EMT Practice Test

1. Question Content...


Question List

Question1: What can you use with Global Protect to assign user-specific client certificates to each GlobalProtect user?

Question2: While analyzing the Traffic log, you see that some entries show "unknown-tcp" in the Application column What best explains these occurrences?

Question3: You have upgraded your Panorama and Log Collectors lo 10.2 x. Before upgrading your firewalls using Panorama, what do you need do?

Question4: Which Panorama mode should be used so that all logs are sent to, and only stored in. Cortex Data Lake?

Question5: With the default TCP and UDP settings on the firewall, what will be the identified application in the following session?

Question6: A firewall has Security policies from three sources
1. locally created policies
2. shared device group policies as pre-rules
3. the firewall's device group as post-rules
How will the rule order populate once pushed to the firewall?

Question7: Which steps should an engineer take to forward system logs to email?

Question8: A firewall administrator has been tasked with ensuring that all Panorama configuration is committed and pushed to the devices at the end of the day at a certain time. How can they achieve this?

Question9: A firewall administrator wants to avoid overflowing the company syslog server with traffic logs.
What should the administrator do to prevent the forwarding of DNS traffic logs to syslog?

Question10: How would an administrator configure a Bidirectional Forwarding Detection profile for BGP after enabling the Advance Routing Engine run on PAN-OS 10.2?

Question11: An engineer is troubleshooting traffic routing through the virtual router. The firewall uses multiple routing protocols, and the engineer is trying to determine routing priority Match the default Administrative Distances for each routing protocol.

Question12: An engineer is pushing configuration from Panorama lo a managed firewall.
What happens when the pushed Panorama configuration has Address Object names that duplicate the Address Objects already configured on the firewall?

Question13: What is the best description of the HA4 Keep-Alive Threshold (ms)?

Question14: Which CLI command is used to determine how much disk space is allocated to logs?

Question15: An organization wishes to roll out decryption but gets some resistance from engineering leadership regarding the guest network.
What is a common obstacle for decrypting traffic from guest devices?

Question16: Before an administrator of a VM-500 can enable DoS and zone protection, what actions need to be taken?

Question17: A bootstrap USB flash drive has been prepared using a Windows workstation to load the initial configuration of a Palo Alto Networks firewall that was previously being used in a lab. The USB flash drive was formatted using file system FAT32 and the initial configuration is stored in a file named init-cfg txt. The firewall is currently running PAN-OS 10.0 and using a lab config The contents of init-cfg txi in the USB flash drive are as follows:

The USB flash drive has been inserted in the firewalls' USB port, and the firewall has been restarted using command:> request resort system Upon restart, the firewall fails to begin the bootstrapping process. The failure is caused because

Question18: A firewall is configured with SSL Forward Proxy decryption and has the following four enterprise certificate authorities (Cas) i. Enterprise-Trusted-CA; which is verified as Forward Trust Certificate (The CA is also installed in the trusted store of the end-user browser and system ) ii. Enterprise-Untrusted-CA, which is verified as Forward Untrust Certificate iii. Enterprise-lntermediate-CA iv. Enterprise-Root-CA which is verified only as Trusted Root CA An end-user visits https //www example-website com/ with a server certificate Common Name (CN) www example-website com The firewall does the SSL Forward Proxy decryption for the website and the server certificate is not trusted by the firewall The end-user's browser will show that the certificate for www.example-website.com was issued by which of the following?

Question19: A prospect is eager to conduct a Security Lifecycle Review (SLR) with the aid of the Palo Alto Networks NGFW.
Which interface type is best suited to provide the raw data for an SLR from the network in a way that is minimally invasive?

Question20: The following objects and policies are defined in a device group hierarchy


A)

B)

C)
Address Objects
-Shared Address 1
-Branch Address2
Policies -Shared Polic1
l -Branch Policyl
D)
Address Objects -Shared Addressl -Shared Address2 -Branch Addressl Policies -Shared Policyl -Shared Policy2 -Branch Policyl

Question21: What are three valid qualifiers for a Decryption Policy Rule match? (Choose three.)

Question22: An engineer wants to implement the Palo Alto Networks firewall in VWire mode on the internet gateway and wants to be sure of the functions that are supported on the vwire interface What are three supported functions on the VWire interface? (Choose three )

Question23: A network engineer has discovered that asymmetric routing is causing a Palo Alto Networks firewall to drop traffic. The network architecture cannot be changed to correct this.
Which two actions can be taken on the firewall to allow the dropped traffic permanently? (Choose two.)

Question24: Which configuration is backed up using the Scheduled Config Export feature in Panorama?

Question25: Place the steps in the WildFire process workflow in their correct order.

Question26: Which two statements correctly describe Session 380280? (Choose two.)

Question27: Which three use cases are valid reasons for requiring an Active/Active high availability deployment? (Choose three )

Question28: SSL Forward Proxy decryption is configured but the firewall uses Untrusted-CA to sign the website https //www important-website com certificate End-users are receiving me "security certificate is not trusted is warning Without SSL decryption the web browser shows that the website certificate is trusted and signed by a well-known certificate chain Well-Known-lntermediate and Well-Known-Root- CA.
The network security administrator who represents the customer requires the following two behaviors when SSL Forward Proxy is enabled:
1 End-users must not get the warning for the https://www.very-important-website.com website.
2 End-users should get the warning for any other untrusted website
Which approach meets the two customer requirements?

Question29: Which statement regarding HA timer settings is true?

Question30: In SSL Forward Proxy decryption, which two certificates can be used for certificate signing? (Choose two.)

Question31: The UDP-4501 protocol-port is used between which two GlobalProtect components?

Question32: An enterprise information Security team has deployed policies based on AD groups to restrict user access to critical infrastructure systems However a recent phisning campaign against the organization has prompted Information Security to look for more controls that can secure access to critical assets For users that need to access these systems Information Security wants to use PAN-OS multi-factor authentication (MFA) integration to enforce MFA.
What should the enterprise do to use PAN-OS MFA1?

Question33: A firewall administrator needs to be able to inspect inbound HTTPS traffic on servers hosted in their DMZ to prevent the hosted service from being exploited. Which combination of features can allow PAN-OS to detect exploit traffic in a session with TLS encapsulation?

Question34: Which data flow describes redistribution of user mappings?

Question35: What is a correct statement regarding administrative authentication using external services with a local authorization method?

Question36: Which profile generates a packet threat type found in threat logs?

Question37: When you navigate to Network: > GlobalProtect > Portals > Method section, which three options are available? (Choose three )

Question38: What happens when an A/P firewall cluster synchronies IPsec tunnel security associations (SAs)?

Question39: Which statement is true regarding a Best Practice Assessment?

Question40: Which statement is correct given the following message from the PanGPA log on the GlobalProtect app?
Failed to connect to server at port:47 67

Question41: Using multiple templates in a stack to manage many firewalls provides which two advantages? (Choose two.)

Question42: You need to allow users to access the office-suite applications of their choice. How should you configure the firewall to allow access to any office-suite application?

Question43: Which two actions would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL Forward Proxy? (Choose two.)

Question44: An engineer needs to see how many existing SSL decryption sessions are traversing a firewall What command should be used?

Question45: An administrator has configured the Palo Alto Networks NGFW's management interface to connect to the internet through a dedicated path that does not traverse back through the NGFW itself.
Which configuration setting or step will allow the firewall to get automatic application signature updates?

Question46: Refer to the diagram. Users at an internal system want to ssh to the SSH server The server is configured to respond only to the ssh requests coming from IP 172.16.16.1.
In order to reach the SSH server only from the Trust zone, which Security rule and NAT rule must be configured on the firewall?

A)

B)

C)

D)

Question47: During the implementation of SSL Forward Proxy decryption, an administrator imports the company's Enterprise Root CA and Intermediate CA certificates onto the firewall. The company's Root and Intermediate CA certificates are also distributed to trusted devices using Group Policy and GlobalProtect. Additional device certificates and/or Subordinate certificates requiring an Enterprise CA chain of trust are signed by the company's Intermediate CA.
Which method should the administrator use when creating Forward Trust and Forward Untrust certificates on the firewall for use with decryption?

Question48: An administrator device-group commit push is tailing due to a new URL category How should the administrator correct this issue?

Question49: An engineer is in the planning stages of deploying User-ID in a diverse directory services environment.
Which server OS platforms can be used for server monitoring with User-ID?

Question50: An administrator is required to create an application-based Security policy rule to allow Evernote. The Evernote application implicitly uses SSL and web browsing. What is the minimum the administrator needs to configure in the Security rule to allow only Evernote?

Question51: A network security engineer has applied a File Blocking profile to a rule with the action of Block. The user of a Linux CLI operating system has opened a ticket. The ticket states that the user is being blocked by the firewall when trying to download a TAR file. The user is getting no error response on the system.
Where is the best place to validate if the firewall is blocking the user's TAR file?

Question52: What would allow a network security administrator to authenticate and identify a user with a new BYOD-type device that is not joined to the corporate domain'?