EMT Practice Test

1. Question Content...


Question List

Question1: Which action would an administrator take to ensure that a service object will be available only to the selected device group?

Question2: Which statement best describes the use of Policy Optimizer?

Question3: An administrator wishes to follow best practices for logging traffic that traverses the firewall Which log setting is correct?

Question4: A Security Profile can block or allow traffic at which point?

Question5: A network administrator created an intrazone Security policy rule on the firewall. The source zones were set to IT. Finance, and HR.
Which two types of traffic will the rule apply to? (Choose two)

Question6: An administrator is reviewing the Security policy rules shown in the screenshot below.
Which statement is correct about the information displayed?

Question7: Which Palo Alto Networks firewall security platform provides network security for mobile endpoints by inspecting traffic deployed as internet gateways?

Question8: What Policy Optimizer policy view differ from the Security policy do?

Question9: Based on the security policy rules shown, ssh will be allowed on which port?

Question10: Which component is a building block in a Security policy rule?

Question11: Which type of address object is www.paloaltonetworks.com?

Question12: Match the Cyber-Attack Lifecycle stage to its correct description.

Question13: In which two Security Profiles can an action equal to the block IP feature be configured? (Choose two.)

Question14: An administrator is trying to enforce policy on some (but not all) of the entries in an external dynamic list.
What is the maximum number of entries that they can be exclude?

Question15: How often does WildFire release dynamic updates?

Question16: Which tab would an administrator click to create an address object?

Question17:
An administrator is updating Security policy to align with best practices.
Which Policy Optimizer feature is shown in the screenshot below?

Question18: Which two features can be used to tag a user name so that it is included in a dynamic user group? (Choose two)

Question19: A website is unexpectedly allowed due to miscategorization.
What are two way-s to resolve this issue for a proper response? (Choose two.)

Question20: You receive notification about a new malware that infects hosts An infection results in the infected host attempting to contact a command-and-control server Which Security Profile when applied to outbound Security policy rules detects and prevents this threat from establishing a command-and-control connection?

Question21: Which attribute can a dynamic address group use as a filtering condition to determine its membership?

Question22: The compliance officer requests that all evasive applications need to be blocked on all perimeter firewalls out to the internet The firewall is configured with two zones;
1. trust for internal networks
2. untrust to the internet
Based on the capabilities of the Palo Alto Networks NGFW, what are two ways to configure a security policy using App-ID to comply with this request? (Choose two )

Question23: An administrator needs to allow users to use only certain email applications.
How should the administrator configure the firewall to restrict users to specific email applications?

Question24: In which profile should you configure the DNS Security feature?

Question25: Why should a company have a File Blocking profile that is attached to a Security policy?

Question26: The PowerBall Lottery has reached an unusually high value this week. Your company has decided to raise morale by allowing employees to access the PowerBall Lottery website (www.powerball.com) for just this week. However, the company does not want employees to access any other websites also listed in the URL filtering "gambling" category.
Which method allows the employees to access the PowerBall Lottery website but without unblocking access to the "gambling" URL category?

Question27: What can be achieved by selecting a policy target prior to pushing policy rules from Panorama?

Question28: Which license must an administrator acquire prior to downloading Antivirus updates for use with the firewall?

Question29: Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)

Question30: In a File Blocking profile, which two actions should be taken to allow file types that support critical apps?
(Choose two.)

Question31: What is used to monitor Security policy applications and usage?

Question32: What is a default setting for NAT Translated Packets when the destination NAT translation is selected as Dynamic IP (with session distribution)?

Question33: To what must an interface be assigned before it can process traffic?

Question34: Which path in PAN-OS 10.0 displays the list of port-based security policy rules?

Question35: Which definition describes the guiding principle of the zero-trust architecture?

Question36: What is the main function of the Test Policy Match function?

Question37: Which operations are allowed when working with App-ID application tags?

Question38: You have been tasked to configure access to a new web server located in the DMZ Based on the diagram what configuration changes are required in the NGFW virtual router to route traffic from the 10 1 1 0/24 network to 192 168 1 0/24?

Question39: Place the following steps in the packet processing order of operations from first to last.

Question40: Which file is used to save the running configuration with a Palo Alto Networks firewall?

Question41: What are two valid selections within an Anti-Spyware profile? (Choose two.)

Question42: Which two addresses should be reserved to enable DNS sinkholing? (Choose two.)

Question43: Why does a company need an Antivirus profile?

Question44: An administrator would like to override the default deny action for a given application and instead would like to block the traffic and send the ICMP code "communication with the destination is administratively prohibited" Which security policy action causes this?

Question45: Palo Alto Networks firewall architecture accelerates content map minimizing latency using which two components'? (Choose two )

Question46: Based on the screenshot what is the purpose of the included groups?

Question47:
Given the topology, which zone type should interface E1/1 be configured with?

Question48: Which two actions are needed for an administrator to get real-time WildFire signatures? (Choose two.)

Question49: When HTTPS for management and GlobalProtect are enabled on the same data plane interface, which TCP port is used for management access?

Question50: Starting with PAN-OS version 9.1, application dependency information is now reported in which two locations? (Choose two.)

Question51: For the firewall to use Active Directory to authenticate users, which Server Profile is required in the Authentication Profile?

Question52: You need to allow users to access the office-suite application of their choice. How should you configure the firewall to allow access to any office-suite application?

Question53: What are the two default behaviors for the intrazone-default policy? (Choose two.)

Question54: Which three types of entries can be excluded from an external dynamic list (EDL)? (Choose three.)

Question55: An administrator would like to determine the default deny action for the application dns-over-https Which action would yield the information?

Question56: When HTTPS for management and GlobalProtect are enabled on the same interface, which TCP port is used for management access?

Question57: Which Palo Alto network security operating platform component provides consolidated policy creation and centralized management?

Question58: What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)

Question59: Which firewall plane provides configuration, logging, and reporting functions on a separate processor?

Question60: Which two options does the firewall use to dynamically populate address group members? (Choose two.)

Question61: Which objects would be useful for combining several services that are often defined together?

Question62: Which action results in the firewall blocking network traffic with out notifying the sender?

Question63: A network administrator creates an intrazone security policy rule on a NGFW. The source zones are set to IT.
Finance, and HR.
To which two types of traffic will the rule apply? (Choose two.)

Question64: How does the Policy Optimizer policy view differ from the Security policy view?

Question65: Which solution is a viable option to capture user identification when Active Directory is not in use?

Question66: Review the Screenshot:

Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only.
Which rule group enables the required traffic?

Question67: Where in Panorama Would Zone Protection profiles be configured?

Question68: Which license must an Administrator acquire prior to downloading Antivirus Updates for use with the firewall?

Question69: Given the image, which two options are true about the Security policy rules. (Choose two.)

Question70: In which stage of the Cyber-Attack Lifecycle would the attacker inject a PDF file within an email?

Question71: A systems administrator momentarily loses track of which is the test environment firewall and which is the production firewall. The administrator makes changes to the candidate configuration of the production firewall, but does not commit the changes. In addition, the configuration was not saved prior to making the changes.
Which action will allow the administrator to undo the changes?

Question72: Which administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact and command-and-control (C2) server.
Which security profile components will detect and prevent this threat after the firewall`s signature database has been updated?

Question73: An administrator should filter NGFW traffic logs by which attribute column to determine if the entry is for the start or end of the session?

Question74: Your company is highly concerned with their Intellectual property being accessed by unauthorized resources.
There is a mature process to store and include metadata tags for all confidential documents.
Which Security profile can further ensure that these documents do not exit the corporate network?

Question75: Based on the screenshot presented which column contains the link that when clicked opens a window to display all applications matched to the policy rule?

Question76: Which Security profile would you apply to identify infected hosts on the protected network using DNS traffic?

Question77: In which section of the PAN-OS GUI does an administrator configure URL Filtering profiles?

Question78: In which two Security Profiles can an action equal to the block IP feature be configured? (Choose two.)

Question79: Which three interface deployment methods can be used to block traffic flowing through the Palo Alto Networks firewall? (Choose three.)

Question80: The CFO found a malware infected USB drive in the parking lot, which when inserted infected their corporate laptop the malware contacted a known command-and-control server which exfiltrating corporate data.
Which Security profile feature could have been used to prevent the communications with the command-and-control server?

Question81: Which option lists the attributes that are selectable when setting up an Application filters?

Question82: What are the two main reasons a custom application is created? (Choose two.)

Question83: All users from the internal zone must be allowed only Telnet access to a server in the DMZ zone. Complete the two empty fields in the Security Policy rules that permits only this type of access.

Choose two.

Question84: Which three configuration settings are required on a Palo Alto networks firewall management interface?

Question85: Which security profile should be used to classify malicious web content?

Question86: Within a WildFire Analysis Profile, what match criteria can be defined to forward samples for analysis?

Question87: Which two types of profiles are needed to create an authentication sequence? (Choose two.)

Question88: Which two statements are true for the DNS security service introduced in PAN-OS version 10.0?

Question89: Given the Cyber-Attack Lifecycle diagram, identify the stage in which the attacker can initiate malicious code against a targeted machine.

Question90: What can be used as match criteria for creating a dynamic address group?

Question91: Which type security policy rule would match traffic flowing between the inside zone and outside zone within the inside zone and within the outside zone?

Question92: How many zones can an interface be assigned with a Palo Alto Networks firewall?

Question93: If using group mapping with Active Directory Universal Groups, what must you do when configuring the User-ID?

Question94: Which two components are utilized within the Single-Pass Parallel Processing architecture on a Palo Alto Networks Firewall? (Choose two.)

Question95: Which statement is true about Panorama managed devices?

Question96: Match each feature to the DoS Protection Policy or the DoS Protection Profile.

Question97: Which type of security policy rule will match traffic that flows between the Outside zone and inside zone, but would not match traffic that flows within the zones?

Question98: Which type of administrative role must you assign to a firewall administrator account, if the account must include a custom set of firewall permissions?

Question99: Which two features implement one-to-one translation of a source IP address while allowing the source port to change? (Choose two.)

Question100: To use Active Directory to authenticate administrators, which server profile is required in the authentication profile?

Question101: What is the purpose of the automated commit recovery feature?

Question102: Which action should be taken to identify threats that have been detected by using inline cloud analysis?

Question103: Which action results in the firewall blocking network traffic without notifying the sender?

Question104: Which administrator type provides more granular options to determine what the administrator can view and modify when creating an administrator account?

Question105: Refer to the exhibit. A web server in the DMZ is being mapped to a public address through DNAT.

Which Security policy rule will allow traffic to flow to the web server?

Question106: During the packet flow process, which two processes are performed in application identification? (Choose two.)

Question107: Which three types of Source NAT are available to users inside a NGFW? (Choose three.)

Question108: An administrator manages a network with 300 addresses that require translation. The administrator configured NAT with an address pool of 240 addresses and found that connections from addresses that needed new translations were being dropped.
Which type of NAT was configured?

Question109: What are three valid information sources that can be used when tagging users to dynamic user groups?
(Choose three.)

Question110: Based on the image provided, which two statements apply to the Security policy rules? (Choose two.)

Question111: An administrator would like to silently drop traffic from the internet to a ftp server.
Which Security policy action should the administrator select?

Question112: Which three types of authentication services can be used to authenticate user traffic flowing through the firewalls data plane? (Choose three )

Question113: Which statement is true regarding a Best Practice Assessment?

Question114: What do dynamic user groups you to do?

Question115: At which stage of the cyber-attack lifecycle would the attacker attach an infected PDF file to an email?

Question116: What two authentication methods on the Palo Alto Networks firewalls support authentication and authorization for role-based access control? (Choose two.)

Question117: Which path in PAN-OS 11.x would you follow to see how new and modified App-IDs impact a Security policy?

Question118: Which rule type is appropriate for matching traffic both within and between the source and destination zones?

Question119: Which URL Filtering profile action would you set to allow users the option to access a site only if they provide a URL admin password?

Question120: What are three valid ways to map an IP address to a username? (Choose three.)

Question121: What is the correct process tor creating a custom URL category?

Question122: What must be considered with regards to content updates deployed from Panorama?

Question123: Which type of profile must be applied to the Security policy rule to protect against buffer overflows illegal code execution and other attempts to exploit system flaws?

Question124: How does an administrator schedule an Applications and Threats dynamic update while delaying installation of the update for a certain amount of time?

Question125: Which URL profiling action does not generate a log entry when a user attempts to access that URL?

Question126: Which two matching criteria are used when creating a Security policy involving NAT? (Choose two.)

Question127: You receive notification about new malware that is being used to attack hosts The malware exploits a software bug in a common application Which Security Profile detects and blocks access to this threat after you update the firewall's threat signature database?

Question128: Which User-ID agent would be appropriate in a network with multiple WAN links, limited network bandwidth, and limited firewall management plane resources?

Question129: Which three statement describe the operation of Security Policy rules or Security Profiles? (Choose three)

Question130: Actions can be set for which two items in a URL filtering security profile? (Choose two.)

Question131: An organization has some applications that are restricted for access by the Human Resources Department only, and other applications that are available for any known user in the organization.
What object is best suited for this configuration?

Question132:
Given the network diagram, traffic should be permitted for both Trusted and Guest users to access general Internet and DMZ servers using SSH. web-browsing and SSL applications Which policy achieves the desired results?

Question133: Which interface type is part of a Layer 3 zone with a Palo Alto Networks firewall?

Question134: In order to attach an Antivirus, Anti-Spyware and Vulnerability Protection security profile to your Security Policy rules, which setting must be selected?

Question135: Which plane on a Palo alto networks firewall provides configuration logging and reporting functions on a separate processor?

Question136: How do you reset the hit count on a security policy rule?

Question137: Match each rule type with its example

Question138: Given the scenario, which two statements are correct regarding multiple static default routes? (Choose two.)

Question139: Files are sent to the WildFire cloud service via the WildFire Analysis Profile. How are these files used?

Question140: Which two configuration settings shown are not the default? (Choose two.)

Question141: Which Security policy match condition would an administrator use to block traffic from IP addresses on the Palo Alto Networks EDL of Known Malicious IP Addresses list?

Question142: The administrator profile "SYS01 Admin" is configured with authentication profile "Authentication Sequence SYS01," and the authentication sequence SYS01 has a profile list with four authentication profiles:
* Auth Profile LDAP
* Auth Profile Radius
* Auth Profile Local
* Auth Profile TACACS
After a network outage, the LDAP server is no longer reachable. The RADIUS server is still reachable but has lost the "SYS01 Admin" username and password.
What is the "SYS01 Admin" login capability after the outage?

Question143: The Palo Alto Networks NGFW was configured with a single virtual router named VR-1 What changes are required on VR-1 to route traffic between two interfaces on the NGFW?

Question144: Which two DNS policy actions in the anti-spyware security profile can prevent hacking attacks through DNS queries to malicious domains? (Choose two.)

Question145: What two actions can be taken when implementing an exception to an External Dynamic List? (Choose two.)

Question146: Which feature must be configured to enable a data plane interface to submit DNS queries originated from the firewall on behalf of the control plane?

Question147: What do you configure if you want to set up a group of objects based on their ports alone?

Question148: Which Security profile must be added to Security policies to enable DNS Signatures to be checked?

Question149: An administrator wants to prevent users from submitting corporate credentials in a phishing attack.
Which Security profile should be applied?

Question150: Which Security policy action will message a user's browser that their web session has been terminated?

Question151: Which Security profile should be applied in order to protect against illegal code execution?

Question152: The CFO found a USB drive in the parking lot and decide to plug it into their corporate laptop. The USB drive had malware on it that loaded onto their computer and then contacted a known command and control (CnC) server, which ordered the infected machine to begin Exfiltrating data from the laptop.
Which security profile feature could have been used to prevent the communication with the CnC server?

Question153: Which data-plane processor layer of the graphic shown provides uniform matching for spyware and vulnerability exploits on a Palo Alto Networks Firewall?

Question154: Which action can be performed when grouping rules by group tags?

Question155: What is the maximum volume of concurrent administrative account sessions?

Question156: An administrator is troubleshooting an issue with traffic that matches the intrazone-default rule, which is set to default configuration.
What should the administrator do?

Question157: A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_base.
On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days.
Based on the information, how is the SuperApp traffic affected after the 30 days have passed?

Question158: A company moved its old port-based firewall to a new Palo Alto Networks NGFW 60 days ago. Which utility should the company use to identify out-of-date or unused rules on the firewall?

Question159: Which type of administrator account cannot be used to authenticate user traffic flowing through the firewall's data plane?