with User-ID enabled.

Which feature must also be enabled to prevent these attacks?

A. WildFire

B. App-ID

C. Custom App-ID rules

D. Content Filtering

What are three considerations when deploying User-ID. (Choose three.)

A. Enable WMI probing in high security networks

B. User-ID can support a maximum hops.

C. Specify included and excluded networks when configuring User-ID

D. Use a dedicated service account for User-ID services with the minimal permissions necessary.

E. Only enable User-ID on trusted zones

What are two benefits of using Panorama for a customer who is deploying virtual firewalls to secure data center traffic? (Choose two.)

A. It can monitor the virtual firewalls' physical hosts and Vmotion them as necessary.

B. It can bootstrap the virtual firewall for dynamic deployment scenarios

C. It can manage the virtual firewalls' resource use, allowing for VM resource over-subscription.

D. It can provide the Automated Correlation Engine functionality, which the virtual firewalls do not support

Which three policies or certificates must be configured for SSL Forward Proxy decryption? (Choose three.)

A. Forward trust certificate

B. Forward untrust certificate

C. A decrypt port mirror policy

D. Internal server certificate

E. A decryption policy

What are two core values of the Palo Alto Network Security Platform? (Choose two)

A. Sale enablement of all applications

B. Deployment of multiple point-based solutions to provide full security coverage

C. Prevention of cyberattacks

D. Threat remediation

E. Defense against threats with static security solution

Which functionality is available to firewall users with an active Threat Prevention subscription, but no WildFire license?

A. PE file upload to WildFire

B. WildFire hybrid deployment

C. 5 minute WildFire updates to threat signatures

D. Access to the WildFire API