EMT Practice Test

1. Question Content...


Question List

Question1: All branch sites in an organization have NGFWs running in production, and the organization wants to centralize its logs with Strata Logging Service.
Which type of certificate is required to ensure connectivity from the NGFWs to Strata Logging Service?

Question2: In which mode should an ION device be configured at a newly acquired site to allow site traffic to be audited without steering traffic?

Question3: What is the main security benefit of adding a CN-Series firewall to an existing VM-Series firewall deployment when the customer is using containers?

Question4: What is the most efficient way in Strata Cloud Manager (SCM) to apply a Security policy to all ten firewalls in one data center?

Question5: Which two policies in Strata Cloud Manager (SCM) will ensure the personal data of employees remains private while enabling decryption for mobile users in Prisma Access? (Choose two.)

Question6: Which two components of a Security policy, when configured, allow third-party contractors access to internal applications outside business hours? (Choose two.)

Question7: An administrator has imported a pair of firewalls to Panorama under the same template stack. As a part of the template stack, the administrator wants to create a high availability (HA) template to be shared by the firewalls.
Which dynamic component should the administrator use when setting the Peer HA1 IP address?

Question8: When using the perfect forward secrecy (PFS) key exchange, how does a firewall behave when SSL Inbound Inspection is enabled?

Question9: A company has an ongoing initiative to monitor and control IT-sanctioned SaaS applications. To be successful, it will require configuration of decryption policies, along with data filtering and URL Filtering Profiles used in Security policies.
Based on the need to decrypt SaaS applications, which two steps are appropriate to ensure success? (Choose two.)

Question10: Refer to the exhibit.

A network administrator is using DNAT to map two servers to one public IP address. Traffic will be directed to a specific server based on the application, where Host A (10.1.1.100) receives HTTP traffic and Host B (10.1.1.101) receives SSH traffic.
Which two sets of Security policy rules will accomplish this configuration? (Choose two.)

Question11: Which statement best demonstrates a fundamental difference between Content-ID and traditional network security methods?

Question12: Based on the image below, which source IP address will be seen in the data filtering logs of the Cloud NGFW for AWS with the default rulestack settings?

Question13: How are content updates downloaded and installed for Cloud NGFWs?

Question14: Which two content updates can be pushed to next-generation firewalls from Panorama? (Choose two.)

Question15: Which type of traffic can a firewall use for proper classification and visibility of internet of things (loT) devices?

Question16: A company uses Prisma Access to provide secure connectivity for mobile users to access its corporate-sanctioned Google Workspace and wants to block access to all unsanctioned Google Workspace environments.
What would an administrator configure in the snippet to achieve this goal?

Question17: Which firewall attribute can an engineer use to simplify rule creation and automatically adapt to changes in server roles or security posture based on log events?

Question18: Which two tools can be used to configure Cloud NGFWs for AWS? (Choose two.)

Question19: What should be reviewed when log forwarding from an NGFW to Strata Logging Service becomes disconnected?

Question20: Which action must a firewall administrator take to incorporate custom vulnerability signatures into current Security policies?

Question21: What are two ways to create an App-ID for unknown applications? (Choose two.)

Question22: Which network design for internet of things (loT) Security allows traffic mirroring from the switch to a TAP interface on the firewall to monitor traffic not otherwise seen?

Question23: Which Cloud-Delivered Security Services (CDSS) solution is required to configure and enable Advanced DNS Security?

Question24: A company currently uses Prisma Access for its mobile users. A use case is discovered in which mobile users will need to access an internal site, but there is no existing network communication between the mobile users and the internal site.
Which Prisma Access functionality needs to be deployed to enable routing between the mobile users and the internal site?

Question25: Which feature is available in both Panorama and Strata Cloud Manager (SCM)?

Question26: Which two pieces of information are needed prior to deploying server certificates from a trusted third-party certificate authority (CA) to GlobalProtect components? (Choose two.)