EMT Practice Test

1. Question Content...


Question List

Question1: Which URL profiling action does not generate a log entry when a user attempts to access that URL?

Question2: A Security Profile can block or allow traffic at which point?

Question3: You have been tasked to configure access to a new web server located in the DMZ Based on the diagram what configuration changes are required in the NGFW virtual router to route traffic from the 10 1 1 0/24 network to 192 168 1 0/24?

Question4: Which type of profile must be applied to the Security policy rule to protect against buffer overflows illegal code execution and other attempts to exploit system flaws''

Question5: Given the image, which two options are true about the Security policy rules. (Choose two.)

Question6: Which path is used to save and load a configuration with a Palo Alto Networks firewall?

Question7: An administrator wants to prevent access to media content websites that are risky Which two URL categories should be combined in a custom URL category to accomplish this goal? (Choose two)

Question8: Which object would an administrator create to block access to all high-risk applications?

Question9: Place the following steps in the packet processing order of operations from first to last.

Question10: Which interface does not require a MAC or IP address?

Question11: Given the Cyber-Attack Lifecycle diagram, identify the stage in which the attacker can initiate malicious code against a targeted machine.

Question12: In a security policy what is the quickest way to rest all policy rule hit counters to zero?

Question13: To use Active Directory to authenticate administrators, which server profile is required in the authentication profile?

Question14: An administrator wishes to follow best practices for logging traffic that traverses the firewall Which log setting is correct?

Question15: Which option is part of the content inspection process?

Question16: Given the topology, which zone type should zone A and zone B to be configured with?

Question17: Access to which feature requires PAN-OS Filtering licens?

Question18: In which stage of the Cyber-Attack Lifecycle would the attacker inject a PDF file within an email?

Question19: Complete the statement. A security profile can block or allow traffic____________

Question20: Given the screenshot what two types of route is the administrator configuring? (Choose two )

Question21: Which security policy rule would be needed to match traffic that passes between the Outside zone and Inside zone, but does not match traffic that passes within the zones?

Question22: Which type of administrative role must you assign to a firewall administrator account, if the account must include a custom set of firewall permissions?

Question23: Which two Palo Alto Networks security management tools provide a consolidated creation of policies, centralized management and centralized threat intelligence. (Choose two.)

Question24: How do you reset the hit count on a security policy rule?

Question25: An internal host wants to connect to servers of the internet through using source NAT.
Which policy is required to enable source NAT on the firewall?

Question26: Which firewall plane provides configuration, logging, and reporting functions on a separate processor?

Question27: Which two components are utilized within the Single-Pass Parallel Processing architecture on a Palo Alto Networks Firewall? (Choose two.)

Question28: What is the minimum timeframe that can be set on the firewall to check for new WildFire signatures?

Question29: In which profile should you configure the DNS Security feature?

Question30: Which interface type can use virtual routers and routing protocols?

Question31: A server-admin in the USERS-zone requires SSH-access to all possible servers in all current and future Public Cloud environments. All other required connections have already been enabled between the USERS- and the OUTSIDE-zone. What configuration-changes should the Firewall-admin make?

Question32: What are two differences between an implicit dependency and an explicit dependency in App-ID? (Choose two.)

Question33: The Palo Alto Networks NGFW was configured with a single virtual router named VR-1 What changes are required on VR-1 to route traffic between two interfaces on the NGFW>

Question34: Which user mapping method could be used to discover user IDs in an environment with multiple Windows domain controllers?

Question35: What are three differences between security policies and security profiles? (Choose three.)

Question36: Which two statements are correct about App-ID content updates? (Choose two.)

Question37: Match the network device with the correct User-ID technology.

Question38: Order the steps needed to create a new security zone with a Palo Alto Networks firewall.

Question39: An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment?

Question40: Which three statement describe the operation of Security Policy rules or Security Profiles? (Choose three)

Question41: Which administrator type utilizes predefined roles for a local administrator account?

Question42: What is an advantage for using application tags?

Question43: The PowerBall Lottery has reached a high payout amount and a company has decided to help employee morale by allowing employees to check the number, but doesn't want to unblock the gambling URL category.
Which two methods will allow the employees to get to the PowerBall Lottery site without the company unlocking the gambling URL category? (Choose two.)

Question44: Which three configuration settings are required on a Palo Alto networks firewall management interface?

Question45: Based on the screenshot presented which column contains the link that when clicked opens a window to display all applications matched to the policy rule?

Question46: Which two configuration settings shown are not the default? (Choose two.)

Question47: Which statement is true about Panorama managed devices?

Question48: Users from the internal zone need to be allowed to Telnet into a server in the DMZ zone.
Complete the security policy to ensure only Telnet is allowed.
Security Policy: Source Zone: Internal to DMZ Zone __________services "Application defaults", and action = Allow

Question49: Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping.
What is the quickest way to reset the hit counter to zero in all the security policy rules?

Question50: Which type firewall configuration contains in-progress configuration changes?

Question51: Your company occupies one floor in a single building you have two active directory domain controllers on a single networks the firewall s management plane is only slightly utilized.
Which user-ID agent sufficient in your network?

Question52: Which Palo Alto networks security operating platform service protects cloud-based application such as Dropbox and salesforce by monitoring permissions and shared and scanning files for Sensitive information?

Question53: An administrator has configured a Security policy where the matching condition includes a single application and the action is deny If the application s default deny action is reset-both what action does the firewall take*?

Question54: An administrator is reviewing another administrator s Security policy log settings Which log setting configuration is consistent with best practices tor normal traffic?

Question55: Which path in PAN-OS 10.0 displays the list of port-based security policy rules?

Question56: Starting with PAN_OS version 9.1 which new type of object is supported for use within the user field of a security policy rule?

Question57: What do dynamic user groups you to do?