EMT Practice Test
1. Question Content...
Question1: All of the interfaces on a Palo Alto Networks device must be of the same interface type.
Question3: What is the function of the GlobalProtect Portal?
Question5: An Outbound SSL forward-proxy decryption rule cannot be created using which type of zone?
Question6: What happens at the point of Threat Prevention license expiration?
Question7: How do you limit the amount of information recorded in the URL Content Filtering Logs?
Question8: An enterprise PKI system is required to deploy SSL Forward Proxy decryption capabilities.
Question10: What is the correct policy to most effectively block Skype?
Question11: When setting up GlobalProtect, what is the job of the GlobalProtect Portal?
Question12: Which of the following interfaces types will have a MAC address?
Question13: UserID is enabled in the configuration of:
Question15: Which of the following services are enabled on the MGT interface by default?
Question16: WildFire Analysis Reports are available for the following Operating Systems:
Question21: Which of the Dynamic Updates listed below are issued on a daily basis?
Question23: Which local interface cannot be assigned to the IKE gateway?
Question24: Which of the following is a routing protocol supported in a Palo Alto Networks firewall?
Question30: What is the maximum file size of .EXE files uploaded from the firewall to WildFire?
Question31: Which of the following is True of an application filter?
Question32: Wildfire may be used for identifying which of the following types of traffic?
Question33: What is the name of the debug save file for IPSec VPN tunnels?
Question34: Which fields can be altered in the default Vulnerability profile?
Question35: Which of the following is NOT a valid option for builtin CLI Admin roles?
Question38: What is the size limitation of files manually uploaded to WildFire?
Question40: For correct routing to SSL VPN clients to occur, the following must be configured:
Question41: Which of the following facts about dynamic updates is correct?
Question42: When configuring Admin Roles for Web UI access, what are the available access levels?
Question43: In PAN-OS 5.0, how is Wildfire enabled?
Question46: Which of the following CANNOT use the source user as a match criterion?
Question53: Will an exported configuration contain Management Interface settings?
Question56: In PANOS 6.0, rule numbers are:
Question57: After the installation of the Threat Prevention license, the firewall must be rebooted.
Question60: The following can be configured as a next hop in a Static Route:
Question61: An interface in tap mode can transmit packets on the wire.
Question66: An interface in Virtual Wire mode must be assigned an IP address.
Question67: Can multiple administrator accounts be configured on a single firewall?
Question69: Security policies specify a source interface and a destination interface.
Question70: A Config Lock may be removed by which of the following users?
Question73: In which of the following can UserID be used to provide a match condition?
Question74: What is the default setting for 'Action' in a Decryption Policy's rule?
Question75: Which statement below is True?
Question76: Which of the following statements is NOT True regarding a Decryption Mirror interface?
Question79: Wildfire may be used for identifying which of the following types of traffic?
Question81: Configuring a pair of devices into an Active/Active HA pair provides support for:
Question83: What option should be configured when using User-ID?
Question84: Which of the following are necessary components of a GlobalProtect solution?
Question85: Subsequent to the installation of new licenses, the firewall must be rebooted
Question86: After the installation of a new version of PANOS, the firewall must be rebooted.
Question87: Color-coded tags can be used on all of the items listed below EXCEPT:
Question90: Which of the following are methods HA clusters use to identify network outages?
Question91: Enabling "Highlight Unused Rules" in the Security policy window will:
Question98: How do you reduce the amount of information recorded in the URL Content Filtering Logs?
Question100: For non-Microsoft clients, what Captive Portal method is supported?
Question102: In PAN-OS 5.0, how is Wildfire enabled?
Question104: You can assign an IP address to an interface in Virtual Wire mode.
Question106: Which routing protocol is supported on the Palo Alto Networks platform?
Question107: Which of the following must be enabled in order for UserID to function?
Question109: A "Continue" action can be configured on the following Security Profiles:
Question114: Which of the following Global Protect features requires a separate license?
Question116: Which of the following objects cannot use User-ID as a match criteria?
Question117: In PAN-OS 6.0, rule numbers were introduced. Rule Numbers are:
Question119: Which of the following statements is NOT True about Palo Alto Networks firewalls?
Question121: With PAN-OS 5.0, how can a common NTP value be pushed to a cluster of firewalls?
Question124: Which type of license is required to perform Decryption Port Mirroring?
Question125: Which of the following interface types can have an IP address assigned to it?
Question127: A "Continue" action can be configured on which of the following Security Profiles?
Question129: Which of the following is NOT a valid option for built-in CLI access roles?
Question132: In order to route traffic between layer 3 interfaces on the PAN firewall you need:
Question136: Which of the following types of protection are available in DoS policy?
Question140: Administrative Alarms can be enabled for which of the following except?
Question142: Which of the following platforms supports the Decryption Port Mirror function?
Question143: Both SSL decryption and SSH decryption are disabled by default.
Question145: When using Config Audit, the color yellow indicates which of the following?
Question146: Which link is used by an Active-Passive cluster to synchronize session information?
Question154: Which fields can be altered in the default Vulnerability Protection Profile?
Question155: Users can be authenticated serially to multiple authentication servers by configuring:
Question157: Which of the Dynamic Updates listed below are issued on a daily basis?
Question158: What option should be configured when using User Identification?
Question161: Which of the following fields is not available in DoS policy?
Question163: The "Disable Server Return Inspection" option on a security profile:
Question164: Which feature can be configured to block sessions that the firewall cannot decrypt?
Question165: In Active/Active HA environments, redundancy for the HA3 interface can be achieved by:
Question167: Which best describes how Palo Alto Networks firewall rules are applied to a session?
Question168: When creating an application filter, which of the following is true?
Question170: In PAN-OS 5.0, which of the following features is supported with regards to IPv6?
Question171: When a user logs in via Captive Portal, their user information can be checked against:





