EMT Practice Test

1. Question Content...


Question List

Question1: What is a function of application tags?

Question2: Which administrator type utilizes predefined roles for a local administrator account?

Question3: Which path is used to save and load a configuration with a Palo Alto Networks firewall?

Question4: What are three Palo Alto Networks best practices when implementing the DNS Security Service? (Choose three.)

Question5: Given the topology, which zone type should zone A and zone B to be configured with?

Question6: Based on the screenshot presented which column contains the link that when clicked opens a window to display all applications matched to the policy rule?

Question7: Which type of address object is www.paloaltonetworks.com?

Question8: How many zones can an interface be assigned with a Palo Alto Networks firewall?

Question9: An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains.
Which type of single unified engine will get this result?

Question10: Users from the internal zone need to be allowed to Telnet into a server in the DMZ zone.
Complete the security policy to ensure only Telnet is allowed.
Security Policy: Source Zone: Internal to DMZ Zone __________services "Application defaults", and action = Allow

Question11: An administrator needs to create a Security policy rule that matches DNS traffic within the LAN zone, and also needs to match DNS traffic within the DMZ zone The administrator does not want to allow traffic between the DMZ and LAN zones.
Which Security policy rule type should they use?

Question12: An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command-and-control (C2) server. Which two security profile components will detect and prevent this threat after the firewall's signature database has been updated? (Choose two.)

Question13: You must configure which firewall feature to enable a data-plane interface to submit DNS queries on behalf of the control plane?

Question14: Given the network diagram, traffic should be permitted for both Trusted and Guest users to access general Internet and DMZ servers using SSH. web-browsing and SSL applications Which policy achieves the desired results?
A)

B)

C)

D)

Question15: The compliance officer requests that all evasive applications need to be blocked on all perimeter firewalls out to the internet The firewall is configured with two zones;
1. trust for internal networks
2. untrust to the internet
Based on the capabilities of the Palo Alto Networks NGFW, what are two ways to configure a security policy using App-ID to comply with this request? (Choose two )

Question16: Which license must an Administrator acquire prior to downloading Antivirus Updates for use with the firewall?

Question17: In which profile should you configure the DNS Security feature?

Question18: What action will inform end users when their access to Internet content is being restricted?

Question19: Place the following steps in the packet processing order of operations from first to last.

Question20: What two authentication methods on the Palo Alto Networks firewalls support authentication and authorization for role-based access control? (Choose two.)

Question21: Which administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact and command-and-control (C2) server.
Which security profile components will detect and prevent this threat after the firewall`s signature database has been updated?

Question22: The firewall sends employees an application block page when they try to access Youtube.
Which Security policy rule is blocking the youtube application?

Question23: Which URL profiling action does not generate a log entry when a user attempts to access that URL?

Question24: What is considered best practice with regards to committing configuration changes?

Question25: Which statements is true regarding a Heatmap report?

Question26: Which tab would an administrator click to create an address object?

Question27: What must be configured before setting up Credential Phishing Prevention?

Question28: Which three configuration settings are required on a Palo Alto networks firewall management interface?

Question29: Which two rule types allow the administrator to modify the destination zone? (Choose two )

Question30: An administrator is troubleshooting an issue with traffic that matches the intrazone-default rule, which is set to default configuration.
What should the administrator do?

Question31: Which objects would be useful for combining several services that are often defined together?

Question32: After making multiple changes to the candidate configuration of a firewall, the administrator would like to start over with a candidate configuration that matches the running configuration.
Which command in Device > Setup > Operations would provide the most operationally efficient way to accomplish this?

Question33: What must be considered with regards to content updates deployed from Panorama?

Question34: Which Palo Alto networks security operating platform service protects cloud-based application such as Dropbox and salesforce by monitoring permissions and shared and scanning files for Sensitive information?

Question35: Which feature would be useful for preventing traffic from hosting providers that place few restrictions on content, whose services are frequently used by attackers to distribute illegal or unethical material?

Question36: Given the Cyber-Attack Lifecycle diagram, identify the stage in which the attacker can initiate malicious code against a targeted machine.

Question37: Which action results in the firewall blocking network traffic with out notifying the sender?

Question38: Refer to the exhibit. An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the specific server based on the application, where Host A (10.1.1.100) receives HTTP traffic and Host B (10.1.1.101) receives SSH traffic.

Which two Security policy rules will accomplish this configuration? (Choose two.)

Question39: All users from the internal zone must be allowed only Telnet access to a server in the DMZ zone. Complete the two empty fields in the Security Policy rules that permits only this type of access.

Choose two.

Question40: Which three statement describe the operation of Security Policy rules or Security Profiles? (Choose three)

Question41: An administrator is investigating a log entry for a session that is allowed and has the end reason of aged-out. Which two fields could help in determining if this is normal? (Choose two.)

Question42: Which interface does not require a MAC or IP address?

Question43: For the firewall to use Active Directory to authenticate users, which Server Profile is required in the Authentication Profile?

Question44: Which action related to App-ID updates will enable a security administrator to view the existing security policy rule that matches new application signatures?

Question45: Which option is part of the content inspection process?

Question46: You receive notification about new malware that is being used to attack hosts The malware exploits a software bug in a common application Which Security Profile detects and blocks access to this threat after you update the firewall's threat signature database?

Question47: An administrator wishes to follow best practices for logging traffic that traverses the firewall Which log setting is correct?

Question48: A network administrator is required to use a dynamic routing protocol for network connectivity.
Which three dynamic routing protocols are supported by the NGFW Virtual Router for this purpose? (Choose three.)

Question49: Which Security profile would you apply to identify infected hosts on the protected network using DNS traffic?

Question50: Which type of profile must be applied to the Security policy rule to protect against buffer overflows illegal code execution and other attempts to exploit system flaws''

Question51: Which object would an administrator create to enable access to all applications in the office-programs subcategory?

Question52: URL categories can be used as match criteria on which two policy types? (Choose two.)

Question53: According to the best practices for mission critical devices, what is the recommended interval for antivirus updates?

Question54: What is a recommended consideration when deploying content updates to the firewall from Panorama?

Question55: Assume that traffic matches a Security policy rule but the attached Security Profiles is configured to block matching traffic Which statement accurately describes how the firewall will apply an action to matching traffic?

Question56: Which statement is true regarding a Best Practice Assessment?

Question57: An administrator is configuring a NAT rule
At a minimum, which three forms of information are required? (Choose three.)

Question58: You receive notification about new malware that infects hosts through malicious files transferred by FTP.
Which Security profile detects and protects your internal networks from this threat after you update your firewall's threat signature database?

Question59: Which action can be set in a URL Filtering Security profile to provide users temporary access to all websites in a given category using a provided password?

Question60: What does an administrator use to validate whether a session is matching an expected NAT policy?

Question61: Assume a custom URL Category Object of "NO-FILES" has been created to identify a specific website How can file uploading/downloading be restricted for the website while permitting general browsing access to that website?

Question62: Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping.
What is the quickest way to reset the hit counter to zero in all the security policy rules?

Question63: Which interface type is used to monitor traffic and cannot be used to perform traffic shaping?

Question64: How frequently can wildfire updates be made available to firewalls?

Question65: Refer to the exhibit. A web server in the DMZ is being mapped to a public address through DNAT.

Which Security policy rule will allow traffic to flow to the web server?

Question66: Which two settings allow you to restrict access to the management interface? (Choose two )

Question67: Based on the security policy rules shown, ssh will be allowed on which port?

Question68: The PowerBall Lottery has reached a high payout amount and a company has decided to help employee morale by allowing employees to check the number, but doesn't want to unblock the gambling URL category.
Which two methods will allow the employees to get to the PowerBall Lottery site without the company unlocking the gambling URL category? (Choose two.)

Question69: Which object would an administrator create to block access to all high-risk applications?

Question70: The CFO found a USB drive in the parking lot and decide to plug it into their corporate laptop. The USB drive had malware on it that loaded onto their computer and then contacted a known command and control (CnC) server, which ordered the infected machine to begin Exfiltrating data from the laptop.
Which security profile feature could have been used to prevent the communication with the CnC server?

Question71: What is the correct process tor creating a custom URL category?

Question72: Which statement best describes the use of Policy Optimizer?

Question73: Match the network device with the correct User-ID technology.

Question74: Which attribute can a dynamic address group use as a filtering condition to determine its membership?

Question75: Which type of address object is "10 5 1 1/0 127 248 2"?

Question76: Actions can be set for which two items in a URL filtering security profile? (Choose two.)

Question77: An administrator would like to override the default deny action for a given application and instead would like to block the traffic and send the ICMP code "communication with the destination is administratively prohibited" Which security policy action causes this?

Question78: A Security Profile can block or allow traffic at which point?

Question79: Which statement is true about Panorama managed devices?

Question80: How do you reset the hit count on a security policy rule?

Question81: Match the cyber-attack lifecycle stage to its correct description.

Question82: When creating a Source NAT policy, which entry in the Translated Packet tab will display the options Dynamic IP and Port, Dynamic, Static IP, and None?

Question83: Match the Cyber-Attack Lifecycle stage to its correct description.

Question84: Which User-ID agent would be appropriate in a network with multiple WAN links, limited network bandwidth, and limited firewall management plane resources?

Question85: Arrange the correct order that the URL classifications are processed within the system.

Question86: What allows a security administrator to preview the Security policy rules that match new application signatures?

Question87: An internal host wants to connect to servers of the internet through using source NAT.
Which policy is required to enable source NAT on the firewall?

Question88: Which URL Filtering Profile action does not generate a log entry when a user attempts to access a URL?

Question89: Which administrative management services can be configured to access a management interface?