EMT Practice Test

1. Question Content...


Question List

Question1: Which action would an administrator take to ensure that a service object will be available only to the selected device group?

Question2: Which URL Filtering Profile action does not generate a log entry when a user attempts to access a URL?

Question3: Which statement is true regarding a Best Practice Assessment?

Question4: Which feature must be configured to enable a data plane interface to submit DNS queries originated from the firewall on behalf of the control plane?

Question5: An administrator wishes to follow best practices for logging traffic that traverses the firewall Which log setting is correct?

Question6: Which Security profile would you apply to identify infected hosts on the protected network uwall user database?

Question7: Which User-ID mapping method should be used for an environment with clients that do not authenticate to Windows Active Directory?

Question8: A server-admin in the USERS-zone requires SSH-access to all possible servers in all current and future Public Cloud environments. All other required connections have already been enabled between the USERS- and the OUTSIDE-zone. What configuration-changes should the Firewall-admin make?

Question9: What two authentication methods on the Palo Alto Networks firewalls support authentication and authorization for role-based access control? (Choose two.)

Question10: Which two DNS policy actions in the anti-spyware security profile can prevent hacking attacks through DNS queries to malicious domains? (Choose two.)

Question11: Access to which feature requires PAN-OS Filtering licens?

Question12: Which two features can be used to tag a username so that it is included in a dynamic user group? (Choose two.)

Question13: You receive notification about new malware that infects hosts through malicious files transferred by FTP.
Which Security profile detects and protects your internal networks from this threat after you update your firewall's threat signature database?

Question14: Place the following steps in the packet processing order of operations from first to last.

Question15: During the packet flow process, which two processes are performed in application identification? (Choose two.)

Question16: Which URL profiling action does not generate a log entry when a user attempts to access that URL?

Question17: An administrator is configuring a NAT rule
At a minimum, which three forms of information are required? (Choose three.)

Question18: Which statements is true regarding a Heatmap report?

Question19: Which policy set should be used to ensure that a policy is applied just before the default security rules?

Question20: An administrator wants to create a NAT policy to allow multiple source IP addresses to be translated to the same public IP address. What is the most appropriate NAT policy to achieve this?

Question21: Which solution is a viable option to capture user identification when Active Directory is not in use?

Question22: Which statement best describes a common use of Policy Optimizer?

Question23: Based on the graphic which statement accurately describes the output shown in the server monitoring panel?

Question24: Why does a company need an Antivirus profile?

Question25: Which situation is recorded as a system log?

Question26: Which type of security rule will match traffic between the Inside zone and Outside zone, within the Inside zone, and within the Outside zone?

Question27: Based on the screenshot what is the purpose of the group in User labelled ''it"?

Question28: What are the two default behaviors for the intrazone-default policy? (Choose two.)

Question29: Starting with PAN-OS version 9.1, application dependency information is now reported in which two locations? (Choose two.)

Question30: The NetSec Manager asked to create a new firewall Local Administrator profile with customized privileges named NewAdmin. This new administrator has to authenticate without inserting any username or password to access the WebUI.
What steps should the administrator follow to create the New_Admin Administrator profile?

Question31: What is a prerequisite before enabling an administrative account which relies on a local firewall user database?

Question32: The PowerBall Lottery has reached a high payout amount and a company has decided to help employee morale by allowing employees to check the number, but doesn't want to unblock the gambling URL category.
Which two methods will allow the employees to get to the PowerBall Lottery site without the company unlocking the gambling URL category? (Choose two.)

Question33: What is the maximum volume of concurrent administrative account sessions?

Question34: Which two actions are needed for an administrator to get real-time WildFire signatures? (Choose two.)

Question35: You receive notification about a new malware that infects hosts An infection results in the infected host attempting to contact a command-and-control server Which Security Profile when applied to outbound Security policy rules detects and prevents this threat from establishing a command-and-control connection?

Question36: Which profile should be used to obtain a verdict regarding analyzed files?

Question37: URL categories can be used as match criteria on which two policy types? (Choose two.)

Question38: Based on the security policy rules shown, ssh will be allowed on which port?

Question39: An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the administrator need to monitor and block to mitigate the malicious activity?

Question40: Which operations are allowed when working with App-ID application tags?

Question41: Which stage of the cyber-attack lifecycle makes it important to provide ongoing education to users on spear phishing links, unknown emails, and risky websites?

Question42: Which rule type is appropriate for matching traffic occurring within a specified zone?

Question43: Which statement is true regarding a Prevention Posture Assessment?

Question44: What in the minimum frequency for which you can configure the firewall too check for new wildfire antivirus signatures?

Question45: What is used to monitor Security policy applications and usage?

Question46: Which three statement describe the operation of Security Policy rules or Security Profiles? (Choose three)

Question47: Refer to the exhibit. A web server in the DMZ is being mapped to a public address through DNAT.

Which Security policy rule will allow traffic to flow to the web server?

Question48: An administrator has an IP address range in the external dynamic list and wants to create an exception for one specific IP address in this address range.
Which steps should the administrator take?

Question49: For the firewall to use Active Directory to authenticate users, which Server Profile is required in the Authentication Profile?

Question50: When creating a custom URL category object, which is a valid type?

Question51: Palo Alto Networks firewall architecture accelerates content map minimizing latency using which two components'? (Choose two )

Question52: Which feature would be useful for preventing traffic from hosting providers that place few restrictions on content, whose services are frequently used by attackers to distribute illegal or unethical material?

Question53: Which Security policy set should be used to ensure that a policy is applied first?

Question54: At which point in the app-ID update process can you determine if an existing policy rule is affected by an app-ID update?

Question55: Where in Panorama Would Zone Protection profiles be configured?

Question56: The administrator profile "SYS01 Admin" is configured with authentication profile "Authentication Sequence SYS01," and the authentication sequence SYS01 has a profile list with four authentication profiles:
* Auth Profile LDAP
* Auth Profile Radius
* Auth Profile Local
* Auth Profile TACACS
After a network outage, the LDAP server is no longer reachable. The RADIUS server is still reachable but has lost the "SYS01 Admin" username and password.
What is the "SYS01 Admin" login capability after the outage?

Question57: Which type of administrative role must you assign to a firewall administrator account, if the account must include a custom set of firewall permissions?

Question58: Which interface type requires no routing or switching but applies Security or NAT policy rules before passing allowed traffic?

Question59: Which type of profile must be applied to the Security policy rule to protect against buffer overflows illegal code execution and other attempts to exploit system flaws?

Question60: What allows a security administrator to preview the Security policy rules that match new application signatures?

Question61: Which three configuration settings are required on a Palo Alto networks firewall management interface?

Question62: Which three types of entries can be excluded from an external dynamic list (EDL)? (Choose three.)

Question63: What is a function of application tags?

Question64: Given the Cyber-Attack Lifecycle diagram, identify the stage in which the attacker can initiate malicious code against a targeted machine.

Question65: What is the main function of the Test Policy Match function?

Question66: Which security profile should be used to classify malicious web content?

Question67: What is the best-practice approach to logging traffic that traverses the firewall?

Question68: Given the topology, which zone type should interface E1/1 be configured with?

Question69: An administrator would like to silently drop traffic from the internet to a ftp server.
Which Security policy action should the administrator select?

Question70: Which prevention technique will prevent attacks based on packet count?

Question71: Within an Anti-Spyware security profile, which tab is used to enable machine learning based engines?

Question72: What are three differences between security policies and security profiles? (Choose three.)

Question73: Within a WildFire Analysis Profile, what match criteria can be defined to forward samples for analysis?

Question74: Given the topology, which zone type should zone A and zone B to be configured with?

Question75: Match the cyber-attack lifecycle stage to its correct description.

Question76: Which object would an administrator create to enable access to all applications in the office-programs subcategory?

Question77: An administrator is implementing an exception to an external dynamic list by adding an entry to the list manually. The administrator wants to save the changes, but the OK button is grayed out.
What are two possible reasons the OK button is grayed out? (Choose two.)

Question78: An administrator is updating Security policy to align with best practices.
Which Policy Optimizer feature is shown in the screenshot below?

Question79: Match the Palo Alto Networks Security Operating Platform architecture to its description.

Question80: Which DNS Query action is recommended for traffic that is allowed by Security policy and matches Palo Alto Networks Content DNS Signatures?

Question81: Which path is used to save and load a configuration with a Palo Alto Networks firewall?

Question82: What are three valid ways to map an IP address to a username? (Choose three.)

Question83: What must be considered with regards to content updates deployed from Panorama?

Question84: Which tab would an administrator click to create an address object?

Question85: How often does WildFire release dynamic updates?

Question86: What action will inform end users when their access to Internet content is being restricted?

Question87: An administrator would like to see the traffic that matches the interzone-default rule in the traffic logs.
What is the correct process to enable this logging1?

Question88: Which two types of profiles are needed to create an authentication sequence? (Choose two.)

Question89: What are the two main reasons a custom application is created? (Choose two.)

Question90: Which action can be performed when grouping rules by group tags?

Question91: Which User-ID agent would be appropriate in a network with multiple WAN links, limited network bandwidth, and limited firewall management plane resources?

Question92: Which two features implement one-to-one translation of a source IP address while allowing the source port to change? (Choose two.)

Question93: What are two valid selections within an Anti-Spyware profile? (Choose two.)

Question94: Where within the firewall GUI can all existing tags be viewed?

Question95: Which two statements are true for the DNS security service introduced in PAN-OS version 10.0?

Question96: In order to attach an Antivirus, Anti-Spyware and Vulnerability Protection security profile to your Security Policy rules, which setting must be selected?

Question97: Which User Credential Detection method should be applied within a URL Filtering Security profile to check for the submission of a valid corporate username and the associated password?

Question98: Which object would an administrator create to block access to all high-risk applications?

Question99: How do you reset the hit count on a security policy rule?

Question100: When HTTPS for management and GlobalProtect are enabled on the same data plane interface, which TCP port is used for management access?

Question101: What must first be created on the firewall for SAML authentication to be configured?

Question102: Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping.
What is the quickest way to reset the hit counter to zero in all the security policy rules?

Question103: Where does a user assign a tag group to a policy rule in the policy creation window?

Question104: An administrator creates a new Security policy rule to allow DNS traffic from the LAN to the DMZ zones. The administrator does not change the rule type from its default value.
What type of Security policy rule is created?

Question105: How frequently can wildfire updates be made available to firewalls?

Question106: How are Application Fillers or Application Groups used in firewall policy?

Question107: What two actions can be taken when implementing an exception to an External Dynamic List? (Choose two.)

Question108: Refer to the exhibit.

Based on the network diagram provided, which two statements apply to traffic between the User and Server networks? (Choose two.)

Question109: In which section of the PAN-OS GUI does an administrator configure URL Filtering profiles?

Question110: An administrator would like to protect against inbound threats such as buffer overflows and illegal code execution.
Which Security profile should be used?

Question111: Which security policy rule would be needed to match traffic that passes between the Outside zone and Inside zone, but does not match traffic that passes within the zones?

Question112: When is an event displayed under threat logs?

Question113: A network administrator is required to use a dynamic routing protocol for network connectivity.
Which three dynamic routing protocols are supported by the NGFW Virtual Router for this purpose? (Choose three.)

Question114: An administrator wants to prevent users from submitting corporate credentials in a phishing attack.
Which Security profile should be applied?

Question115: An administrator manages a network with 300 addresses that require translation. The administrator configured NAT with an address pool of 240 addresses and found that connections from addresses that needed new translations were being dropped.
Which type of NAT was configured?

Question116: Which update option is not available to administrators?

Question117: Based on the image provided, which two statements apply to the Security policy rules? (Choose two.)

Question118: The firewall sends employees an application block page when they try to access Youtube.
Which Security policy rule is blocking the youtube application?

Question119: Which Security profile can you apply to protect against malware such as worms and Trojans?

Question120: Users from the internal zone need to be allowed to Telnet into a server in the DMZ zone.
Complete the security policy to ensure only Telnet is allowed.
Security Policy: Source Zone: Internal to DMZ Zone __________services "Application defaults", and action = Allow

Question121: What is a default setting for NAT Translated Packets when the destination NAT translation is selected as Dynamic IP (with session distribution)?

Question122: A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_base.
On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days.
Based on the information, how is the SuperApp traffic affected after the 30 days have passed?

Question123: Given the detailed log information above, what was the result of the firewall traffic inspection?

Question124: What are two differences between an implicit dependency and an explicit dependency in App-ID? (Choose two.)

Question125: An administrator is troubleshooting traffic that should match the interzone-default rule. However, the administrator doesn't see this traffic in the traffic logs on the firewall. The interzone-default was never changed from its default configuration.
Why doesn't the administrator see the traffic?

Question126: Which option lists the attributes that are selectable when setting up an Application filters?

Question127: What is a recommended consideration when deploying content updates to the firewall from Panorama?

Question128: In which profile should you configure the DNS Security feature?

Question129: What does an application filter help you to do?

Question130: If using group mapping with Active Directory Universal Groups, what must you do when configuring the User-ID?

Question131: What is the default action for the SYN Flood option within the DoS Protection profile?

Question132: What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)

Question133: An administrator configured a Security policy rule with an Antivirus Security profile. The administrator did not change the action (or the profile. If a virus gets detected, how wilt the firewall handle the traffic?

Question134: Given the screenshot what two types of route is the administrator configuring? (Choose two )

Question135: A network administrator created an intrazone Security policy rule on the firewall. The source zones were set to IT. Finance, and HR.
Which two types of traffic will the rule apply to? (Choose two)

Question136: Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)

Question137: In the example security policy shown, which two websites fcked? (Choose two.)

Question138: Which attribute can a dynamic address group use as a filtering condition to determine its membership?

Question139: Which license must an administrator acquire prior to downloading Antivirus updates for use with the firewall?

Question140: How does the Policy Optimizer policy view differ from the Security policy view?

Question141: All users from the internal zone must be allowed only Telnet access to a server in the DMZ zone. Complete the two empty fields in the Security Policy rules that permits only this type of access.

Choose two.

Question142: What are three ways application characteristics are used? (Choose three.)

Question143: Which Security profile must be added to Security policies to enable DNS Signatures to be checked?

Question144: Which type of address object is "10 5 1 1/0 127 248 2"?

Question145: Based on the graphic, what is the purpose of the SSL/TLS Service profile configuration option?

Question146: Which administrator type provides more granular options to determine what the administrator can view and modify when creating an administrator account?

Question147: What is the main function of Policy Optimizer?

Question148: Which statement best describes the use of Policy Optimizer?

Question149: Match each rule type with its example

Question150: An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment?

Question151: Your company occupies one floor in a single building you have two active directory domain controllers on a single networks the firewall s management plane is only slightly utilized.
Which user-ID agent sufficient in your network?

Question152: You have been tasked to configure access to a new web server located in the DMZ Based on the diagram what configuration changes are required in the NGFW virtual router to route traffic from the 10 1 1 0/24 network to 192 168 1 0/24?

Question153: Which rule type is appropriate for matching traffic both within and between the source and destination zones?

Question154: Which type security policy rule would match traffic flowing between the inside zone and outside zone within the inside zone and within the outside zone?

Question155: Given the scenario, which two statements are correct regarding multiple static default routes? (Choose two.)

Question156: Which protocol used to map username to user groups when user-ID is configured?

Question157: Which feature enables an administrator to review the Security policy rule base for unused rules?

Question158: Assume a custom URL Category Object of "NO-FILES" has been created to identify a specific website How can file uploading/downloading be restricted for the website while permitting general browsing access to that website?

Question159: An administrator wants to prevent access to media content websites that are risky Which two URL categories should be combined in a custom URL category to accomplish this goal? (Choose two)

Question160: How is the hit count reset on a rule?

Question161: Which two security profile types can be attached to a security policy? (Choose two.)