Question 6 of 115

What two types of certificates are used to configure SSL Forward Proxy? (׀¡hoose two.)

    Correct Answer: AB

    To configure SSL Forward Proxy, you can use either an enterprise CA-signed certificate or a self-signed certificate. An enterprise CA-signed certificate is issued by a trusted Certificate Authority and provides a higher level of trust. A self-signed certificate is generated by the organization itself and does not require a third-party CA, but it is less trusted by default. These two types of certificates are commonly used for setting up SSL Forward Proxy to manage and decrypt secure traffic.

Question 7 of 115

Which two of the following does decryption broker provide on a NGFW? (Choose two.)

    Correct Answer: AB

    Decryption broker allows you to offload SSL decryption to the Palo Alto Networks next-generation firewall and decrypt traffic only once. This eliminates the need for a third party SSL decryption option, reducing the total number of third party devices performing analysis and enforcement.

Question 8 of 115

There are different Master Keys on Panorama and managed firewalls.

What is the result if a Panorama Administrator pushes configuration to managed firewalls?

    Correct Answer: A

    When a Panorama Administrator attempts to push configuration to managed firewalls that have different Master Keys, the push operation will fail regardless of whether there is an error within the configuration itself. This is because the security architectures require matching Master Keys to ensure secure communication and configuration integrity between Panorama and the managed devices.

Question 9 of 115

Which task would be identified in Best Practice Assessment tool?

    Correct Answer: D

    The main purpose of the Best Practice Assessment (BPA) tool is to evaluate your configurations against industry best practices and provide recommendations for improving those configurations. Specifically, it focuses on making sure your setup aligns with best practices for security and device management. Identifying and providing recommendations for device management access fits this objective.

Question 10 of 115

A customer requests that a known spyware threat signature be triggered based on a rate of occurrence, for example, 10 hits in 5 seconds.

How is this goal accomplished?

    Correct Answer: D

    To trigger a known spyware threat signature based on a rate of occurrence, you should configure the Anti-Spyware profile with the number of rule counts to match the specified occurrence frequency. This process allows the system to monitor the frequency of spyware signature hits and trigger an action when the defined threshold (e.g., 10 hits in 5 seconds) is reached.