EMT Practice Test

1. Question Content...


Question List

Question1: Which two statements are true about DoS Protection and Zone Protection Profiles? (Choose two).

Question2: A logging infrastructure may need to handle more than 10,000 logs per second.
Which two options support a dedicated log collector function? (Choose two)

Question3: During the implementation of SSL Forward Proxy decryption, an administrator imports the company's Enterprise Root CA and Intermediate CA certificates onto the firewall. The company's Root and Intermediate CA certificates are also distributed to trusted devices using Group Policy and GlobalProtect. Additional device certificates and/or Subordinate certificates requiring an Enterprise CA chain of trust are signed by the company's Intermediate CA.
Which method should the administrator use when creating Forward Trust and Forward Untrust certificates on the firewall for use with decryption?

Question4: An administrator is configuring an IPSec VPN to a Cisco ASA at the administrator's home and experiencing issues completing the connection. the following is the output from the command:

What could be the cause of this problem?

Question5: Which User-ID method maps IP address to usernames for users connecting through a web proxy that has already authenticated the user?

Question6: Which three settings are defined within the Templates object of Panorama? (Choose three.)

Question7: What are three reasons why an installed session can be identified with the application

Question8: The GlobalProtect Portal interface and IP address have been configured. Which other value needs to be defined to complete the network settings configuration of GlobalPortect Portal?

Question9: A host attached to Ethernet 1/4 cannot ping the default gateway. The widget on the dashboard shows Ethernet 1/1 and Ethernet 1/4 to be green.
The IP address of Ethernet 1/1 is 192.168.1.7 and the IP address of Ethernet 1/4 is 10.1.1.7. The default gateway is attached to Ethernet 1/1. A default route is properly configured.
What can be the cause of this problem?

Question10: An administrator has been asked to create 100 virtual firewalls in a local, on-premise lab environment (not in "the cloud"). Bootstrapping is the most expedient way to perform this task.
Which option describes deployment of a bootstrap package in an on-premise virtual environment?

Question11: An administrator needs to gather information about the CPU utilization on both the management plane and the data plane.
Where does the administrator view the desired data?

Question12: Based on the following image,

what is the correct path of root, intermediate, and end-user certificate?

Question13: Which processing order will be enabled when a Panorama administrator selects the setting
"Objects defined in ancestors will take higher precedence?"

Question14: A customer wants to combine multiple Ethernet interfaces into a single virtual interface using link
aggregation.
Which two formats are correct for naming aggregate interfaces? (Choose two.)

Question15: Which Security policy rule will allow an admin to block facebook chat but allow Facebook in general?

Question16: Refer to the exhibit. A web server in the DMZ is being mapped to a public address through DNAT.

Which Security policy rule will allow traffic to flow to the web server?

Question17: Refer to the exhibit.

Which certificates can be used as a Forwarded Trust certificate?

Question18: Refer to the image. An administrator is tasked with correcting an NTP service configuration for firewalls that cannot use the Global template NTP servers. The administrator needs to change the IP address to a preferable server for this template stack but cannot impact other template stacks.
How can the issue be corrected?

Question19: Which two methods can be used to verify firewall connectivity to AutoFocus? (Choose two.)

Question20: What are two prerequisites for configuring a pair of Palo Alto Networks firewalls in an active/passive High Availability (HA) pair? (Choose two.)

Question21: A firewall administrator is troubleshooting problems with traffic passing through the Palo Alto Networks firewall. Which method shows the global counters associated with the traffic after configuring the appropriate packet filters?

Question22: Which three options are supported in HA Lite? (Choose three.)

Question23: During the packet flow process, which two processes are performed in application identification? (Choose
two.)

Question24: An administrator has 750 firewalls The administrator's central-management Panorama instance deploys dynamic updates to the firewalls The administrator notices that the dynamic updates from Panorama do not appear on some of the firewalls.
If Panorama pushes the configuration of a dynamic update schedule to managed firewalls, but the configuration does not appear what is the root cause?

Question25: Refer to the exhibit.

An administrator cannot see any if the Traffic logs from the Palo Alto Networks NGFW on Panorama.
The configuration problem seems to be on the firewall side. Where is the best place on the Palo Alto Networks NGFW to check whether the configuration is correct?
A: Option

B: Option

C: Option

D: Option

Question26: Which CLI command enables an administrator to view details about the firewall including uptime, PAN-OS version, and serial number?

Question27: If a template stack is assigned to a device and the stack includes three templates with overlapping settings, which settings are published to the device when the template stack is pushed?

Question28: View the GlobalProtect configuration screen capture.

What is the purpose of this configuration?

Question29: An administrator is configuring an IPSec VPN to a Cisco ASA at the administrator's home and experiencing issues completing the connection. the following is the output from the command:

What could be the cause of this problem?

Question30: Which method will dynamically register tags on the Palo Alto Networks NGFW?

Question31: Which event will happen if an administrator uses an Application Override Policy?

Question32: Refer to the diagram.

An administrator needs to create an address object that will be useable by the NYC. MA, CA and WA device groups
Where will the object need to be created within the device-group hierarchy?

Question33: Refer to the exhibit.

Which certificates can be used as a Forward Trust certificate?

Question34: Which two options prevent the firewall from capturing traffic passing through it? (Choose two.)

Question35: Which CLI command displays the current management plan memory utilization?

Question36: Which two actions would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL Forward Proxy? (Choose two.)

Question37: Which two virtualized environments support Active/Active High Availability (HA) in PAN-OS
8.0? (Choose two.)

Question38: An administrator just submitted a newly found piece of spyware for WildFire analysis. The spyware monitors behavior without the user's knowledge.
What is the expected verdict from WildFire?

Question39: Which two features does PAN-OS software use to identify applications? (Choose two)

Question40: An organization's administrator has the funds available to purchase more firewalls to increase the organization's security posture.
The partner SE recommends placing the firewalls as close as possible to the resources that they protect.
Is the SE's advice correct, and why or why not?

Question41: Which logs enable a firewall administrator to determine whether a session was decrypted?

Question42: An engineer needs to configure SSL Forward Proxy to decrypt traffic on a PA-5260. The engineer uses a forward trust certificate from the enterprise PKI that expires December 31, 2025. The validity date on the PA-generated certificate is taken from what?

Question43: Which CLI command enables an administrator to view details about the firewall including uptime, PAN-OS® version, and serial number?

Question44: What are three valid method of user mapping? (Choose three)

Question45: An administrator wants multiple web servers in the DMZ to receive connections initiated from the internet. Traffic destined for 206.15.22.9 port 80/TCP needs to be forwarded to the server at 10.1.1.22
Based on the information shown in the image, which NAT rule will forward web-browsing traffic correctly?

Question46: Which profile generates a packet threat type found in threat logs?

Question47: An administrator is considering upgrading the Palo Alto Networks NGFW and central management Panorama version.
What is considered best practice for this scenario?

Question48: PBF can address which two scenarios? (Select Two)

Question49: An administrator needs to implement an NGFW between their DMZ and Core network. EIGRP Routing between the two environments is required. Which interface type would support this business requirement?

Question50: A web server is hosted in the DMZ, and the server is configured to listen for incoming connections only on TCP port 8080. A Security policy rule allowing access from the Trust zone to the DMZ zone need to be configured to enable we browsing access to the server.
Which application and service need to be configured to allow only cleartext web-browsing traffic to thins server on tcp/8080.

Question51: A client is deploying a pair of PA-5000 series firewalls using High Availability (HA) in Active/Passive mode. Which statement is true about this deployment?

Question52: An administrator accidentally closed the commit window/screen before the commit was finished. Which two options could the administrator use to verify the progress or success of that commit task? (Choose two.)

Question53: Which tool provides an administrator the ability to see trends in traffic over periods of time, such as threats detected in the last 30 days?

Question54: Refer to the exhibit. An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the specific server based on the application, where Host A (10.1.1.100) receives HTTP traffic and HOST B (10.1.1.101) receives SSH traffic.)

Which two security policy rules will accomplish this configuration? (Choose two.)

Question55: Which feature must you configure to prevent users form accidentally submitting their corporate credentials to a phishing website?

Question56: A network administrator uses Panorama to push security polices to managed firewalls at branch offices. Which policy type should be configured on Panorama if the administrators at the branch office sites to override these products?

Question57: A session in the Traffic log is reporting the application as "incomplete." What does "incomplete" mean?

Question58: What should an administrator consider when planning to revert Panorama to a pre-PAN-OS 8.1 version?

Question59: A variable name must start with which symbol?

Question60: An engineer is in the planning stages of deploying User-ID in a diverse directory services environment.
Which server OS platforms can be used for server monitoring with User-ID?

Question61: The SSL Forward Proxy decryption policy is configured. The following four certificate authority (CA) certificates are installed on the firewall.

Which certificate authority (CA) certificate will be used to sign the untrusted webserver certificate?

Question62: After pushing a security policy from Panorama to a PA-3020 firewall, the firewall administrator notices that traffic logs from the PA-3020 are not appearing in Panorama's traffic logs. What could be the problem?

Question63: If the firewall is configured for credential phishing prevention using the "Domain Credential Filter" method, which login will be detected as credential theft?

Question64: How does an administrator schedule an Applications and Threats dynamic update while delaying installation of the update for a certain amount of time?

Question65: A company needs to preconfigure firewalls to be sent to remote sites with the least amount of reconfiguration.
Once deployed, each firewall must establish secure tunnels back to multiple regional data centers to include the future regional data centers.
Which VPN configuration would adapt to changes when deployed to the future site?

Question66: An administrator accidentally closed the commit window/screen before the commit was finished. Which two options could the administrator use to verify the progress or success of that commit task? (Choose two.)

Question67: Which log file can be used to identify SSL decryption failures?

Question68: Refer to the exhibit.

Which will be the egress interface if the traffic's ingress interface is ethernet 1/7 sourcing from
192.168.111.3 and to the destination 10.46.41.113?

Question69: What happens when the traffic log shows an internal host attempting to open a session to a properly configured sinkhole address?

Question70: True or False: DSRI degrades the performance of a firewall?

Question71: Refer to the exhibit.

An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the specific server based on the application, where Host A (10.1.1.100) receives HTTP traffic and HOST B (10.1.1.101) receives SSH traffic.) Which two security policy rules will accomplish this configuration? (Choose two.)

Question72: What is the purpose of the firewall decryption broker?

Question73: Which virtual router feature determines if a specific destination IP address is reachable?

Question74: You need to allow users to access the office-suite applications of their choice. How should you configure the firewall to allow access to any office-suite application?

Question75: Which two options prevent the firewall from capturing traffic passing through it? (Choose two.)

Question76: Which three items are important considerations during SD-WAN configuration planning? (Choose three.)

Question77: Refer to the exhibit.

An administrator cannot see any of the Traffic logs from the Palo Alto Networks NGFW on Panorama. The configuration problem seems to be on the firewall side. Where is the best place on the Palo Alto Networks NGFW to check whether the configuration is correct?
A)

B)

C)

D)

Question78: What are two prerequisites for configuring a pair of Palo Alto Networks firewalls in an active/passive High Availability (HA) pair? (Choose two.)

Question79: A customer wants to set up a VLAN interface for a Layer 2 Ethernet port.
Which two mandatory options are used to configure a VLAN interface? (Choose two.)

Question80: Which processing order will be enabled when a Panorama administrator selects the setting "Objects defined in ancestors will take higher precedence?"

Question81: A company.com wants to enable Application Override. Given the following screenshot:

Which two statements are true if Source and Destination traffic match the Application Override policy? (Choose two)

Question82: An administrator has enabled OSPF on a virtual router on the NGFW. OSPF is not adding new routes to the virtual router.
Which two options enable the administrator to troubleshoot this issue? (Choose two.)

Question83: What are two best practices for incorporating new and modified App-IDs? (Choose two.)

Question84: Which CLI command can be used to export the tcpdump capture?

Question85: Refer to the exhibit. A web server in the DMZ is being mapped to a public address through DNAT.

Which Security policy rule will allow traffic to flow to the web server?

Question86: An administrator has a PA-820 firewall with an active Threat Prevention subscription.
The administrator is considering adding a WildFire subscription.
How does adding the WildFire subscription improve the security posture of the organization1?

Question87: A
users traffic traversing a Palo Alto networks NGFW sometimes can reach http //www company com At other times the session times out. At other times the session times out The NGFW has been configured with a PBF rule that the user traffic matches when it goes to http://www.company.com goes to http://www company com How can the firewall be configured to automatically disable the PBF rule if the next hop goes down?

Question88: Which Public Key infrastructure component is used to authenticate users for GlobalProtect when the Connect Method is set to pre-logon?

Question89: The UDP-4501 protocol-port is used between which two GlobalProtect components?

Question90: People are having intermittent quality issues during a live meeting via a web application.
How can the performance of this application be improved?

Question91: An administrator just submitted a newly found piece of spyware for WildFire analysis. The spyware monitors behavior without the user's knowledge.
What is the expected verdict from WildFire?

Question92: An administrator has been asked to configure a Palo Alto Networks NGFW to provide protection against worms and trojans. Which Security Profile type will protect against worms and trojans?

Question93: Exhibit:

What will be the source address in the ICMP packet?

Question94: Match each GlobalProtect component to the purpose of that component

Question95: If a DNS sinkhole is configured, any sinkhole actions indicating a potentially infected host are recorded in which log type?

Question96: Where can an administrator see both the management plane and data plane CPU utilization in the WebUI?

Question97: An administrator has users accessing network resources through Citrix XenApp 7 x.
Which User-ID mapping solution will map multiple users who are using Citrix to connect to the network and access resources?

Question98: Which three fields can be included in a pcap filter? (Choose three)

Question99: A network Administrator needs to view the default action for a specific spyware signature. The administrator follows the tabs and menus through Objects> Security Profiles> Anti-Spyware and select default profile.
What should be done next?

Question100: An administrator wants multiple web servers in the DMZ to receive connections initiated from the internet.
Traffic destined for 206.15.22.9 port 80/TCP needs to be forwarded to the server at 10.1.1.22 Based on the information shown in the image, which NAT rule will forward web-browsing traffic correctly?

A:

B:

C:

D:

Question101: An administrator has a requirement to export decrypted traffic from the Palo Alto Networks NGFW to a
third-party, deep-level packet inspection appliance.
Which interface type and license feature are necessary to meet the requirement?

Question102: Which User-ID mapping method should be used in a high-security environment where all IP address-to-user mappings should always be explicitly known?