Palo Alto Networks PCNSE Quiz 55 Topic 3 Questions 271-275

Question: 1

Only two Trust to Untrust allow rules have been created in the Security policy

Rule1 allows google-base

Rule2 allows youtube-base

Which action will allow youtube.com display in the browser correctly?

AAdd SSL App-ID to Rule1

BCreate an additional Trust to Untrust Rule, add the web-browsing, and SSL App-ID's to it

CAdd the DNS App-ID to Rule2

DAdd the Web-browsing App-ID to Rule2

Show Answer

Question: 2

Which three log-forwarding destinations require a server profile to be configured? (Choose three)

ASNMP Trap

BEmail

CRADIUS

DKerberos

EPanorama

FSyslog

Show Answer

Question: 3

A critical US-CERT notification is published regarding a newly discovered botnet. The malware is very evasive and is not reliably detected by endpoint antivirus software. Furthermore, SSL is used to tunnel malicious traffic to command-and-control servers on the internet and SSL Forward Proxy Decryption is not enabled.

Which component once enabled on a perirneter firewall will allow the identification of existing infected hosts in an environment?

AAnti-Spyware profiles applied outbound security policies with DNS Query action set to sinkhole

BFile Blocking profiles applied to outbound security policies with action set to alert

CVulnerability Protection profiles applied to outbound security policies with action set to block

DAntivirus profiles applied to outbound security policies with action set to alert

Show Answer

Question: 4

To ensure that a Security policy has the highest priority, how should an administrator configure a Security policy in the device group hierarchy?

AAdd the policy in the shared device group as a pre-rule

BReference the targeted device's templates in the target device group

CAdd the policy to the target device group and apply a master device to the device group

DClone the security policy and add it to the other device groups

Show Answer

Question: 5

A network engineer has revived a report of problems reaching 98.139.183.24 through vr1 on the firewall. The routing table on this firewall is extensive and complex.

Which CLI command will help identify the issue?

Atest routing fib virtual-router vr1

Bshow routing route type static destination 98.139.183.24

Ctest routing fib-lookup ip 98.139.183.24 virtual-router vr1

Dshow routing interface

Show Answer

Palo Alto Networks PCNSE Quiz:55 Topic:3 Questions:271-275