EMT Practice Test

1. Question Content...


Question List

Question1: After making multiple changes to the candidate configuration of a firewall, the administrator would like to start over with a candidate configuration that matches the running configuration.
Which command in Device > Setup > Operations would provide the most operationally efficient way to accomplish this?

Question2: What can be achieved by disabling the Share Unused Address and Service Objects with Devices setting on Panorama?

Question3: Which administrator type provides more granular options to determine what the administrator can view and modify when creating an administrator account?

Question4: An administrator is configuring a NAT rule
At a minimum, which three forms of information are required? (Choose three.)

Question5: Assume that traffic matches a Security policy rule but the attached Security Profiles is configured to block matching traffic Which statement accurately describes how the firewall will apply an action to matching traffic?

Question6: Given the network diagram, traffic should be permitted for both Trusted and Guest users to access general Internet and DMZ servers using SSH. web-browsing and SSL applications Which policy achieves the desired results?

Question7: Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)

Question8: What are two differences between an implicit dependency and an explicit dependency in App-ID? (Choose two.)

Question9: Which license must an administrator acquire prior to downloading Antivirus updates for use with the firewall?

Question10: A server-admin in the USERS-zone requires SSH-access to all possible servers in all current and future Public Cloud environments. All other required connections have already been enabled between the USERS- and the OUTSIDE-zone. What configuration-changes should the Firewall-admin make?

Question11: Arrange the correct order that the URL classifications are processed within the system.

Question12: Match the cyber-attack lifecycle stage to its correct description.

Question13: An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the administrator need to monitor and block to mitigate the malicious activity?

Question14: Which type of profile must be applied to the Security policy rule to protect against buffer overflows illegal code execution and other attempts to exploit system flaws?

Question15: Which path is used to save and load a configuration with a Palo Alto Networks firewall?

Question16: Which Security profile can you apply to protect against malware such as worms and Trojans?

Question17: Which plane on a Palo alto networks firewall provides configuration logging and reporting functions on a separate processor?

Question18: Which tab would an administrator click to create an address object?

Question19: What is an advantage for using application tags?

Question20: What are the requirements for using Palo Alto Networks EDL Hosting Sen/ice?

Question21: An administrator is trying to enforce policy on some (but not all) of the entries in an external dynamic list. What is the maximum number of entries that they can be exclude?

Question22: Based on the graphic, what is the purpose of the SSL/TLS Service profile configuration option?

Question23: Your company occupies one floor in a single building you have two active directory domain controllers on a single networks the firewall s management plane is only slightly utilized.
Which user-ID agent sufficient in your network?

Question24: An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command-and-control (C2) server. Which two security profile components will detect and prevent this threat after the firewall's signature database has been updated? (Choose two.)

Question25: Which two features can be used to tag a username so that it is included in a dynamic user group? (Choose two.)

Question26: When creating a Panorama administrator type of Device Group and Template Admin, which two things must you create first? (Choose two.)

Question27: You have been tasked to configure access to a new web server located in the DMZ Based on the diagram what configuration changes are required in the NGFW virtual router to route traffic from the 10 1 1 0/24 network to 192 168 1 0/24?

Question28: What is the maximum volume of concurrent administrative account sessions?

Question29: Place the steps in the correct packet-processing order of operations.

Question30: Place the following steps in the packet processing order of operations from first to last.

Question31: Which firewall feature do you need to configure to query Palo Alto Networks service updates over a data-plane interface instead of the management interface?

Question32: Given the cyber-attack lifecycle diagram identify the stage in which the attacker can run malicious code against a vulnerability in a targeted machine.

Question33: Which Security profile would you apply to identify infected hosts on the protected network using DNS traffic?

Question34: Which data-plane processor layer of the graphic shown provides uniform matching for spyware and vulnerability exploits on a Palo Alto Networks Firewall?

Question35: Which URL Filtering profile action would you set to allow users the option to access a site only if they provide a URL admin password?

Question36: Which interface type is used to monitor traffic and cannot be used to perform traffic shaping?

Question37: Which license must an Administrator acquire prior to downloading Antivirus Updates for use with the firewall?

Question38: In the example security policy shown, which two websites fcked? (Choose two.)

Question39: You receive notification about a new malware that infects hosts An infection results in the infected host attempting to contact a command-and-control server Which Security Profile when applied to outbound Security policy rules detects and prevents this threat from establishing a command-and-control connection?

Question40: What are three Palo Alto Networks best practices when implementing the DNS Security Service? (Choose three.)

Question41: A network has 10 domain controllers, multiple WAN links, and a network infrastructure with bandwidth needed to support mission-critical applications. Given the scenario, which type of User-ID agent is considered a best practice by Palo Alto Networks?

Question42: Which component is a building block in a Security policy rule?

Question43: Which Palo Alto network security operating platform component provides consolidated policy creation and centralized management?

Question44: An administrator is updating Security policy to align with best practices.
Which Policy Optimizer feature is shown in the screenshot below?

Question45: What is the purpose of the automated commit recovery feature?

Question46: Where within the firewall GUI can all existing tags be viewed?

Question47: Which action related to App-ID updates will enable a security administrator to view the existing security policy rule that matches new application signatures?

Question48: Four configuration choices are listed, and each could be used to block access to a specific URL. If you configured each choices to block the sameURL then which choice would be the last to block access to the URL?

Question49: You receive notification about new malware that infects hosts through malicious files transferred by FTP.
Which Security profile detects and protects your internal networks from this threat after you update your firewall's threat signature database?

Question50: An administrator wants to prevent access to media content websites that are risky Which two URL categories should be combined in a custom URL category to accomplish this goal? (Choose two)

Question51: What allows a security administrator to preview the Security policy rules that match new application signatures?

Question52: Why should a company have a File Blocking profile that is attached to a Security policy?

Question53: What is the correct process tor creating a custom URL category?

Question54: Which statement best describes the use of Policy Optimizer?

Question55: Which type security policy rule would match traffic flowing between the inside zone and outside zone within the inside zone and within the outside zone?

Question56: Within an Anti-Spyware security profile, which tab is used to enable machine learning based engines?

Question57: An administrator would like to see the traffic that matches the interzone-default rule in the traffic logs.
What is the correct process to enable this logging1?

Question58: You need to allow users to access the office-suite application of their choice. How should you configure the firewall to allow access to any office-suite application?

Question59: What must be considered with regards to content updates deployed from Panorama?

Question60: How many zones can an interface be assigned with a Palo Alto Networks firewall?

Question61: An administrator would like to determine the default deny action for the application dns-over-https Which action would yield the information?

Question62: Which Palo Alto Networks firewall security platform provides network security for mobile endpoints by inspecting traffic deployed as internet gateways?

Question63: Given the image, which two options are true about the Security policy rules. (Choose two.)

Question64: Which profile should be used to obtain a verdict regarding analyzed files?

Question65: Which object would an administrator create to block access to all high-risk applications?

Question66: Which three statement describe the operation of Security Policy rules or Security Profiles? (Choose three)

Question67: The PowerBall Lottery has reached a high payout amount and a company has decided to help employee morale by allowing employees to check the number, but doesn't want to unblock the gambling URL category.
Which two methods will allow the employees to get to the PowerBall Lottery site without the company unlocking the gambling URL category? (Choose two.)

Question68: Assume a custom URL Category Object of "NO-FILES" has been created to identify a specific website How can file uploading/downloading be restricted for the website while permitting general browsing access to that website?

Question69: Which DNS Query action is recommended for traffic that is allowed by Security policy and matches Palo Alto Networks Content DNS Signatures?

Question70: What do you configure if you want to set up a group of objects based on their ports alone?

Question71: An administrator would like to use App-ID's deny action for an application and would like that action updated with dynamic updates as new content becomes available.
Which security policy action causes this?

Question72: Which stage of the cyber-attack lifecycle makes it important to provide ongoing education to users on spear phishing links, unknown emails, and risky websites?

Question73: A network administrator is required to use a dynamic routing protocol for network connectivity.
Which three dynamic routing protocols are supported by the NGFW Virtual Router for this purpose? (Choose three.)

Question74: Which URL Filtering Profile action does not generate a log entry when a user attempts to access a URL?

Question75: An administrator is troubleshooting traffic that should match the interzone-default rule. However, the administrator doesn't see this traffic in the traffic logs on the firewall. The interzone-default was never changed from its default configuration.
Why doesn't the administrator see the traffic?

Question76: In a security policy what is the quickest way to rest all policy rule hit counters to zero?

Question77: In which section of the PAN-OS GUI does an administrator configure URL Filtering profiles?

Question78: Why does a company need an Antivirus profile?

Question79: What is a function of application tags?

Question80: Your company is highly concerned with their Intellectual property being accessed by unauthorized resources. There is a mature process to store and include metadata tags for all confidential documents.
Which Security profile can further ensure that these documents do not exit the corporate network?

Question81: If users from the Trusted zone need to allow traffic to an SFTP server in the DMZ zone, how should a Security policy with App-ID be configured?

Question82: What can be used as match criteria for creating a dynamic address group?

Question83: An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment?

Question84: An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains.
Which type of single unified engine will get this result?

Question85: An administrator would like to apply a more restrictive Security profile to traffic for file sharing applications. The administrator does not want to update the Security policy or object when new applications are released.
Which object should the administrator use as a match condition in the Security policy?

Question86: Which URL profiling action does not generate a log entry when a user attempts to access that URL?

Question87: Which type of address object is www.paloaltonetworks.com?

Question88: Selecting the option to revert firewall changes will replace what settings?

Question89: Which link in the web interface enables a security administrator to view the security policy rules that match new application signatures?

Question90: Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?

Question91: To what must an interface be assigned before it can process traffic?

Question92: Starting with PAN_OS version 9.1 which new type of object is supported for use within the user field of a security policy rule?

Question93: What does an application filter help you to do?

Question94: How frequently can wildfire updates be made available to firewalls?

Question95: When HTTPS for management and GlobalProtect are enabled on the same interface, which TCP port is used for management access?

Question96: What are three valid ways to map an IP address to a username? (Choose three.)

Question97: To use Active Directory to authenticate administrators, which server profile is required in the authentication profile?

Question98: Which two configuration settings shown are not the default? (Choose two.)

Question99: The CFO found a malware infected USB drive in the parking lot, which when inserted infected their corporate laptop the malware contacted a known command-and-control server which exfiltrating corporate data.
Which Security profile feature could have been used to prevent the communications with the command-and-control server?

Question100: The PowerBall Lottery has reached an unusually high value this week. Your company has decided to raise morale by allowing employees to access the PowerBall Lottery website (www.powerball.com) for just this week. However, the company does not want employees to access any other websites also listed in the URL filtering "gambling" category.
Which method allows the employees to access the PowerBall Lottery website but without unblocking access to the "gambling" URL category?

Question101: The NetSec Manager asked to create a new firewall Local Administrator profile with customized privileges named NewAdmin. This new administrator has to authenticate without inserting any username or password to access the WebUI.
What steps should the administrator follow to create the New_Admin Administrator profile?

Question102: Which User Credential Detection method should be applied within a URL Filtering Security profile to check for the submission of a valid corporate username and the associated password?

Question103: Which type of administrator account cannot be used to authenticate user traffic flowing through the firewall's data plane?

Question104: Which statement is true regarding a Best Practice Assessment?

Question105: What are three differences between security policies and security profiles? (Choose three.)

Question106: Which definition describes the guiding principle of the zero-trust architecture?

Question107: How does an administrator schedule an Applications and Threats dynamic update while delaying installation of the update for a certain amount of time?

Question108: Which two security profile types can be attached to a security policy? (Choose two.)

Question109: Which license is required to use the Palo Alto Networks built-in IP address EDLs?

Question110: Given the detailed log information above, what was the result of the firewall traffic inspection?

Question111: Which built-in IP address EDL would be useful for preventing traffic from IP addresses that are verified as unsafe based on WildFire analysis Unit 42 research and data gathered from telemetry?

Question112: What are three valid information sources that can be used when tagging users to dynamic user groups? (Choose three.)

Question113: Which two matching criteria are used when creating a Security policy involving NAT? (Choose two.)

Question114: Which two Palo Alto Networks security management tools provide a consolidated creation of policies, centralized management and centralized threat intelligence. (Choose two.)

Question115: Which rule type is appropriate for matching traffic both within and between the source and destination zones?

Question116: An internal host wants to connect to servers of the internet through using source NAT.
Which policy is required to enable source NAT on the firewall?

Question117: Match each feature to the DoS Protection Policy or the DoS Protection Profile.

Question118: How do you reset the hit count on a security policy rule?

Question119: Match the Cyber-Attack Lifecycle stage to its correct description.

Question120: Based on the graphic which statement accurately describes the output shown in the server monitoring panel?

Question121: Which User-ID mapping method should be used for an environment with clients that do not authenticate to Windows Active Directory?

Question122: Which two App-ID applications will need to be allowed to use Facebook-chat? (Choose two.)

Question123: Which Security profile must be added to Security policies to enable DNS Signatures to be checked?

Question124: All users from the internal zone must be allowed only Telnet access to a server in the DMZ zone. Complete the two empty fields in the Security Policy rules that permits only this type of access.

Choose two.

Question125: An administrator wants to prevent users from submitting corporate credentials in a phishing attack.
Which Security profile should be applied?

Question126: Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping.
What is the quickest way to reset the hit counter to zero in all the security policy rules?

Question127: Given the detailed log information above, what was the result of the firewall traffic inspection?