QUESTION 68
Which feature would be useful for preventing traffic from hosting providers that place few restrictions on content, whose services are frequently used by attackers to distribute illegal or unethical material?

QUESTION 69
Given the Cyber-Attack Lifecycle diagram, identify the stage in which the attacker can initiate malicious code against a targeted machine.

QUESTION 70
An administrator would like to apply a more restrictive Security profile to traffic for file sharing applications. The administrator does not want to update the Security policy or object when new applications are released.
Which object should the administrator use as a match condition in the Security policy?

QUESTION 71
Which three statements describe the operation of Security policy rules and Security Profiles? (Choose three.)

QUESTION 72
What are three DNS policy actions? (Choose three.)

QUESTION 73
Which license must an Administrator acquire prior to downloading Antivirus Updates for use with the firewall?

QUESTION 74
Based on the screenshot presented which column contains the link that when clicked opens a window to display all applications matched to the policy rule?

QUESTION 75
An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the administrator need to monitor and block to mitigate the malicious activity?

QUESTION 76
Match the network device with the correct User-ID technology.

QUESTION 77
If using group mapping with Active Directory Universal Groups, what must you do when configuring the User-ID?

QUESTION 78
Which file is used to save the running configuration with a Palo Alto Networks firewall?

QUESTION 79
A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_base.
On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days.
Based on the information, how is the SuperApp traffic affected after the 30 days have passed?

QUESTION 80
Which data-plane processor layer of the graphic shown provides uniform matching for spyware and vulnerability exploits on a Palo Alto Networks Firewall?

QUESTION 81
Which two statements are correct about App-ID content updates? (Choose two.)

QUESTION 82
Given the image, which two options are true about the Security policy rules. (Choose two.)

QUESTION 83
What are three valid information sources that can be used when tagging users to dynamic user groups? (Choose three.)

QUESTION 84
An administrator wants to prevent users from unintentionally accessing malicious domains where data can be exfiltrated through established connections to remote systems.
From the Pre-defined Categories tab within the URL Filtering profile, what is the right configuration to prevent such connections?

QUESTION 85
You have been tasked to configure access to a new web server located in the DMZ Based on the diagram what configuration changes are required in the NGFW virtual router to route traffic from the 10 1 1 0/24 network to 192 168 1 0/24?

QUESTION 86
An administrator configured a Security policy rule with an Antivirus Security profile. The administrator did not change the action for the profile.
If a virus gets detected, how will the firewall handle the traffic?

QUESTION 87
Given the image, which two options are true about the Security policy rules. (Choose two.)

QUESTION 88
Which three types of authentication services can be used to authenticate user traffic flowing through the firewalls data plane? (Choose three )

QUESTION 89
Actions can be set for which two items in a URL filtering security profile? (Choose two.)

QUESTION 90
Which object would an administrator create to block access to all high-risk applications?

QUESTION 91
What are two differences between an application group and an application filter? (Choose two.)