EMT Practice Test

1. Question Content...


Question List

Question1: You need to allow users to access the office-suite application of their choice. How should you configure the firewall to allow access to any office-suite application?

Question2: Which Palo Alto Networks firewall security platform provides network security for mobile endpoints by inspecting traffic deployed as internet gateways?

Question3: Given the image, which two options are true about the Security policy rules. (Choose two.)

Question4: In which profile should you configure the DNS Security feature?

Question5: Which action related to App-ID updates will enable a security administrator to view the existing security policy rule that matches new application signatures?

Question6: How often does WildFire release dynamic updates?

Question7: Based on the security policy rules shown, ssh will be allowed on which port?

Question8: Which two statements are correct about App-ID content updates? (Choose two.)

Question9: Which two components are utilized within the Single-Pass Parallel Processing architecture on a Palo Alto Networks Firewall? (Choose two.)

Question10: Which type of security rule will match traffic between the Inside zone and Outside zone, within the Inside zone, and within the Outside zone?

Question11: Which interface type can use virtual routers and routing protocols?

Question12: Which protocol used to map username to user groups when user-ID is configured?

Question13: An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment?

Question14:
Given the topology, which zone type should interface E1/1 be configured with?

Question15: At which stage of the cyber-attack lifecycle would the attacker attach an infected PDF file to an email?

Question16: Which User-ID mapping method should be used for an environment with clients that do not authenticate to Windows Active Directory?

Question17: What are two differences between an implicit dependency and an explicit dependency in App-ID? (Choose two.)

Question18: Your company requires positive username attribution of every IP address used by wireless devices to support a new compliance requirement. You must collect IP -to-user mappings as soon as possible with minimal downtime and minimal configuration changes to the wireless devices themselves. The wireless devices are from various manufactures.
Given the scenario, choose the option for sending IP-to-user mappings to the NGFW.

Question19: Which two Palo Alto Networks security management tools provide a consolidated creation of policies, centralized management and centralized threat intelligence. (Choose two.)

Question20: A network has 10 domain controllers, multiple WAN links, and a network infrastructure with bandwidth needed to support mission-critical applications. Given the scenario, which type of User-ID agent is considered a best practice by Palo Alto Networks?

Question21: Which action results in the firewall blocking network traffic with out notifying the sender?

Question22: An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the administrator need to monitor and block to mitigate the malicious activity?

Question23: What do dynamic user groups you to do?

Question24: Based on the security policy rules shown, ssh will be allowed on which port?

Question25: Which administrator type provides more granular options to determine what the administrator can view and modify when creating an administrator account?

Question26: An internal host wants to connect to servers of the internet through using source NAT.
Which policy is required to enable source NAT on the firewall?

Question27: Which statement is true regarding a Prevention Posture Assessment?

Question28: Which interface type is part of a Layer 3 zone with a Palo Alto Networks firewall?

Question29: Which user mapping method could be used to discover user IDs in an environment with multiple Windows domain controllers?

Question30: Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping.
What is the quickest way to reset the hit counter to zero in all the security policy rules?

Question31: How is the hit count reset on a rule?

Question32: In the example security policy shown, which two websites fcked? (Choose two.)

Question33: Users from the internal zone need to be allowed to Telnet into a server in the DMZ zone.
Complete the security policy to ensure only Telnet is allowed.
Security Policy: Source Zone: Internal to DMZ Zone __________services "Application defaults", and action = Allow

Question34: Four configuration choices are listed, and each could be used to block access to a specific URL. If you configured each choices to block the sameURL then which choice would be the last to block access to the URL?

Question35: To use Active Directory to authenticate administrators, which server profile is required in the authentication profile?

Question36: The PowerBall Lottery has reached a high payout amount and a company has decided to help employee morale by allowing employees to check the number, but doesn't want to unblock the gambling URL category.
Which two methods will allow the employees to get to the PowerBall Lottery site without the company unlocking the gambling URL category? (Choose two.)

Question37: Which two features can be used to tag a user name so that it is included in a dynamic user group? (Choose two)

Question38: Which three statement describe the operation of Security Policy rules or Security Profiles? (Choose three)

Question39: Which the app-ID application will you need to allow in your security policy to use facebook-chat?

Question40: Based on the screenshot what is the purpose of the included groups?