Join the discussion
Question 1/160
When configuring explicit proxy on a firewall, which interface should be selected under the Listening interface option?
Correct Answer: A
Add Comments
- Other Question (160q)
- Q1. When configuring explicit proxy on a firewall, which interface should be selected under th...
- Q2. A consultant advises a client on designing an explicit Web Proxy deployment on PAN-OS 11 0...
- Q3. When an engineer configures an active/active high availability pair, which two links can t...
- Q4. The decision to upgrade PAN-OS has been approved. The engineer begins the process by upgra...
- Q5. A firewall engineer is managing a Palo Alto Networks NGFW that does not have the DHCP serv...
- Q6. A firewall administrator has been tasked with ensuring that all Panorama configuration is ...
- Q7. For company compliance purposes, three new contractors will be working with different devi...
- Q8. Panorama is being used to upgrade the PAN-OS version on a pair of firewalls in an active/p...
- Q9. An engineer is troubleshooting a traffic-routing issue. What is the correct packet-flow se...
- Q10. A network administrator configured a site-to-site VPN tunnel where the peer device will ac...
- Q11. Which new PAN-OS 11.0 feature supports IPv6 traffic?...
- Q12. An internal audit team has requested additional information to be included inside traffic ...
- Q13. Which type of zone will allow different virtual systems to communicate with each other?...
- Q14. What should an engineer consider when setting up the DNS proxy for web proxy?...
- Q15. To ensure that a Security policy has the highest priority, how should an administrator con...
- Q16. Which two items must be configured when implementing application override and allowing tra...
- Q17. An administrator is creating a new Dynamic User Group to quarantine users for suspicious a...
- Q18. Which statement about High Availability timer settings is true?...
- Q19. A network security engineer needs to enable Zone Protection in an environment that makes u...
- Q20. A network security administrator wants to begin inspecting bulk user HTTPS traffic flows e...
- Q21. A customer wants to enhance the protection provided by their Palo Alto Networks NGFW deplo...
- Q22. A root cause analysis investigation into a recent security incident reveals that several d...
- Q23. An organization has recently migrated its infrastructure and configuration to NGFWs, for w...
- Q24. Which two key exchange algorithms consume the most resources when decrypting SSL traffic? ...
- Q25. An engineer is tasked with decrypting web traffic in an environment without an established...
- Q26. Which tool will allow review of the policy creation logic to verify that unwanted traffic ...
- Q27. A security team has enabled real-time WildFire signature lookup on all its firewalls. Whic...
- Q28. A company configures its WildFire analysis profile to forward any file type to the WildFir...
- Q29. Refer to the exhibit. (Exhibit) Using the above screenshot of the ACC, what is the best me...
- Q30. As a best practice, logging at session start should be used in which case?...
- Q31. An administrator plans to deploy 15 firewalls to act as GlobalProtect gateways around the ...
- Q32. Refer to the exhibit. (Exhibit) Based on the screenshots above what is the correct order i...
- Q33. An administrator is troubleshooting intermittent connectivity problems with a user's Globa...
- Q34. A company wants to implement threat prevention to take action without redesigning the netw...
- Q35. An administrator is tasked to provide secure access to applications running on a server in...
- Q36. A firewall engineer is configuring quality of service (OoS) policy for the IP address of a...
- Q37. Refer to the diagram. Users at an internal system want to ssh to the SSH server. The serve...
- Q38. SSL Forward Proxy decryption is configured, but the firewall uses Untrusted-CA to sign the...
- Q39. An administrator plans to install the Windows-Based User-ID Agent. What type of Active Dir...
- Q40. A company wants to deploy IPv6 on its network which requires that all company Palo Alto Ne...
- Q41. An administrator needs to assign a specific DNS server to an existing template variable. W...
- Q42. All firewall at a company are currently forwarding logs to Palo Alto Networks log collecto...
- Q43. (Exhibit) A security engineer has configured a GlobalProtect portal agent with four gatewa...
- Q44. A firewall administrator is investigating high packet buffer utilization in the company fi...
- Q45. 'SSL Forward Proxy decryption is configured, but the firewall uses Untrusted-CA to sign th...
- Q46. Certain services in a customer implementation are not working, including Palo Alto Network...
- Q47. When a new firewall joins a high availability (HA) cluster, the cluster members will synch...
- Q48. A company has configured GlobalProtect to allow their users to work from home. A decrease ...
- Q49. An administrator is building Security rules within a device group to block traffic to and ...
- Q50. An engineer has been given approval to upgrade their environment to the latest version of ...
- Q51. A network security administrator wants to enable Packet-Based Attack Protection in a Zone ...
- Q52. Which three items must be configured to implement application override? (Choose three )...
- Q53. In which two scenarios would it be necessary to use Proxy IDs when configuring site-to-sit...
- Q54. How can Panorama help with troubleshooting problems such as high CPU or resource exhaustio...
- Q55. A security engineer wants to upgrade the company's deployed firewalls from PAN-OS 10.1 to ...
- Q56. How can a firewall be set up to automatically block users as soon as they are found to exh...
- Q57. Exhibit. (Exhibit) Review the screenshots and consider the following information 1. FW-1is...
- Q58. A firewall administrator is configuring an IPSec tunnel between Site A and Site B. The Sit...
- Q59. What must be taken into consideration when preparing a log forwarding design for all of a ...
- Q60. An administrator wants to configure the Palo Alto Networks Windows User-D agent to map IP ...
- Q61. If a URL is in multiple custom URL categories with different actions, which action will ta...
- Q62. An administrator plans to install the Windows-Based User-ID Agent to prevent credential ph...
- Q63. An engineer creates a set of rules in a Device Group (Panorama) to permit traffic to vario...
- Q64. An administrator needs to identify which NAT policy is being used for internet traffic. Fr...
- Q65. A firewall engineer needs to update a company's Panorama-managed firewalls to the latest v...
- Q66. A company CISO updates the business Security policy to identify vulnerable assets and serv...
- Q67. Which translated port number should be used when configuring a NAT rule for a transparent ...
- Q68. A company wants to use GlobalProtect as its remote access VPN solution. Which GlobalProtec...
- Q69. A firewall engineer supports a mission-critical network that has zero tolerance for applic...
- Q70. While troubleshooting an issue, a firewall administrator performs a packet capture with a ...
- Q71. An administrator has purchased WildFire subscriptions for 90 firewalls globally. What shou...
- Q72. Review the information below. A firewall engineer creates a U-NAT rule to allow users in t...
- Q73. A system administrator runs a port scan using the company tool as part of vulnerability ch...
- Q74. Which interface type should a firewall administrator configure as an upstream to the ingre...
- Q75. An administrator configures a site-to-site IPsec VPN tunnel between a PA-850 and an extern...
- Q76. What are three prerequisites for credential phishing prevention to function? (Choose three...
- Q77. What would allow a network security administrator to authenticate and identify a user with...
- Q78. An administrator has two pairs of firewalls within the same subnet. Both pairs of firewall...
- Q79. A company uses GlobalProtect for its VPN and wants to allow access to users who have only ...
- Q80. Which action can be taken to immediately remediate the issue of application traffic with a...
- Q81. Users are intermittently being cut off from local resources whenever they connect to Globa...
- Q82. Which function does the HA4 interface provide when implementing a firewall cluster which c...
- Q83. A company is deploying User-ID in their network. The firewall team needs to have the abili...
- Q84. An engineer is tasked with deploying SSL Forward Proxy decryption for their organization. ...
- Q85. During a routine security audit, the risk and compliance team notices a series of WildFire...
- Q86. Which GlobalProtect gateway selling is required to enable split-tunneling by access route,...
- Q87. A network administrator is troubleshooting an issue with Phase 2 of an IPSec VPN tunnel Th...
- Q88. Review the screenshot of the Certificates page. An administrator for a small LLC has creat...
- Q89. An engineer troubleshooting a VPN issue needs to manually initiate a VPN tunnel from the C...
- Q90. An administrator would like to determine which action the firewall will take for a specifi...
- Q91. A firewall engineer creates a new App-ID report under Monitor > Reports > Applicatio...
- Q92. Following a review of firewall logs for traffic generated by malicious activity, how can a...
- Q93. An engineer needs to permit XML API access to a firewall for automation on a network segme...
- Q94. An engineer is deploying multiple firewalls with common configuration in Panorama. What ar...
- Q95. During the implementation of SSL Forward Proxy decryption, an administrator imports the co...
- Q96. What is the benefit of the Artificial Intelligence Operations (AIOps) Plugin for Panorama?...
- Q97. An engineer must configure a new SSL decryption deployment. Which profile or certificate i...
- Q98. An engineer configures SSL decryption in order to have more visibility to the internal use...
- Q99. Which three actions can Panorama perform when deploying PAN-OS images to its managed devic...
- Q100. An engineer decides to use Panorama to upgrade devices to PAN-OS 10.2. Which three platfor...
- Q101. A company requires that a specific set of ciphers be used when remotely managing their Pal...
- Q102. Which conditions must be met when provisioning a high availability (HA) cluster? (Choose t...
- Q103. An organization uses the User-ID agent to control access to sensitive internal resources. ...
- Q104. An administrator receives the following error message: "IKE phase-2 negotiation failed whe...
- Q105. Which statement explains the difference between using the PAN-OS integrated User-ID agent ...
- Q106. The UDP-4501 protocol-port is to between which two GlobalProtect components?...
- Q107. An administrator Just enabled HA Heartbeat Backup on two devices However, the status on ti...
- Q108. An engineer configures a destination NAT policy to allow inbound access to an internal ser...
- Q109. An administrator plans to install the Windows User-ID agent on a domain member system. Wha...
- Q110. Which three sessions are created by a NGFW for web proxy? (Choose three.)...
- Q111. A network engineer has discovered that asymmetric routing is causing a Palo Alto Networks ...
- Q112. An engineer needs to configure a standardized template for all Panorama-managed firewalls....
- Q113. A company has configured a URL Filtering profile with override action on their firewall. W...
- Q114. A firewall engineer needs to patch the company's Palo Alto Network firewalls to the latest...
- Q115. Which two are required by IPSec in transport mode? (Choose two.)...
- Q116. When using certificate authentication for firewall administration, which method is used fo...
- Q117. An administrator wants to add User-ID information for their Citrix MetaFrame Presentation ...
- Q118. In a template, which two objects can be configured? (Choose two.)...
- Q119. Which three methods are supported for split tunneling in the GlobalProtect Gateway? (Choos...
- Q120. Which three authentication types can be used to authenticate users? (Choose three.)...
- Q121. Which feature of Panorama allows an administrator to create a single network configuration...
- Q122. Given the following snippet of a WildFire submission log did the end-user get access to th...
- Q123. What type of address object would be useful for internal devices where the addressing stru...
- Q124. A new application server 192.168.197.40 has been deployed in the DMZ. There are no public ...
- Q125. An administrator is attempting to create policies tor deployment of a device group and tem...
- Q126. An engineer troubleshoots a Panorama-managed firewall that is unable to reach the DNS serv...
- Q127. An engineer manages a high availability network and requires fast failover of the routing ...
- Q128. What is the best description of the Cluster Synchronization Timeout (min)?...
- Q129. A firewall architect is attempting to install a new Palo Alto Networks NGFW. The company h...
- Q130. Where can a service route be configured for a specific destination IP?...
- Q131. An administrator is attempting to create policies for deployment of a device group and tem...
- Q132. Why are external zones required to be configured on a Palo Alto Networks NGFW in an enviro...
- Q133. An enterprise Information Security team has deployed policies based on AD groups to restri...
- Q134. Which three options does Panorama offer for deploying dynamic updates to its managed devic...
- Q135. What are three tasks that cannot be configured from Panorama by using a template stack? (C...
- Q136. A company has a PA-3220 NGFW at the edge of its network and wants to use active directory ...
- Q137. What action does a firewall take when a Decryption profile allows unsupported modes and un...
- Q138. What can the Log Forwarding built-in action with tagging be used to accomplish?...
- Q139. After importing a pre-configured firewall configuration to Panorama, what step is required...
- Q140. Which log type would provide information about traffic blocked by a Zone Protection profil...
- Q141. A network security engineer is going to enable Zone Protection on several security zones H...
- Q142. Forwarding of which two log types is configured in Device > Log Settings? (Choose two.)...
- Q143. Refer to the exhibit. (Exhibit) Which will be the egress interface if the traffic's ingres...
- Q144. An administrator troubleshoots an issue that causes packet drops. Which log type will help...
- Q145. A firewall engineer is tasked with defining signatures for a custom application. Which two...
- Q146. An engineer configures a new template stack for a firewall that needs to be deployed. The ...
- Q147. Which template values will be configured on the firewall if each template has an SSL to be...
- Q148. What is the best description of the Cluster Synchronization Timeout (min)?...
- Q149. A firewall administrator manages sets of firewalls which have two unique idle timeout valu...
- Q150. A firewall engineer is investigating high dataplane CPU utilization. To decrease the load ...
- Q151. Which two scripting file types require direct upload to the Advanced WildFire portal/API f...
- Q152. An administrator needs to gather information about the CPU utilization on both the managem...
- Q153. A firewall engineer is migrating port-based rules to application-based rules by using the ...
- Q154. An organization is interested in migrating from their existing web proxy architecture to t...
- Q155. Why would a traffic log list an application as "not-applicable"?...
- Q156. Which server platforms can be monitored when a company is deploying User-ID through server...
- Q157. View the screenshots (Exhibit) A QoS profile and policy rules are configured as shown. Bas...
- Q158. An administrator is troubleshooting application traffic that has a valid business use case...
- Q159. An administrator has been tasked with configuring decryption policies, Which decryption be...
- Q160. Forwarding of which two log types is configured in Objects -> Log Forwarding? (Choose t...
[×]
Download PDF File
Enter your email address to download PaloAltoNetworks.PCNSE.v2025-07-17.q160.pdf