Question 6 of 136
What two types of certificates are used to configure SSL Forward Proxy? (׀¡hoose two.)
Answer

Suggested Answer

The suggested answer is A, B.

To configure SSL Forward Proxy, you can use either an enterprise CA-signed certificate or a self-signed certificate. An enterprise CA-signed certificate is issued by a trusted Certificate Authority and provides a higher level of trust. A self-signed certificate is generated by the organization itself and does not require a third-party CA, but it is less trusted by default. These two types of certificates are commonly used for setting up SSL Forward Proxy to manage and decrypt secure traffic.

Community Votes2 votes
ABSuggested
100%
Question 7 of 136
Which two of the following does decryption broker provide on a NGFW? (Choose two.)
Answer

Suggested Answer

The suggested answer is A, B.

Decryption broker allows you to offload SSL decryption to the Palo Alto Networks next-generation firewall and decrypt traffic only once. This eliminates the need for a third party SSL decryption option, reducing the total number of third party devices performing analysis and enforcement.

Community Votes1 vote
ABSuggested
100%
Question 8 of 136
There are different Master Keys on Panorama and managed firewalls.
What is the result if a Panorama Administrator pushes configuration to managed firewalls?
Answer

Suggested Answer

The suggested answer is A.

When a Panorama Administrator attempts to push configuration to managed firewalls that have different Master Keys, the push operation will fail regardless of whether there is an error within the configuration itself. This is because the security architectures require matching Master Keys to ensure secure communication and configuration integrity between Panorama and the managed devices.

Community Votes3 votes
ASuggested
67%
B
33%
Question 9 of 136
Which task would be identified in Best Practice Assessment tool?
Answer

Suggested Answer

The suggested answer is D.

The main purpose of the Best Practice Assessment (BPA) tool is to evaluate your configurations against industry best practices and provide recommendations for improving those configurations. Specifically, it focuses on making sure your setup aligns with best practices for security and device management. Identifying and providing recommendations for device management access fits this objective.

Community Votes12 votes
DSuggested
100%
Question 10 of 136
A customer requests that a known spyware threat signature be triggered based on a rate of occurrence, for example, 10 hits in 5 seconds.
How is this goal accomplished?
Answer

Suggested Answer

The suggested answer is D.

To trigger a known spyware threat signature based on a rate of occurrence, you should configure the Anti-Spyware profile with the number of rule counts to match the specified occurrence frequency. This process allows the system to monitor the frequency of spyware signature hits and trigger an action when the defined threshold (e.g., 10 hits in 5 seconds) is reached.

Community Votes11 votes
AMost voted
55%
B
45%