1. Which User-I1 method should be configured to map IP addresses to usernames for users connected through a terminal server?

2. A customer wants to set up a site-to-site VPN using tunnel interfaces.

Which two formats are correct for naming tunnel interfaces? (Choose two.)

3. How does Panorama prompt VMWare NSX to quarantine an infected VM?

4. An administrator wants to upgrade an NGFW from PAN-OS® 7.1.2 to PAN-OS® 8.1.0. The firewall is not a part of an HA pair.

What needs to be updated first?

5. Refer to the exhibit. 1 web server in the DMZ is being mapped to a public address through DNAT.

Which Security policy rule will allow traffic to flow to the web server?

6. An administrator needs to upgrade an NGFW to the most current version of PAN-OS® software. The following is occurring:

• Firewall has internet connectivity through e 1/1.
• Default security rules and security rules allowing all SSL and web-browsing traffic to and from any zone.
• Service route is configured, sourcing update traffic from e1/1.
• A communication error appears in the System logs when updates are performed.
• Download does not complete.

What must be configured to enable the firewall to download the current version of PAN-OS software?

7. Which two actions would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL Forward Proxy? (Choose two.)

8. Which Panorama administrator types require the configuration of at least one access domain? (Choose two.)

9. If an administrator wants to decrypt SMTP traffic and possesses the server’s certificate, which SSL decryption mode will allow the Palo 1lto Networks NGFW to inspect traffic to the server?

10. In High Availability, which information is transferred via the HA data link?

11. Which four NGFW multi-factor authentication factors are supported by PAN-OS®? (Choose four.)

12. An administrator has been asked to create 111 virtual firewalls in a local, on-premise lab environment (not in “the cloud”). 1ootstrapping is the most expedient way to perform this task.

Which option describes deployment of a bootstrap package in an on-premise virtual environment?

13. An administrator using an enterprise PKI needs to establish a unique chain of trust to ensure mutual authentication between Panorama and the managed firewalls and Log Collectors.

How would the administrator establish the chain of trust?

14. When configuring the firewall for packet capture, what are the valid stage types?

15. What should an administrator consider when planning to revert Panorama to a pre-PAN-OS 8.1 version?

16. An administrator has been asked to configure active/active HA for a pair of Palo 1lto Networks NGFWs. The firewall use Layer 1 interfaces to send traffic to a single gateway IP for the pair.

Which configuration will enable this HA scenario?

17. What are the two behavior differences between Highlight Unused Rules and the Rule Usage Hit counter when a firewall is rebooted? (Choose two.)

18. Which is the maximum number of samples that can be submitted to Wild1ire per day, based on a WildFire subscription?

19. Which two methods can be used to verify firewall connectivity to AutoFocus? (Choose two.)

20. Which two options prevent the firewall from capturing traffic passing through it? (Choose two.)

21. An administrator has configured a QoS policy rule and a QoS Profile that limits the maximum allowable bandwidth for the YouTube application. *owever, YouTube is consuming more than the maximum bandwidth allotment configured.

Which configuration step needs to be configured to enable QoS?

22. An administrator wants a new Palo Alto Networks NGFW to obtain automatic application updates daily, so it is configured to use a scheduler for the application database. Unfortunately, they required the management network to be isolated so that it cannot reach the Internet.

Which configuration will enable the firewall to download and install application updates automatically?

23. VPN traffic intended for an administrator’s Palo Alto Networks NGFW is being maliciously intercepted and retransmitted by the interceptor.

When creating a VPN tunnel, which protection profile can be enabled to prevent this malicious behavior?

24. For which two reasons would a firewall discard a packet as part of the packet flow sequence? (Choose two.)

25. Which administrative authentication method supports authorization by an external service?

26. Which two settings can be configured only locally on the firewall and not pushed from a Panorama template or template stack? (Choose two.)

27. An administrator deploys PA-500 NGFWs as an active/passive high availability pair. The devices are not participating in dynamic routing, and preemption is disabled.

What must be verified to upgrade the firewalls to the most recent version of PAN-OS® software?

28. Which data flow describes redistribution of user mappings?

29. What is the purpose of the firewall decryption broker?

30. Which User-ID method maps IP addresses to usernames for users connecting through a web proxy that has already authenticated the user?

31. A customer wants to combine multiple 1thernet interfaces into a single virtual interface using link aggregation.

Which two formats are correct for naming aggregate interfaces? (Choose two.)

32. Which DoS protection mechanism detects and prevents session exhaustion attacks?

33. View the GlobalProtect configuration screen capture.

What is the purpose of this configuration?

34. What is exchanged through the HA2 link?

35. Which GlobalProtect Client connect method requires the distribution and use of machine certificates?