EMT Practice Test

1. Question Content...


Question List

Question1: Which type of security policy rule will match traffic that flows between the Outside zone and inside zone, but would not match traffic that flows within the zones?

Question2: What Policy Optimizer policy view differ from the Security policy do?

Question3: What is the default action for the SYN Flood option within the DoS Protection profile?

Question4: You receive notification about new malware that is being used to attack hosts The malware exploits a software bug in a common application Which Security Profile detects and blocks access to this threat after you update the firewall's threat signature database?

Question5: In the example security policy shown, which two websites fcked? (Choose two.)

Question6: Which action can be set in a URL Filtering Security profile to provide users temporary access to all websites in a given category using a provided password?

Question7: Which Security profile should be applied in order to protect against illegal code execution?

Question8: Which two statements are true for the DNS security service introduced in PAN-OS version 10.0?

Question9: Which built-in IP address EDL would be useful for preventing traffic from IP addresses that are verified as unsafe based on WildFire analysis Unit 42 research and data gathered from telemetry?

Question10: What is a default setting for NAT Translated Packets when the destination NAT translation is selected as Dynamic IP (with session distribution)?

Question11: When is the content inspection performed in the packet flow process?

Question12: A network administrator is required to use a dynamic routing protocol for network connectivity.
Which three dynamic routing protocols are supported by the NGFW Virtual Router for this purpose? (Choose three.)

Question13: An administrator wants to reference the same address object in Security policies on 100 Panorama managed firewalls, across 10 device groups and five templates.
Which configuration action should the administrator take when creating the address object?

Question14: What in the minimum frequency for which you can configure the firewall too check for new wildfire antivirus signatures?

Question15: What can be used as match criteria for creating a dynamic address group?

Question16: You must configure which firewall feature to enable a data-plane interface to submit DNS queries on behalf of the control plane?

Question17: Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)

Question18: Match the network device with the correct User-ID technology.

Question19: Which Security profile would you apply to identify infected hosts on the protected network uwall user database?

Question20: If users from the Trusted zone need to allow traffic to an SFTP server in the DMZ zone, how should a Security policy with App-ID be configured?

Question21: Which security policy rule would be needed to match traffic that passes between the Outside zone and Inside zone, but does not match traffic that passes within the zones?

Question22: Which URL profiling action does not generate a log entry when a user attempts to access that URL?

Question23: An administrator is updating Security policy to align with best practices.
Which Policy Optimizer feature is shown in the screenshot below?

Question24: Match the Palo Alto Networks Security Operating Platform architecture to its description.

Question25: Which path in PAN-OS 11.x would you follow to see how new and modified App-IDs impact a Security policy?

Question26: Which administrator type provides more granular options to determine what the administrator can view and modify when creating an administrator account?

Question27: Which two actions are needed for an administrator to get real-time WildFire signatures? (Choose two.)

Question28: Which interface type requires no routing or switching but applies Security or NAT policy rules before passing allowed traffic?

Question29: Which three interface deployment methods can be used to block traffic flowing through the Palo Alto Networks firewall? (Choose three.)

Question30: What is a recommended consideration when deploying content updates to the firewall from Panorama?

Question31: Given the detailed log information above, what was the result of the firewall traffic inspection?

Question32: What are three differences between security policies and security profiles? (Choose three.)

Question33: What is an advantage for using application tags?

Question34: Which license must an Administrator acquire prior to downloading Antivirus Updates for use with the firewall?

Question35: Access to which feature requires the PAN-OS Filtering license?

Question36: At which stage of the cyber-attack lifecycle would the attacker attach an infected PDF file to an email?

Question37: A website is unexpectedly allowed due to miscategorization.
What are two ways to resolve this issue for a proper response? (Choose two.)

Question38: Which user mapping method could be used to discover user IDs in an environment with multiple Windows domain controllers?

Question39: An administrator is trying to enforce policy on some (but not all) of the entries in an external dynamic list. What is the maximum number of entries that they can be exclude?

Question40: Which three configuration settings are required on a Palo Alto networks firewall management interface?

Question41: Place the steps in the correct packet-processing order of operations.

Question42: You have been tasked to configure access to a new web server located in the DMZ Based on the diagram what configuration changes are required in the NGFW virtual router to route traffic from the 10 1 1 0/24 network to 192 168 1 0/24?

Question43: Which action results in the firewall blocking network traffic without notifying the sender?

Question44: Which protocol used to map username to user groups when user-ID is configured?

Question45: An address object of type IP Wildcard Mask can be referenced in which part of the configuration?

Question46: Which administrative management services can be configured to access a management interface?

Question47: Which profile should be used to obtain a verdict regarding analyzed files?

Question48: An administrator wants to create a NAT policy to allow multiple source IP addresses to be translated to the same public IP address. What is the most appropriate NAT policy to achieve this?

Question49: Which URL Filtering profile action would you set to allow users the option to access a site only if they provide a URL admin password?

Question50: Match the Cyber-Attack Lifecycle stage to its correct description.

Question51: What is the minimum timeframe that can be set on the firewall to check for new WildFire signatures?

Question52: Which statement best describes a common use of Policy Optimizer?

Question53: Which interface type can use virtual routers and routing protocols?

Question54: Starting with PAN_OS version 9.1 which new type of object is supported for use within the user field of a security policy rule?

Question55: Which type of address object is www.paloaltonetworks.com?

Question56: What are two valid selections within an Anti-Spyware profile? (Choose two.)

Question57: Where in the PAN-OS GUI can an administrator monitor the rule usage for a specified period of time?

Question58: In which three places on the PAN-OS interface can the application characteristics be found? (Choose three.)

Question59: When a security rule is configured as Intrazone, which field cannot be changed?

Question60: How can a complete overview of the logs be displayed to an administrator who has permission in the system to view them?

Question61: Refer to the exhibit. A web server in the DMZ is being mapped to a public address through DNAT.

Which Security policy rule will allow traffic to flow to the web server?

Question62: The Palo Alto Networks NGFW was configured with a single virtual router named VR-1 What changes are required on VR-1 to route traffic between two interfaces on the NGFW?

Question63: A server-admin in the USERS-zone requires SSH-access to all possible servers in all current and future Public Cloud environments. All other required connections have already been enabled between the USERS- and the OUTSIDE-zone. What configuration-changes should the Firewall-admin make?

Question64: Choose the option that correctly completes this statement. A Security Profile can block or allow traffic ____________.

Question65: Which attribute can a dynamic address group use as a filtering condition to determine its membership?

Question66: How would a Security policy need to be written to allow outbound traffic using Secure Shell (SSH) to destination ports tcp/22 and tcp/4422?

Question67: All users from the internal zone must be allowed only Telnet access to a server in the DMZ zone. Complete the two empty fields in the Security Policy rules that permits only this type of access.

Choose two.

Question68: An administrator would like to apply a more restrictive Security profile to traffic for file sharing applications. The administrator does not want to update the Security policy or object when new applications are released.
Which object should the administrator use as a match condition in the Security policy?

Question69: Palo Alto Networks firewall architecture accelerates content map minimizing latency using which two components'? (Choose two )

Question70: An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command-and-control (C2) server. Which two security profile components will detect and prevent this threat after the firewall's signature database has been updated? (Choose two.)

Question71: Place the following steps in the packet processing order of operations from first to last.

Question72: Which security profile should be used to classify malicious web content?

Question73: Assume a custom URL Category Object of "NO-FILES" has been created to identify a specific website How can file uploading/downloading be restricted for the website while permitting general browsing access to that website?

Question74: Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?

Question75: Which two DNS policy actions in the anti-spyware security profile can prevent hacking attacks through DNS queries to malicious domains? (Choose two.)

Question76: Where within the URL Filtering security profile must a user configure the action to prevent credential submissions?

Question77: Which license must an administrator acquire prior to downloading Antivirus updates for use with the firewall?

Question78: Which option is part of the content inspection process?

Question79: An administrator would like to block access to a web server, while also preserving resources and minimizing half-open sockets. What are two security policy actions the administrator can select? (Choose two.)

Question80: The firewall sends employees an application block page when they try to access Youtube.
Which Security policy rule is blocking the youtube application?

Question81: An administrator configured a Security policy rule with an Antivirus Security profile. The administrator did not change the action (or the profile. If a virus gets detected, how wilt the firewall handle the traffic?

Question82: Given the cyber-attack lifecycle diagram identify the stage in which the attacker can run malicious code against a vulnerability in a targeted machine.

Question83: What are three valid information sources that can be used when tagging users to dynamic user groups? (Choose three.)

Question84: By default, what is the maximum number of templates that can be added to a template stack?

Question85: Refer to the exhibit.

Based on the network diagram provided, which two statements apply to traffic between the User and Server networks? (Choose two.)

Question86: Given the scenario, which two statements are correct regarding multiple static default routes? (Choose two.)

Question87: Which statement is true regarding NAT rules?

Question88: Which stage of the cyber-attack lifecycle makes it important to provide ongoing education to users on spear phishing links, unknown emails, and risky websites?

Question89: An administrator is configuring a NAT rule
At a minimum, which three forms of information are required? (Choose three.)

Question90: Your company is highly concerned with their Intellectual property being accessed by unauthorized resources. There is a mature process to store and include metadata tags for all confidential documents.
Which Security profile can further ensure that these documents do not exit the corporate network?

Question91: Which System log severity level would be displayed as a result of a user password change?

Question92: Which operations are allowed when working with App-ID application tags?

Question93: Which feature must be configured to enable a data plane interface to submit DNS queries originated from the firewall on behalf of the control plane?

Question94: What is considered best practice with regards to committing configuration changes?

Question95: What are two differences between an implicit dependency and an explicit dependency in App-ID? (Choose two.)

Question96: Which statement is true regarding a Best Practice Assessment?

Question97: Which Security policy match condition would an administrator use to block traffic from IP addresses on the Palo Alto Networks EDL of Known Malicious IP Addresses list?

Question98: Match each rule type with its example

Question99: What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)

Question100: Which statements is true regarding a Heatmap report?

Question101: Which profile should be used to obtain a verdict regarding analyzed files?

Question102: In the PAN-OS Web Interface, which is a session distribution method offered under NAT Translated Packet Tab to choose how the firewall assigns sessions?

Question103: How does the Policy Optimizer policy view differ from the Security policy view?

Question104: Why does a company need an Antivirus profile?

Question105: In which two types of NAT can oversubscription be used? (Choose two.)

Question106: Given the topology, which zone type should zone A and zone B to be configured with?

Question107: Files are sent to the WildFire cloud service via the WildFire Analysis Profile. How are these files used?

Question108: URL categories can be used as match criteria on which two policy types? (Choose two.)

Question109: Within a WildFire Analysis Profile, what match criteria can be defined to forward samples for analysis?

Question110: What does an application filter help you to do?

Question111: Based on the graphic which statement accurately describes the output shown in the server monitoring panel?

Question112: Which policy set should be used to ensure that a policy is applied just before the default security rules?

Question113: Which administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact and command-and-control (C2) server.
Which security profile components will detect and prevent this threat after the firewall`s signature database has been updated?

Question114: A company moved its old port-based firewall to a new Palo Alto Networks NGFW 60 days ago. Which utility should the company use to identify out-of-date or unused rules on the firewall?

Question115: An administrator is reviewing the Security policy rules shown in the screenshot below.
Which statement is correct about the information displayed?

Question116: Which tab would an administrator click to create an address object?

Question117: An administrator is troubleshooting traffic that should match the interzone-default rule. However, the administrator doesn't see this traffic in the traffic logs on the firewall. The interzone-default was never changed from its default configuration.
Why doesn't the administrator see the traffic?

Question118: An administrator wants to prevent access to media content websites that are risky Which two URL categories should be combined in a custom URL category to accomplish this goal? (Choose two)

Question119: The PowerBall Lottery has reached a high payout amount and a company has decided to help employee morale by allowing employees to check the number, but doesn't want to unblock the gambling URL category.
Which two methods will allow the employees to get to the PowerBall Lottery site without the company unlocking the gambling URL category? (Choose two.)

Question120: An administrator is troubleshooting traffic that should match the interzone-default rule. However, the administrator doesn't see this traffic in the traffic logs on the firewall. The interzone-default was never changed from its default configuration.
Why doesn't the administrator see the traffic?

Question121: View the diagram. What is the most restrictive, yet fully functional rule, to allow general Internet and SSH traffic into both the DMZ and Untrust/lnternet zones from each of the lOT/Guest and Trust Zones?

Question122: You receive notification about new malware that infects hosts through malicious files transferred by FTP.
Which Security profile detects and protects your internal networks from this threat after you update your firewall's threat signature database?

Question123: An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment?

Question124: Which objects would be useful for combining several services that are often defined together?

Question125: Which service protects cloud-based applications such as Dropbox and Salesforce by administering permissions and scanning files for sensitive information?

Question126: An organization has some applications that are restricted for access by the Human Resources Department only, and other applications that are available for any known user in the organization.
What object is best suited for this configuration?

Question127: Given the screenshot what two types of route is the administrator configuring? (Choose two )

Question128: How many zones can an interface be assigned with a Palo Alto Networks firewall?

Question129: What is a prerequisite before enabling an administrative account which relies on a local firewall user database?

Question130: Which path is used to save and load a configuration with a Palo Alto Networks firewall?

Question131: You receive notification about a new malware that infects hosts An infection results in the infected host attempting to contact a command-and-control server Which Security Profile when applied to outbound Security policy rules detects and prevents this threat from establishing a command-and-control connection?

Question132: In which two Security Profiles can an action equal to the block IP feature be configured? (Choose two.)

Question133: What is the purpose of the automated commit recovery feature?

Question134: What are three characteristics of the Palo Alto Networks DNS Security service? (Choose three.)

Question135: Which two Palo Alto Networks security management tools provide a consolidated creation of policies, centralized management and centralized threat intelligence. (Choose two.)

Question136: How frequently can wildfire updates be made available to firewalls?

Question137: For the firewall to use Active Directory to authenticate users, which Server Profile is required in the Authentication Profile?

Question138: Given the image, which two options are true about the Security policy rules. (Choose two.)

Question139: Which two addresses should be reserved to enable DNS sinkholing? (Choose two.)

Question140: Which URL Filtering Profile action does not generate a log entry when a user attempts to access a URL?

Question141: An administrator creates a new Security policy rule to allow DNS traffic from the LAN to the DMZ zones. The administrator does not change the rule type from its default value.
What type of Security policy rule is created?

Question142: Refer to the exhibit. An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the specific server based on the application, where Host A (10.1.1.100) receives HTTP traffic and Host B (10.1.1.101) receives SSH traffic.

Which two Security policy rules will accomplish this configuration? (Choose two.)

Question143: In a security policy what is the quickest way to rest all policy rule hit counters to zero?

Question144: Which three types of Source NAT are available to users inside a NGFW? (Choose three.)

Question145: Which data flow direction is protected in a zero trust firewall deployment that is not protected in a perimeter-only firewall deployment?

Question146: Order the steps needed to create a new security zone with a Palo Alto Networks firewall.

Question147: In order to attach an Antivirus, Anti-Spyware and Vulnerability Protection security profile to your Security Policy rules, which setting must be selected?

Question148: An administrator has configured a Security policy where the matching condition includes a single application and the action is deny If the application s default deny action is reset-both what action does the firewall take*?

Question149: An administrator wants to create a No-NAT rule to exempt a flow from the default NAT rule. What is the best way to do this?

Question150: If using group mapping with Active Directory Universal Groups, what must you do when configuring the User-ID?

Question151: The PowerBall Lottery has reached an unusually high value this week. Your company has decided to raise morale by allowing employees to access the PowerBall Lottery website (www.powerball.com) for just this week. However, the company does not want employees to access any other websites also listed in the URL filtering "gambling" category.
Which method allows the employees to access the PowerBall Lottery website but without unblocking access to the "gambling" URL category?

Question152: An administrator configured a Security policy rule where the matching condition includes a single application and the action is set to deny. What deny action will the firewall perform?

Question153: An administrator is implementing an exception to an external dynamic list by adding an entry to the list manually. The administrator wants to save the changes, but the OK button is grayed out.
What are two possible reasons the OK button is grayed out? (Choose two.)

Question154: What must be configured before setting up Credential Phishing Prevention?

Question155: Based on the security policy rules shown, ssh will be allowed on which port?

Question156: Which Security policy set should be used to ensure that a policy is applied first?

Question157: Which table for NAT and NPTv6 (IPv6-to-IPv6 Network Prefix Translation) settings is available only on Panorama?

Question158: Which two features can be used to tag a username so that it is included in a dynamic user group? (Choose two.)

Question159: An administrator would like to protect against inbound threats such as buffer overflows and illegal code execution.
Which Security profile should be used?

Question160: Which action would an administrator take to ensure that a service object will be available only to the selected device group?

Question161: Which three types of entries can be excluded from an external dynamic list (EDL)? (Choose three.)

Question162: Which feature enables an administrator to review the Security policy rule base for unused rules?

Question163: Which information is included in device state other than the local configuration?

Question164: View the diagram.

What is the most restrictive yet fully functional rule to allow general Internet and SSH traffic into both the DMZ and Untrust/lnternet zones from each of the lOT/Guest and Trust Zones?
A)

B)

C)

Question165: Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping.
What is the quickest way to reset the hit counter to zero in all the security policy rules?

Question166: Which three filter columns are available when setting up an Application Filter? (Choose three.)

Question167: Which action results in the firewall blocking network traffic with out notifying the sender?

Question168: How does an administrator schedule an Applications and Threats dynamic update while delaying installation of the update for a certain amount of time?

Question169: Which object would an administrator create to block access to all high-risk applications?

Question170: Where does a user assign a tag group to a policy rule in the policy creation window?

Question171: Which Security policy action will message a user's browser that their web session has been terminated?

Question172: Which type of administrative role must you assign to a firewall administrator account, if the account must include a custom set of firewall permissions?

Question173: Which Security profile must be added to Security policies to enable DNS Signatures to be checked?