Palo Alto Next Generation Firewall Administration Quiz Questions and Answers

Actions can be set for which two items in a URL filtering security profile? (Choose two.)

Answer :
  • Block List
  • Allow List

Which User-ID mapping method should be used for an environment with clients that do not authenticate to Windows Active Directory?

Answer :
  • Captive Portal

Which statement is true regarding a Best Practice Assessment?

Answer :
  • It provides a percentage of adoption for each assessment data.

When creating a Source NAT policy, which entry in the Translated Packet tab will display the options Dynamic IP and Port, Dynamic, Static IP, and None?

Answer :
  • Translation Type

Which interface does not require a MAC or IP address?

Answer :
  • Virtual Wire

A company moved its old port-based firewall to a new Palo Alto Networks NGFW 60 days ago. Which utility should the company use to identify out-of-date or unused rules on the firewall?

Answer :
  • Rule Usage Filter > Hit Count > Unused in 90 days

Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping. What is the quickest way to reset the hit counter to zero in all the security policy rules?

Answer :
  • Use the Reset Rule Hit Counter > All Rules option.

In which stage of the Cyber-Attack Lifecycle would the attacker inject a PDF file within an email?

Answer :
  • Weaponization

Based on the security policy rules shown, ssh will be allowed on which port?

Answer :
  • 22

Which license must an Administrator acquire before downloading Antivirus Updates for use with the firewall?

Answer :
  • Threat Prevention License