01. Which Captive Portal authentication method can be handled by the browser without affecting the user experience?
02. Palo Alto Networks publishes new applications at which approximate interval?
a) every 30 minutes
03. A Security policy accepts new FTP traffic sessions between 8:00 a.m. and 5:00 p.m. What happens to an already-accepted and running FTP session at 5:01 p.m.?
a) The session is re-evaluated to determine whether it is allowed under a different policy rule.
b) The session continues to run, because already accepted sessions are not re-evaluated.
c) The session is re-evaluated if the default configuration setting “Rematch all sessions on config policy change” is enabled.
d) The session is terminated, and the initiator must establish a new session.
04. Under which conditions can two Layer 3 interfaces have the same IP address?
a) They must be connected to a common VLAN object interface.
b) They must be connected to the same Ethernet network through a switch. This configuration can be used only for High Availability.
c) They must be connected to different virtual routers.
d) They must be subinterfaces of the same physical interface.
e) This feature is not supported.
05. On a PA-7000 Series firewall, which management function runs on a separate, dedicated card?
a) configuration management
d) management web service
06. The Palo Alto Networks Cortex Data Lake can accept logging data from which two products?
a) Cortex XDR
b) next-generation firewalls
c) Prisma SaaS
07. Which profile do you use for DLP based on file content?
c) Vulnerability Protection
d) URL Filtering
e) File Blocking
f) WildFire Analysis
g) Data Filtering
08. In a Panorama managed environment, which two options show the correct order of policy evaluation?
a) device group pre-rules, shared pre-rules, local firewall rules, intrazone-default, interzone-default
b) device group pre-rules, local firewall rules, shared post-rules, device group post-rules, intrazone-default, interzone-default
c) device group pre-rules, local firewall rules, device group post-rules, shared post-rules, intrazone-default, interzone-default
d) device group pre-rules, local firewall rules, intrazone-default, interzone-default, device group post-rules, shared post-rules
e) shared pre-rules, device group pre-rules, local firewall rules, intrazone-default, interzone-default
09. You are preparing a bootstrap template for use with a VM-Series firewall hosted in a public cloud. You don’t need to include the Content-ID files because the firewall will download the latest version when it is booted anyway.
How do you configure the bootstrap’s content directory?
a) leave it empty
b) delete it
c) rename it to content-null
d) add an empty file to it named no-download
10. How does the NGFW handle excess packets when there are QoS constraints?
a) It buffers them until there is bandwidth to send them.
b) It drops a percentage of them randomly.
c) It replaces them with packets that tell the computer on the other side to slow down.
d) It sends a portion instead of the whole packet.