EMT Practice Test

1. Question Content...


Question List

Question1: Which Palo Alto networks security operating platform service protects cloud-based application such as Dropbox and salesforce by monitoring permissions and shared and scanning files for Sensitive information?

Question2: Which definition describes the guiding principle of the zero-trust architecture?

Question3: You must configure which firewall feature to enable a data-plane interface to submit DNS queries on behalf of the control plane?

Question4: What in the minimum frequency for which you can configure the firewall too check for new wildfire antivirus signatures?

Question5: Which update option is not available to administrators?

Question6: Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping.
What is the quickest way to reset the hit counter to zero in all the security policy rules?

Question7: Which Palo Alto network security operating platform component provides consolidated policy creation and centralized management?

Question8: A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_base.
On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days.
Based on the information, how is the SuperApp traffic affected after the 30 days have passed?

Question9: Which interface type is used to monitor traffic and cannot be used to perform traffic shaping?

Question10: Which operations are allowed when working with App-ID application tags?

Question11: What is an advantage for using application tags?

Question12: At which point in the app-ID update process can you determine if an existing policy rule is affected by an app-ID update?

Question13: How frequently can wildfire updates be made available to firewalls?

Question14: Given the Cyber-Attack Lifecycle diagram, identify the stage in which the attacker can initiate malicious code against a targeted machine.

Question15: Which security policy rule would be needed to match traffic that passes between the Outside zone and Inside zone, but does not match traffic that passes within the zones?

Question16: Given the scenario, which two statements are correct regarding multiple static default routes? (Choose two.)

Question17: Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?

Question18: Based on the graphic which statement accurately describes the output shown in the server monitoring panel?

Question19: Which plane on a Palo alto networks firewall provides configuration logging and reporting functions on a separate processor?

Question20: You need to allow users to access the office-suite application of their choice. How should you configure the firewall to allow access to any office-suite application?

Question21: Which prevention technique will prevent attacks based on packet count?

Question22: Which two configuration settings shown are not the default? (Choose two.)

Question23: Based on the screenshot what is the purpose of the included groups?

Question24: Which interface does not require a MAC or IP address?

Question25: All users from the internal zone must be allowed only Telnet access to a server in the DMZ zone. Complete the two empty fields in the Security Policy rules that permits only this type of access.

Choose two.

Question26: Which two App-ID applications will need to be allowed to use Facebook-chat? (Choose two.)

Question27: What are two differences between an implicit dependency and an explicit dependency in App-ID? (Choose two.)

Question28: How do you reset the hit count on a security policy rule?

Question29: Which two statements are true for the DNS security service introduced in PAN-OS version 10.0?

Question30: Which two features can be used to tag a user name so that it is included in a dynamic user group? (Choose two)

Question31: Which administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact and command-and-control (C2) server.
Which security profile components will detect and prevent this threat after the firewall`s signature database has been updated?

Question32: Which user mapping method could be used to discover user IDs in an environment with multiple Windows domain controllers?

Question33: Which type of security rule will match traffic between the Inside zone and Outside zone, within the Inside zone, and within the Outside zone?

Question34: Which data flow direction is protected in a zero trust firewall deployment that is not protected in a perimeter-only firewall deployment?

Question35: Order the steps needed to create a new security zone with a Palo Alto Networks firewall.

Question36: A server-admin in the USERS-zone requires SSH-access to all possible servers in all current and future Public Cloud environments. All other required connections have already been enabled between the USERS- and the OUTSIDE-zone. What configuration-changes should the Firewall-admin make?

Question37: Which the app-ID application will you need to allow in your security policy to use facebook-chat?

Question38: Which link in the web interface enables a security administrator to view the security policy rules that match new application signatures?

Question39: An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command-and-control (C2) server. Which two security profile components will detect and prevent this threat after the firewall's signature database has been updated?
(Choose two.)

Question40: Which data-plane processor layer of the graphic shown provides uniform matching for spyware and vulnerability exploits on a Palo Alto Networks Firewall?