EMT Practice Test

1. Question Content...


Question List

Question1: Which Palo Alto networks security operating platform service protects cloud-based application such as Dropbox and salesforce by monitoring permissions and shared and scanning files for Sensitive information?

Question2: An administrator has configured a Security policy where the matching condition includes a single application and the action is deny.
If the application s default deny action is reset-both what action does the firewall take*?

Question3: Which three statement describe the operation of Security Policy rules or Security Profiles? (Choose three)

Question4: An administrator would like to see the traffic that matches the interzone-default rule in the traffic logs.
What is the correct process to enable this logging?

Question5: Which User-ID mapping method should be used for an environment with clients that do not authenticate to Windows Active Directory?

Question6: Which DNS Query action is recommended for traffic that is allowed by Security policy and matches Palo Alto Networks Content DNS Signatures?

Question7: Which component provides network security for mobile endpoints by inspecting traffic routed through gateways?

Question8: How often are new and modified threat signatures and modified applications signatures published?

Question9: Which firewall plane provides configuration, logging, and reporting functions on a separate processor?

Question10: Which type of security policy rule will match traffic that flows between the Outside zone and inside zone, but would not match traffic that flows within the zones?

Question11: An address object of type IP Wildcard Mask can be referenced in which part of the configuration?

Question12: The PowerBall Lottery has reached an unusually high value this week. Your company has decided to raise morale by allowing employees to access the PowerBall Lottery website (www.powerball.com) for just this week. However, the company does not want employees to access any other websites also listed in the URL filtering "gambling" category.
Which method allows the employees to access the PowerBall Lottery website but without unblocking access to the "gambling" URL category?

Question13: What is an advantage for using application tags?

Question14: What two authentication methods on the Palo Alto Networks firewalls support authentication and authorization for role-based access control? (Choose two.)

Question15: You must configure which firewall feature to enable a data-plane interface to submit DNS queries on behalf of the control plane?

Question16: Which two rule types allow the administrator to modify the destination zone? (Choose two )

Question17: Which security policy rule would be needed to match traffic that passes between the Outside zone and Inside zone, but does not match traffic that passes within the zones?

Question18: Which type of administrative role must you assign to a firewall administrator account, if the account must include a custom set of firewall permissions?

Question19: The CFO found a malware infected USB drive in the parking lot, which when inserted infected their corporate laptop.the malware contacted a known command- and-control server, which caused the infected laptop to begin exfiltrating corporate data.
Which security profile feature could have been used to prevent the communication with the command-and- control server?

Question20: What is the correct process tor creating a custom URL category?

Question21: Which service protects cloud-based applications such as Dropbox and Salesforce by administering permissions and scanning files for sensitive information?

Question22: Which path is used to save and load a configuration with a Palo Alto Networks firewall?

Question23: What does an administrator use to validate whether a session is matching an expected NAT policy?

Question24: Which solution is a viable option to capture user identification when Active Directory is not in use?

Question25: In which stage of the Cyber-Attack Lifecycle would the attacker inject a PDF file within an email?

Question26: Assume that traffic matches a Security policy rule but the attached Security Profiles is configured to block matching traffic.
Which statement accurately describes how the firewall will apply an action to matching traffic?

Question27: Which data-plane processor layer of the graphic shown provides uniform matching for spyware and vulnerability exploits on a Palo Alto Networks Firewall?

Question28: Selecting the option to revert firewall changes will replace what settings?

Question29: In a security policy what is the quickest way to rest all policy rule hit counters to zero?

Question30: A Security Profile can block or allow traffic at which point?

Question31: Which type firewall configuration contains in-progress configuration changes?

Question32: Your company requires positive username attribution of every IP address used by wireless devices to support a new compliance requirement. You must collect IP- to-user mappings as soon as possible with minimal downtime and minimal configuration changes to the wireless devices themselves. The wireless devices are from various manufactures.
Given the scenario, choose the option for sending IP-to-user mappings to the NGFW.

Question33: Which statement is true regarding a Heatmap report?

Question34: Assume a custom URL Category Object of "NO-FILES" has been created to identify a specific website.
How can file uploading/downloading be restricted for the website while permitting general browsing access to that website?

Question35: An administrator wants to prevent users from submitting corporate credentials in a phishing attack.
Which Security profile should be applied?

Question36: An administrator is reviewing another administrator's Security policy log settings.
Which log setting configuration is consistent with best practices for normal traffic?

Question37: Your company occupies one floor in a single building. You have two Active Directory domain controllers on a single network. The firewall's management plane is only slightly utilized.
Which User-ID agent is sufficient in your network?

Question38: Which tab would an administrator click to create an address object?

Question39: Which type of firewall configuration contains in-progress configuration changes?

Question40: How frequently can WildFire updates be made available to firewalls?

Question41: Based on the screenshot what is the purpose of the included groups?

Question42: Actions can be set for which two items in a URL filtering security profile? (Choose two.)

Question43: An administrator would like to override the default deny action for a given application, and instead would like to block the traffic and send the ICMP code
"communication with the destination is administratively prohibited".
Which security policy action causes this?

Question44: What must be configured for the firewall to access multiple authentication profiles for external services to authenticate a non-local account?

Question45: Which option shows the attributes that are selectable when setting up application filters?

Question46: In which profile should you configure the DNS Security feature?

Question47: Which plane on a Palo alto networks firewall provides configuration logging and reporting functions on a separate processor?

Question48: You receive notification about new malware that infects hosts through malicious files transferred by FTP.
Which Security profile detects and protects your internal networks from this threat after you update your firewall's threat signature database?

Question49: An internal host wants to connect to servers of the internet through using source NAT. Which policy is required to enable source NAT on the firewall?

Question50: You have been tasked to configure access to a new web server located in the DMZ.
Based on the diagram what configuration changes are required in the NGFW virtual router to route traffic from the 10.1.1.0/24 network to 192 168 1 0/24?

Question51: An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the administrator need to monitor and block to mitigate the malicious activity?

Question52: Which license must an Administrator acquire prior to downloading Antivirus Updates for use with the firewall?

Question53: What are three factors that can be used in domain generation algorithms? (Choose three.)

Question54: What is the purpose of the automated commit recovery feature?

Question55: How many zones can an interface be assigned with a Palo Alto Networks firewall?

Question56: At which point in the app-ID update process can you determine if an existing policy rule is affected by an app-ID update?

Question57: Which stage of the cyber-attack lifecycle makes it important to provide ongoing education to users on spear phishing links, unknown emails, and risky websites?

Question58: Which two App-ID applications will need to be allowed to use Facebook-chat? (Choose two.)

Question59: You receive notification about a new malware that infects hosts. An infection results in the infected host attempting to contact a command-and-control server.
Which Security Profile detects and prevents this threat from establishing a command-and-control connection?

Question60: How does an administrator schedule an Applications and Threats dynamic update while delaying installation of the update for a certain amount of time?

Question61: Given the image, which two options are true about the Security policy rules. (Choose two.)

Question62: Which type of administrator account cannot be used to authenticate user traffic flowing through the firewall's data plane?

Question63: Which interface does not require a MAC or IP address?

Question64: The CFO found a USB drive in the parking lot and decide to plug it into their corporate laptop. The USB drive had malware on it that loaded onto their computer and then contacted a known command and control (CnC) server, which ordered the infected machine to begin Exfiltrating data from the laptop.
Which security profile feature could have been used to prevent the communication with the CnC server?

Question65: Given the topology, which zone type should zone A and zone B to be configured with?

Question66: Drag and Drop Question
Match each feature to the DoS Protection Policy or the DoS Protection Profile.
Select and Place:

Question67: What do Dynamic User Groups help you to do?

Question68: Starting with PAN-OS version 9.1, which new type of object is supported for use within the User field of a Security policy rule?

Question69: What action will inform end users when their access to Internet content is being restricted?

Question70: Which objects would be useful for combining several services that are often defined together?

Question71: What are two predefined AntiSpyware profiles? (Choose two.)

Question72: Based on the screenshot what is the purpose of the group in User labelled ''it"?

Question73: Which two settings allow you to restrict access to the management interface? (Choose two )

Question74: Which statement is true regarding a Best Practice Assessment?

Question75: An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment?

Question76: In a Security policy, what is the quickest way to reset all policy rule hit counters to zero?

Question77: What is a prerequisite before enabling an administrative account which relies on a local firewall user database?

Question78: An administrator would like to determine the default deny action for the application dns-over-https. Which action would yield the information?

Question79: What can be achieved by selecting a policy target prior to pushing policy rules from Panorama?

Question80: What are three differences between security policies and security profiles? (Choose three.)

Question81: The Port Mapping user mapping method can monitor which two types of environments? (Choose two.)

Question82: Which interface type can use virtual routers and routing protocols?

Question83: Which two components are utilized within the Single-Pass Parallel Processing architecture on a Palo Alto Networks Firewall? (Choose two.)

Question84: A network has 10 domain controllers, multiple WAN links, and a network infrastructure with bandwidth needed to support mission-critical applications. Given the scenario, which type of User-ID agent is considered a best practice by Palo Alto Networks?

Question85: An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command- and-control (C2) server. Which two security profile components will detect and prevent this threat after the firewall's signature database has been updated?
(Choose two.)

Question86: You have been tasked to configure access to a new web server located in the DMZ.
Based on the diagram what configuration changes are required in the NGFW virtual router to route traffic from the 10.1.1.0/24 network to 192.168.1.0/24?