EMT Practice Test

1. Question Content...


Question List

Question1: Given the topology, which zone type should you configure for firewall interface E1/1?

Question2: An administrator would like to see the traffic that matches the interzone-default rule in the traffic logs.
What is the correct process to enable this logging1?

Question3: Access to which feature requires PAN-OS Filtering licens?

Question4: Which two statements are correct about App-ID content updates? (Choose two.)

Question5: Which data flow direction is protected in a zero trust firewall deployment that is not protected in a perimeter-only firewall deployment?

Question6: An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the administrator need to monitor and block to mitigate the malicious activity?

Question7: An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment?

Question8: Which administrative management services can be configured to access a management interface?

Question9: Given the network diagram, traffic should be permitted for both Trusted and Guest users to access general Internet and DMZ servers using SSH. web-browsing and SSL applications Which policy achieves the desired results?
A)

B)

C)

D)

Question10: Which statement best describes the use of Policy Optimizer?

Question11: Which two components are utilized within the Single-Pass Parallel Processing architecture on a Palo Alto Networks Firewall? (Choose two.)

Question12: Which prevention technique will prevent attacks based on packet count?

Question13: What is the correct process tor creating a custom URL category?

Question14: What is the main function of the Test Policy Match function?

Question15: URL categories can be used as match criteria on which two policy types? (Choose two.)

Question16: What are two differences between an implicit dependency and an explicit dependency in App-ID? (Choose two.)

Question17: What does an administrator use to validate whether a session is matching an expected NAT policy?

Question18: Which three types of authentication services can be used to authenticate user traffic flowing through the firewalls data plane? (Choose three )

Question19: Which two rule types allow the administrator to modify the destination zone? (Choose two )

Question20: An administrator wishes to follow best practices for logging traffic that traverses the firewall Which log setting is correct?

Question21: How does an administrator schedule an Applications and Threats dynamic update while delaying installation of the update for a certain amount of time?

Question22: What is the purpose of the automated commit recovery feature?

Question23: Which interface does not require a MAC or IP address?

Question24: Based on the graphic which statement accurately describes the output shown in the server monitoring panel?

Question25: The CFO found a malware infected USB drive in the parking lot, which when inserted infected their corporate laptop the malware contacted a known command-and-control server which exfiltrating corporate data.
Which Security profile feature could have been used to prevent the communications with the command-and-control server?

Question26: Given the topology, which zone type should zone A and zone B to be configured with?

Question27: Which three configuration settings are required on a Palo Alto networks firewall management interface?

Question28: You have been tasked to configure access to a new web server located in the DMZ Based on the diagram what configuration changes are required in the NGFW virtual router to route traffic from the 10 1 1 0/24 network to 192 168 1 0/24?

Question29: Which Palo Alto network security operating platform component provides consolidated policy creation and centralized management?

Question30: Which operations are allowed when working with App-ID application tags?

Question31: Which interface type can use virtual routers and routing protocols?

Question32: Complete the statement. A security profile can block or allow traffic____________

Question33: Which option lists the attributes that are selectable when setting up an Application filters?

Question34: Which dynamic update type includes updated anti-spyware signatures?

Question35: Match the Palo Alto Networks Security Operating Platform architecture to its description.

Question36: A Security Profile can block or allow traffic at which point?

Question37: Which option is part of the content inspection process?

Question38: Actions can be set for which two items in a URL filtering security profile? (Choose two.)

Question39: Which type of administrator account cannot be used to authenticate user traffic flowing through the firewall's data plane?

Question40: You receive notification about a new malware that infects hosts An infection results in the infected host attempting to contact a command-and-control server Which Security Profile when applied to outbound Security policy rules detects and prevents this threat from establishing a command-and-control connection?

Question41: Which plane on a Palo alto networks firewall provides configuration logging and reporting functions on a separate processor?

Question42: Which statement is true regarding a Prevention Posture Assessment?

Question43: What are three factors that can be used in domain generation algorithms? (Choose three.)

Question44: What must be configured for the firewall to access multiple authentication profiles for external services to authenticate a non-local account?

Question45: According to the best practices for mission critical devices, what is the recommended interval for antivirus updates?

Question46: Which the app-ID application will you need to allow in your security policy to use facebook-chat?

Question47: Based on the security policy rules shown, ssh will be allowed on which port?

Question48: An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains.
Which type of single unified engine will get this result?

Question49: Match the Cyber-Attack Lifecycle stage to its correct description.

Question50: The Palo Alto Networks NGFW was configured with a single virtual router named VR-1 What changes are required on VR-1 to route traffic between two interfaces on the NGFW?

Question51: Choose the option that correctly completes this statement. A Security Profile can block or allow traffic ____________.

Question52: Based on the graphic, what is the purpose of the SSL/TLS Service profile configuration option?

Question53: An administrator needs to create a Security policy rule that matches DNS traffic within the LAN zone, and also needs to match DNS traffic within the DMZ zone The administrator does not want to allow traffic between the DMZ and LAN zones.
Which Security policy rule type should they use?

Question54: How do you reset the hit count on a security policy rule?

Question55: Which service protects cloud-based applications such as Dropbox and Salesforce by administering permissions and scanning files for sensitive information?

Question56: Which protocol used to map username to user groups when user-ID is configured?

Question57: Which URL Filtering Profile action does not generate a log entry when a user attempts to access a URL?

Question58: Which URL Filtering profile action would you set to allow users the option to access a site only if they provide a URL admin password?

Question59: Which type of address object is "10 5 1 1/0 127 248 2"?

Question60: Given the Cyber-Attack Lifecycle diagram, identify the stage in which the attacker can initiate malicious code against a targeted machine.

Question61: The CFO found a USB drive in the parking lot and decide to plug it into their corporate laptop. The USB drive had malware on it that loaded onto their computer and then contacted a known command and control (CnC) server, which ordered the infected machine to begin Exfiltrating data from the laptop.
Which security profile feature could have been used to prevent the communication with the CnC server?

Question62: An administrator is reviewing another administrator s Security policy log settings Which log setting configuration is consistent with best practices tor normal traffic?

Question63: Which Security profile can you apply to protect against malware such as worms and Trojans?

Question64: Which User-ID mapping method should be used for an environment with clients that do not authenticate to Windows Active Directory?

Question65: How frequently can wildfire updates be made available to firewalls?

Question66: Which license must an administrator acquire prior to downloading Antivirus updates for use with the firewall?

Question67: The compliance officer requests that all evasive applications need to be blocked on all perimeter firewalls out to the internet The firewall is configured with two zones;
1. trust for internal networks
2. untrust to the internet
Based on the capabilities of the Palo Alto Networks NGFW, what are two ways to configure a security policy using App-ID to comply with this request? (Choose two )

Question68: How many zones can an interface be assigned with a Palo Alto Networks firewall?

Question69: In a security policy what is the quickest way to rest all policy rule hit counters to zero?

Question70: Which firewall plane provides configuration, logging, and reporting functions on a separate processor?

Question71: An administrator would like to determine the default deny action for the application dns-over-https Which action would yield the information?

Question72: What do dynamic user groups you to do?

Question73: Assume a custom URL Category Object of "NO-FILES" has been created to identify a specific website How can file uploading/downloading be restricted for the website while permitting general browsing access to that website?

Question74: An administrator would like to override the default deny action for a given application and instead would like to block the traffic and send the ICMP code "communication with the destination is administratively prohibited" Which security policy action causes this?

Question75: All users from the internal zone must be allowed only Telnet access to a server in the DMZ zone. Complete the two empty fields in the Security Policy rules that permits only this type of access.

Choose two.