EMT Practice Test

1. Question Content...


Question List

Question1: Which two features does PAN-OS® software use to identify applications? (Choose two.)

Question2: Which CLI command can be used to export the tcpdump capture?

Question3: An administrator needs to upgrade a Palo Alto Networks NGFW to the most current version of PAN-OS® software. The firewall has internet connectivity through an Ethernet interface, but no internet connectivity from the management interface. The Security policy has the default security rules and a rule that allows all web-browsing traffic from any to any zone.
What must the administrator configure so that the PAN-OS® software can be upgraded?

Question4: When backing up and saving configuration files, what is achieved using only the firewall and is not available in Panorama?

Question5: Which DoS protection mechanism detects and prevents session exhaustion attacks?

Question6: A company wants to install a PA-3060 firewall between two core switches on a VLAN trunk link. They need to assign each VLAN to its own zone and assign untagged (native) traffic to its own zone.
Which option differentiates multiple VLANs into separate zones?

Question7: Which virtual router feature determines if a specific destination IP address is reachable?

Question8: An administrator has enabled OSPF on a virtual router on the NGFW. OSPF is not adding new routes to the virtual router.
Which two options enable the administrator to troubleshoot this issue? (Choose two.)

Question9: Which menu item enables a firewall administrator to see details about traffic that is currently active through the NGFW?

Question10: Which three settings are defined within the Templates object of Panorama? (Choose three.)

Question11: Which three options are supported in HA Lite? (Choose three.)

Question12: A session in the Traffic log is reporting the application as "incomplete." What does "incomplete" mean?

Question13: Which protection feature is available only in a Zone Protection Profile?

Question14: Which three steps will reduce the CPU utilization on the management plane? (Choose three.)

Question15: In which two types of deployment is active/active HA configuration supported? (Choose two.)

Question16: An administrator sees several inbound sessions identified as unknown-tcp in the Traffic logs. The administrator determines that these sessions are form external users accessing the company's proprietary accounting application. The administrator wants to reliably identify this traffic as their accounting application and to scan this traffic for threats.
Which option would achieve this result?

Question17: Which two subscriptions are available when configuring panorama to push dynamic updates to connected devices? (Choose two.)

Question18: An administrator has users accessing network resources through Citrix XenApp 7 x.
Which User-ID mapping solution will map multiple users who are using Citrix to connect to the network and access resources?

Question19: An administrator needs to upgrade an NGFW to the most current version of PAN-OS® software. The following is occurring:
Firewall has internet connectivity through e 1/1.

Default security rules and security rules allowing all SSL and web-browsing traffic to and from any

zone.
Service route is configured, sourcing update traffic from e1/1.

A communication error appears in the System logs when updates are performed.

Download does not complete.

What must be configured to enable the firewall to download the current version of PAN-OS software?

Question20: An administrator creates an SSL decryption rule decrypting traffic on all ports. The administrator also creates a Security policy rule allowing only the applications DNS, SSL, and web-browsing.
The administrator generates three encrypted BitTorrent connections and checks the Traffic logs. There are three entries. The first entry shows traffic dropped as application Unknown. The next two entries show traffic allowed as application SSL.
Which action will stop the second and subsequent encrypted BitTorrent connections from being allowed as SSL?

Question21: An administrator has configured a QoS policy rule and a QoS Profile that limits the maximum allowable bandwidth for the YouTube application. However, YouTube is consuming more than the maximum bandwidth allotment configured.
Which configuration step needs to be configured to enable QoS?

Question22: Which three firewall states are valid? (Choose three.)

Question23: Refer to the exhibit.

An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the specific server based on the application, where Host A (10.1.1.100) receives HTTP traffic and HOST B (10.1.1.101) receives SSH traffic.) Which two security policy rules will accomplish this configuration? (Choose two.)

Question24: The administrator has enabled BGP on a virtual router on the Palo Alto Networks NGFW, but new routes do not seem to be populating the virtual router.
Which two options would help the administrator troubleshoot this issue? (Choose two.)

Question25: Which event will happen if an administrator uses an Application Override Policy?

Question26: An administrator creates a custom application containing Layer 7 signatures. The latest application and threat dynamic update is downloaded to the same NGFW. The update contains an application that matches the same traffic signatures as the custom application.
Which application should be used to identify traffic traversing the NGFW?

Question27: An administrator has left a firewall to use the default port for all management services.
Which three functions are performed by the dataplane? (Choose three.)

Question28: An administrator deploys PA-500 NGFWs as an active/passive high availability pair. The devices are not participating in dynamic routing, and preemption is disabled.
What must be verified to upgrade the firewalls to the most recent version of PAN-OS® software?

Question29: An administrator logs in to the Palo Alto Networks NGFW and reports that the WebUI is missing the Policies tab.
Which profile is the cause of the missing Policies tab?

Question30: Which GlobalProtect Client connect method requires the distribution and use of machine certificates?

Question31: The certificate information displayed in the following image is for which type of certificate?

Question32: Which CLI command enables an administrator to view details about the firewall including uptime, PAN- OS® version, and serial number?

Question33: If the firewall is configured for credential phishing prevention using the "Domain Credential Filter" method, which login will be detected as credential theft?

Question34: An administrator has configured the Palo Alto Networks NGFW's management interface to connect to the internet through a dedicated path that does not traverse back through the NGFW itself.
Which configuration setting or step will allow the firewall to get automatic application signature updates?

Question35: Which option would an administrator choose to define the certificate and protocol that Panorama and its managed devices use for SSL/TLS services?

Question36: Which Zone Pair and Rule Type will allow a successful connection for a user on the Internet zone to a web server hosted on the DMZ zone? The web server is reachable using a Destination NAT policy in the Palo Alto Networks firewall.
A:

B:

C:

D:

Question37: What is exchanged through the HA2 link?

Question38: Which three authentication factors does PAN-OS® software support for MFA? (Choose three.)

Question39: Which option is part of the content inspection process?

Question40: During the packet flow process, which two processes are performed in application identification? (Choose two.)

Question41: VPN traffic intended for an administrator's Palo Alto Networks NGFW is being maliciously intercepted and retransmitted by the interceptor.
When creating a VPN tunnel, which protection profile can be enabled to prevent this malicious behavior?

Question42: A firewall administrator has been asked to configure a Palo Alto Networks NGFW to prevent against compromised hosts trying to phone-home or beacon out to external command-and-control (C2) servers.
Which Security Profile type will prevent these behaviors?

Question43: Which Panorama administrator types require the configuration of at least one access domain? (Choose two.)

Question44: Which Security policy rule will allow an admin to block facebook chat but allow Facebook in general?

Question45: Which operation will impact performance of the management plane?

Question46: A Palo Alto Networks NGFW just submitted a file to WildFire for analysis. Assume a 5-minute window for analysis. The firewall is configured to check for verdicts every 5 minutes.
How quickly will the firewall receive back a verdict?

Question47: How can a candidate or running configuration be copied to a host external from Panorama?

Question48: An administrator just submitted a newly found piece of spyware for WildFire analysis. The spyware monitors behavior without the user's knowledge.
What is the expected verdict from WildFire?

Question49: Which version of GlobalProtect supports split tunneling based on destination domain, client process, and HTTP/HTTPS video streaming application?

Question50: A customer has an application that is being identified as unknown-top for one of their custom PostgreSQL database connections.
Which two configuration options can be used to correctly categorize their custom database application?
(Choose two.)

Question51: Which Palo Alto Networks VM-Series firewall is valid?

Question52: A customer wants to combine multiple Ethernet interfaces into a single virtual interface using link aggregation.
Which two formats are correct for naming aggregate interfaces? (Choose two.)

Question53: View the GlobalProtect configuration screen capture.
What is the purpose of this configuration?

Question54: An administrator needs to determine why users on the trust zone cannot reach certain websites. The only information available is shown on the following image.
Which configuration change should the administrator make?
A:

B:

C:

D:

E:

Question55: Based on the following image, what is the correct path of root, intermediate, and end-user certificate?

Question56: An administrator has a requirement to export decrypted traffic from the Palo Alto Networks NGFW to a third-party, deep-level packet inspection appliance.
Which interface type and license feature are necessary to meet the requirement?

Question57: Which CLI command enables an administrator to check the CPU utilization of the dataplane?

Question58: When configuring the firewall for packet capture, what are the valid stage types?

Question59: Where can an administrator see both the management plane and data plane CPU utilization in the WebUI?

Question60: A customer wants to set up a site-to-site VPN using tunnel interfaces?
Which two formats are correct for naming tunnel interfaces? (Choose two.)

Question61: Which administrative authentication method supports authorization by an external service?

Question62: What are the differences between using a service versus using an application for Security Policy match?

Question63: If an administrator does not possess a website's certificate, which SSL decryption mode will allow the Palo Alto networks NGFW to inspect when users browse to HTTP(S) websites?

Question64: Which option enables a Palo Alto Networks NGFW administrator to schedule Application and Threat updates while applying only new content IDs to traffic?

Question65: Which logs enable a firewall administrator to determine whether a session was decrypted?

Question66: An administrator wants multiple web servers in the DMZ to receive connections initiated from the internet.
Traffic destined for 206.15.22.9 port 80/TCP needs to be forwarded to the server at 10.1.1.22 Based on the information shown in the image, which NAT rule will forward web-browsing traffic correctly?

A:

B:

C:

D:

Question67: Which User-ID method maps IP addresses to usernames for users connecting through a web proxy that has already authenticated the user?

Question68: Which feature prevents the submission of corporate login information into website forms?

Question69: Which tool provides an administrator the ability to see trends in traffic over periods of time, such as threats detected in the last 30 days?

Question70: Refer to the exhibit.

Which will be the egress interface if the traffic's ingress interface is ethernet 1/7 sourcing from
192.168.111.3 and to the destination 10.46.41.113?

Question71: Which log file can be used to identify SSL decryption failures?

Question72: Refer to the exhibit.

Which certificates can be used as a Forward Trust certificate?

Question73: Which feature must you configure to prevent users form accidentally submitting their corporate credentials to a phishing website?

Question74: The firewall determines if a packet is the first packet of a new session or if a packet is part of an existing session using which kind of match?

Question75: Which is the maximum number of samples that can be submitted to WildFire per day, based on a WildFire subscription?

Question76: An administrator wants to upgrade an NGFW from PAN-OS® 7.1.2 to PAN-OS® 8.0.2. The firewall is not a part of an HA pair.
What needs to be updated first?

Question77: A client is concerned about resource exhaustion because of denial-of-service attacks against their DNS servers.
Which option will protect the individual servers?

Question78: An administrator wants a new Palo Alto Networks NGFW to obtain automatic application updates daily, so it is configured to use a scheduler for the application database. Unfortunately, they required the management network to be isolated so that it cannot reach the Internet.
Which configuration will enable the firewall to download and install application updates automatically?

Question79: Which data flow describes redistribution of user mappings?

Question80: A client has a sensitive application server in their data center and is particularly concerned about session flooding because of denial-of-service attacks.
How can the Palo Alto Networks NGFW be configured to specifically protect this server against session floods originating from a single IP address?

Question81: Which prerequisite must be satisfied before creating an SSH proxy Decryption policy?

Question82: For which two reasons would a firewall discard a packet as part of the packet flow sequence? (Choose two.)

Question83: Which two settings can be configured only locally on the firewall and not pushed from a Panorama template stack? (Choose two.)

Question84: Which two methods can be configured to validate the revocation status of a certificate? (Choose two.)

Question85: When is the content inspection performed in the packet flow process?

Question86: An administrator is using Panorama and multiple Palo Alto Networks NGFWs. After upgrading all devices to the latest PAN-OS® software, the administrator enables log forwarding from the firewalls to Panorama.
Pre-existing logs from the firewalls are not appearing in Panorama.
Which action would enable the firewalls to send their pre-existing logs to Panorama?

Question87: An administrator has been asked to configure active/active HA for a pair of Palo Alto Networks NGFWs.
The firewall use Layer 3 interfaces to send traffic to a single gateway IP for the pair.
Which configuration will enable this HA scenario?

Question88: What should an administrator consider when planning to revert Panorama to a pre-PAN-OS 8.1 version?