EMT Practice Test

1. Question Content...


Question List

Question1: Which feature enables an administrator to review the Security policy rule base for unused rules?

Question2: Which objects would be useful for combining several services that are often defined together?

Question3: A network administrator is required to use a dynamic routing protocol for network connectivity.
Which three dynamic routing protocols are supported by the NGFW Virtual Router for this purpose? (Choose three.)

Question4: Which service protects cloud-based applications such as Dropbox and Salesforce by administering permissions and scanning files for sensitive information?

Question5: When is the content inspection performed in the packet flow process?

Question6: Which type of administrator account cannot be used to authenticate user traffic flowing through the firewall's data plane?

Question7: What two authentication methods on the Palo Alto Networks firewalls support authentication and authorization for role-based access control? (Choose two.)

Question8: Which administrator type utilizes predefined roles for a local administrator account?

Question9: During the App-ID update process, what should you click on to confirm whether an existing policy rule is affected by an App-ID update?

Question10: Where does a user assign a tag group to a policy rule in the policy creation window?

Question11: Which action can be set in a URL Filtering Security profile to provide users temporary access to all websites in a given category using a provided password?

Question12: Which interface type requires no routing or switching but applies Security or NAT policy rules before passing allowed traffic?

Question13: What are three Palo Alto Networks best practices when implementing the DNS Security Service? (Choose three.)

Question14: A network has 10 domain controllers, multiple WAN links, and a network infrastructure with bandwidth needed to support mission-critical applications. Given the scenario, which type of User-ID agent is considered a best practice by Palo Alto Networks?

Question15: An administrator is troubleshooting an issue with traffic that matches the intrazone-default rule, which is set to default configuration.
What should the administrator do?

Question16: Match each feature to the DoS Protection Policy or the DoS Protection Profile.

Question17: Which three types of Source NAT are available to users inside a NGFW? (Choose three.)

Question18:
Given the network diagram, traffic should be permitted for both Trusted and Guest users to access general Internet and DMZ servers using SSH. web-browsing and SSL applications Which policy achieves the desired results?

Question19: What does an administrator use to validate whether a session is matching an expected NAT policy?

Question20: Which two DNS policy actions in the anti-spyware security profile can prevent hacking attacks through DNS queries to malicious domains? (Choose two.)

Question21: Based on the screenshot what is the purpose of the group in User labelled ''it"?

Question22: Given the topology, which zone type should zone A and zone B to be configured with?

Question23: An administrator is reviewing another administrator s Security policy log settings Which log setting configuration is consistent with best practices tor normal traffic?

Question24: Prior to a maintenance-window activity, the administrator would like to make a backup of only the running configuration to an external location.
What command in Device > Setup > Operations would provide the most operationally efficient way to achieve this outcome?

Question25: How many zones can an interface be assigned with a Palo Alto Networks firewall?

Question26: The firewall sends employees an application block page when they try to access Youtube.
Which Security policy rule is blocking the youtube application?

Question27: Which administrator type provides more granular options to determine what the administrator can view and modify when creating an administrator account?

Question28: An administrator wants to prevent access to media content websites that are risky Which two URL categories should be combined in a custom URL category to accomplish this goal? (Choose two)

Question29: What allows a security administrator to preview the Security policy rules that match new application signatures?

Question30: Starting with PAN-OS version 9.1, application dependency information is now reported in which two locations? (Choose two.)

Question31: In which three places on the PAN-OS interface can the application characteristics be found? (Choose three.)

Question32: Which type of address object is "10 5 1 1/0 127 248 2"?

Question33: Based on the image provided, which two statements apply to the Security policy rules? (Choose two.)

Question34: Which option is part of the content inspection process?

Question35: Which solution is a viable option to capture user identification when Active Directory is not in use?

Question36: What are two valid selections within an Anti-Spyware profile? (Choose two.)

Question37: For the firewall to use Active Directory to authenticate users, which Server Profile is required in the Authentication Profile?

Question38: An administrator needs to create a Security policy rule that matches DNS traffic within the LAN zone, and also needs to match DNS traffic within the DMZ zone The administrator does not want to allow traffic between the DMZ and LAN zones.
Which Security policy rule type should they use?

Question39: Which table for NAT and NPTv6 (IPv6-to-IPv6 Network Prefix Translation) settings is available only on Panorama?

Question40: Where in Panorama Would Zone Protection profiles be configured?

Question41: Which three Ethernet interface types are configurable on the Palo Alto Networks firewall? (Choose three.)

Question42: An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the administrator need to monitor and block to mitigate the malicious activity?

Question43: What are three valid information sources that can be used when tagging users to dynamic user groups?
(Choose three.)

Question44: Which URL profiling action does not generate a log entry when a user attempts to access that URL?

Question45: Based on the graphic, what is the purpose of the SSL/TLS Service profile configuration option?

Question46: Which Security policy set should be used to ensure that a policy is applied first?

Question47: A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_base.
On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days.
Based on the information, how is the SuperApp traffic affected after the 30 days have passed?

Question48: Which type of profile must be applied to the Security policy rule to protect against buffer overflows illegal code execution and other attempts to exploit system flaws?

Question49: Which profile should be used to obtain a verdict regarding analyzed files?

Question50: Which interface type can use virtual routers and routing protocols?

Question51: Which action results in the firewall blocking network traffic without notifying the sender?

Question52: Selecting the option to revert firewall changes will replace what settings?

Question53: An administrator has configured a Security policy where the matching condition includes a single application and the action is deny If the application s default deny action is reset-both what action does the firewall take*?

Question54: Your company requires positive username attribution of every IP address used by wireless devices to support a new compliance requirement. You must collect IP -to-user mappings as soon as possible with minimal downtime and minimal configuration changes to the wireless devices themselves. The wireless devices are from various manufactures.
Given the scenario, choose the option for sending IP-to-user mappings to the NGFW.

Question55: What does an application filter help you to do?

Question56: Based on the screenshot presented which column contains the link that when clicked opens a window to display all applications matched to the policy rule?

Question57: Which interface type is part of a Layer 3 zone with a Palo Alto Networks firewall?

Question58: What are three differences between security policies and security profiles? (Choose three.)

Question59: You have been tasked to configure access to a new web server located in the DMZ Based on the diagram what configuration changes are required in the NGFW virtual router to route traffic from the 10 1 1 0/24 network to 192 168 1 0/24?

Question60: Where within the URL Filtering security profile must a user configure the action to prevent credential submissions?

Question61: In which stage of the Cyber-Attack Lifecycle would the attacker inject a PDF file within an email?

Question62: An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment?

Question63: Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?

Question64: How can a complete overview of the logs be displayed to an administrator who has permission in the system to view them?

Question65: What is considered best practice with regards to committing configuration changes?

Question66: What is a recommended consideration when deploying content updates to the firewall from Panorama?

Question67: A network administrator creates an intrazone security policy rule on a NGFW. The source zones are set to IT.
Finance, and HR.
To which two types of traffic will the rule apply? (Choose two.)

Question68: Which statement is true about Panorama managed devices?

Question69: An administrator would like to silently drop traffic from the internet to a ftp server.
Which Security policy action should the administrator select?

Question70: An administrator would like to use App-ID's deny action for an application and would like that action updated with dynamic updates as new content becomes available.
Which security policy action causes this?

Question71: An address object of type IP Wildcard Mask can be referenced in which part of the configuration?

Question72: Your company occupies one floor in a single building you have two active directory domain controllers on a single networks the firewall s management plane is only slightly utilized.
Which user-ID agent sufficient in your network?

Question73: What are two valid selections within an Antivirus profile? (Choose two.)

Question74: Which setting is available to edit when a tag is created on the local firewall?

Question75: Why should a company have a File Blocking profile that is attached to a Security policy?

Question76: How are service routes used in PAN-OS?

Question77: Actions can be set for which two items in a URL filtering security profile? (Choose two.)

Question78: Based on the show security policy rule would match all FTP traffic from the inside zone to the outside zone?

Question79: Which firewall plane provides configuration, logging, and reporting functions on a separate processor?

Question80: Which Security policy action will message a user's browser thai their web session has been terminated?

Question81: How does an administrator schedule an Applications and Threats dynamic update while delaying installation of the update for a certain amount of time?

Question82: Which type firewall configuration contains in-progress configuration changes?

Question83: Which file is used to save the running configuration with a Palo Alto Networks firewall?

Question84: Given the screenshot what two types of route is the administrator configuring? (Choose two )

Question85: An administrator would like to protect against inbound threats such as buffer overflows and illegal code execution.
Which Security profile should be used?

Question86: An administrator configured a Security policy rule where the matching condition includes a single application and the action is set to deny. What deny action will the firewall perform?

Question87: Match the Cyber-Attack Lifecycle stage to its correct description.

Question88: What are three valid ways to map an IP address to a username? (Choose three.)

Question89: Which three statement describe the operation of Security Policy rules or Security Profiles? (Choose three)

Question90: The compliance officer requests that all evasive applications need to be blocked on all perimeter firewalls out to the internet The firewall is configured with two zones;
1. trust for internal networks
2. untrust to the internet
Based on the capabilities of the Palo Alto Networks NGFW, what are two ways to configure a security policy using App-ID to comply with this request? (Choose two )

Question91: What is a function of application tags?

Question92: Place the steps in the correct packet-processing order of operations.

Question93: An administrator wants to reference the same address object in Security policies on 100 Panorama managed firewalls, across 10 device groups and five templates.
Which configuration action should the administrator take when creating the address object?

Question94: Which two firewall components enable you to configure SYN flood protection thresholds? (Choose two.)

Question95: Which user mapping method could be used to discover user IDs in an environment with multiple Windows domain controllers?

Question96: At which stage of the cyber-attack lifecycle would the attacker attach an infected PDF file to an email?

Question97: Identify the correct order to configure the PAN-OS integrated USER-ID agent.
3. add the service account to monitor the server(s)
2. define the address of the servers to be monitored on the firewall
4. commit the configuration, and verify agent connection status
1. create a service account on the Domain Controller with sufficient permissions to execute the User- ID agent

Question98: Assume that traffic matches a Security policy rule but the attached Security Profiles is configured to block matching traffic Which statement accurately describes how the firewall will apply an action to matching traffic?

Question99: Which action related to App-ID updates will enable a security administrator to view the existing security policy rule that matches new application signatures?

Question100:
Given the topology, which zone type should interface E1/1 be configured with?

Question101: What is used to monitor Security policy applications and usage?

Question102: Match the cyber-attack lifecycle stage to its correct description.

Question103: An administrator has an IP address range in the external dynamic list and wants to create an exception for one specific IP address in this address range.
Which steps should the administrator take?

Question104: Your company is highly concerned with their Intellectual property being accessed by unauthorized resources.
There is a mature process to store and include metadata tags for all confidential documents.
Which Security profile can further ensure that these documents do not exit the corporate network?

Question105: Which operations are allowed when working with App-ID application tags?

Question106: Assume a custom URL Category Object of "NO-FILES" has been created to identify a specific website How can file uploading/downloading be restricted for the website while permitting general browsing access to that website?

Question107: Based on the security policy rules shown, ssh will be allowed on which port?

Question108: When creating a Source NAT policy, which entry in the Translated Packet tab will display the options Dynamic IP and Port, Dynamic, Static IP, and None?

Question109: An administrator would like to block access to a web server, while also preserving resources and minimizing half-open sockets. What are two security policy actions the administrator can select? (Choose two.)

Question110: Which tab would an administrator click to create an address object?

Question111: What is the purpose of the automated commit recovery feature?

Question112: An administrator wants to create a No-NAT rule to exempt a flow from the default NAT rule. What is the best way to do this?

Question113: Which URL Filtering Profile action does not generate a log entry when a user attempts to access a URL?

Question114: Which policy set should be used to ensure that a policy is applied just before the default security rules?

Question115: Which two types of profiles are needed to create an authentication sequence? (Choose two.)

Question116: An administrator wants to create a NAT policy to allow multiple source IP addresses to be translated to the same public IP address. What is the most appropriate NAT policy to achieve this?

Question117: Why does a company need an Antivirus profile?

Question118: Which definition describes the guiding principle of the zero-trust architecture?

Question119: To what must an interface be assigned before it can process traffic?

Question120: Which component is a building block in a Security policy rule?

Question121: Which Palo Alto networks security operating platform service protects cloud-based application such as Dropbox and salesforce by monitoring permissions and shared and scanning files for Sensitive information?

Question122: Based on the screenshot what is the purpose of the included groups?

Question123: An administrator is troubleshooting traffic that should match the interzone-default rule. However, the administrator doesn't see this traffic in the traffic logs on the firewall. The interzone-default was never changed from its default configuration.
Why doesn't the administrator see the traffic?

Question124: Which plane on a Palo alto networks firewall provides configuration logging and reporting functions on a separate processor?

Question125: Which two rule types allow the administrator to modify the destination zone? (Choose two )

Question126: Which two security profile types can be attached to a security policy? (Choose two.)

Question127: What do you configure if you want to set up a group of objects based on their ports alone?

Question128: Which attribute can a dynamic address group use as a filtering condition to determine its membership?

Question129: If using group mapping with Active Directory Universal Groups, what must you do when configuring the User-ID?

Question130: Which feature must be configured to enable a data plane interface to submit DNS queries originated from the firewall on behalf of the control plane?

Question131: Which three configuration settings are required on a Palo Alto networks firewall management interface?

Question132: What are two differences between an implicit dependency and an explicit dependency in App-ID? (Choose two.)

Question133:
Given the topology, which zone type should you configure for firewall interface E1/1?

Question134: Which update option is not available to administrators?

Question135: Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping.
What is the quickest way to reset the hit counter to zero in all the security policy rules?

Question136: Which statements is true regarding a Heatmap report?

Question137: What is the maximum volume of concurrent administrative account sessions?

Question138: An administrator wants to prevent users from submitting corporate credentials in a phishing attack.
Which Security profile should be applied?

Question139: Based on the security policy rules shown, ssh will be allowed on which port?

Question140: In which two Security Profiles can an action equal to the block IP feature be configured? (Choose two.)

Question141: What are the requirements for using Palo Alto Networks EDL Hosting Sen/ice?

Question142: Which type of security policy rule will match traffic that flows between the Outside zone and inside zone, but would not match traffic that flows within the zones?

Question143: Which two Palo Alto Networks security management tools provide a consolidated creation of policies, centralized management and centralized threat intelligence. (Choose two.)