EMT Practice Test

1. Question Content...


Question List

Question1: Which URL Filtering Security Profile action logs the URL Filtering category to the URL Filtering log?

Question2: HOTSPOT
Match the components with their role in preventing threats.
Answer options may be used more than once or not at all.
Hot Area:

Question3: Two firewalls are configured in an Active/Passive High Availability (HA) pair with the following election settings:

Firewall 5050-B is presently in the "Active" state and 5050-A is presently in the "Passive" state. Firewall
5050-B reboots causing 5050-A to become Active.
Which firewall will be in the "Active" state after firewall 5050-B has completed its reboot and is back online?

Question4: What has happened when the traffic log shows an internal host attempting to open a session to a properly configured sinkhole address?

Question5: HOTSPOT
A company has a Palo Alto Networks firewall with a single VSYS that has both locally defined rules as well as shared and device-group rules pushed from Panorama.
In what order are the policies evaluated?
Hot Area:

Question6: Palo Alto Networks maintains a dynamic database of malicious domains. Which two Security Platform components use this database to prevent threats? Choose 2 answers

Question7: Which two statements are true about DoS Protection Profiles and Policies? Choose 2 answers

Question8: Ethernet 1/1 has been configured with the following subinterfaces:

The following security policy is applied:

The Interface Management Profile permits the following:

Your customer is trying to ping 10.10.10.1 from VLAN 800 IP 10.10.10.2/24 What will be the result of this ping?

Question9: What are the three Security Policy rule Type classifications supported in PAN-OS 6.1?

Question10: Where can the maximum concurrent SSL VPN Tunnels be set for Vsys2 when provisioning a Palo Alto Networks firewall for multiple virtual systems?

Question11: HOTSPOT
A company has a Palo Alto Networks firewall with a single VSYS that has both locally defined rules as well as shared and device-group rules pushed from Panorama.
In what order are the policies evaluated?
Hot Area:

Question12: Which method is the most efficient for determining which administrator made a specific change to the running config?

Question13: A network administrator uses Panorama to push security policies to managed firewalls at branch offices.
Which policy type should be configured on Panorama if the administrator wishes to allow local administrators at the branch office sites to override these policies?

Question14: Which mechanism is used to trigger a High Availability (HA) failover if a firewall interface goes down?

Question15: A company has a policy that denies all applications they classify as bad and permits only applications they classify as good. The firewall administrator created the following security policy on the company s firewall:

Which two benefits are gained from having both rule 2 and rule 3 present? Choose 2 answers

Question16: It is discovered that WebandNetTrends Unlimited's new web server software produces traffic that the Palo Alto Networks firewall sees as "unknown-tcp" traffic.
Which two configurations would identify the application while preserving the ability of the firewall to perform content and threat detection on the traffic? Choose 2 answers

Question17: A company has a web server behind their Palo Alto Networks firewall that they would like to make accessible to the public. They have decided to configure a destination NAT Policy rule.
Given the following zone information:
DMZzone: DMZ-L3
Public zone: Untrust-L3
Web server zone: Trust-L3
Public IP address (Untrust-L3): 1.1.1.1
Private IP address (Trust-L3): 192.168.1.50
What should be configured as the destination zone on the Original Packet tab of the NAT Policy rule?

Question18: Which two steps are required to make Microsoft Active Directory users appear in the firewall's traffic log?
Choose 2 answers

Question19: A company hosts a publicly-accessible web server behind their Palo Alto Networks firewall, with this configuration information:
Users outside the company are in the "Untrust-L3" zone.
The web server physically resides in the "Trust-L3" zone.
Web server public IP address: 1.1.1.1
Web server private IP address: 192.168.1.10
Which NAT Policy rule will allow users outside the company to access the web server?

Question20: HOTSPOT
A company has a Palo Alto Networks firewall with a single VSYS that has both locally defined rules as well as shared and device-group rules pushed from Panorama.
In what order are the policies evaluated?
Hot Area:

Question21: How can a Palo Alto Networks firewall be configured to send syslog messages in a format compatible with nonstandard syslog servers?

Question22: Which three engines are built into the Single-Pass Parallel Processing Architecture? Choose 3 answers

Question23: HOTSPOT
Match each type of report provided by the firewall with its description.
Answer options may be used more than once or not at all.
Hot Area:

Question24: After pushing a security policy from Panorama to a PA-3020 firewall, the firewall administrator notices that traffic logs from the PA-3020 are not appearing in Panorama's traffic logs.
What could be the problem?

Question25: A firewall is being attacked with a port scan. Which component can prevent this attack?

Question26: The WildFire Cloud or WF-500 appliance provide information to which two Palo Alto Networks security services? Choose 2 answers

Question27: What is the maximum usable storage capacity of an M-100 appliance?

Question28: Which source address translation type will allow multiple devices to share a single translated source address while using a single NAT Policy rule?

Question29: A Palo Alto Networks firewall is being targeted by an NTP Amplification attack and is being flooded with tens of thousands of bogus UDP connections per second to a single destination IP address and port.
Which option, when enabled with the correct threshold, would mitigate this attack without dropping legitimate traffic to other hosts inside the network?

Question30: HOTSPOT
Match the description of an application field with its name.
Answer options may be used more than once or not at all.
Hot Area:

Question31: In the following display, ethernetl/6 is configured with an interface management profile that allows ping with no restriction on the source address:

Given the following security policy rule base:

What is the result of a ping sent from an address on the Trust-L3 zone to the IP address of ethernet1/6?

Question32: HOTSPOT
A company has a Palo Alto Networks firewall with a single VSYS that has both locally defined rules as well as shared and device-group rules pushed from Panorama.
In what order are the policies evaluated?
Hot Area:

Question33: A company wants to run their pair of PA-200 firewalls in a High Availability Active/Passive configuration and will be using HA-Lite.
Which capability can be used in this situation?

Question34: HOTSPOT
A company has a Palo Alto Networks firewall with a single VSYS that has both locally defined rules as well as shared and device-group rules pushed from Panorama.
In what order are the policies evaluated?
Hot Area:

Question35: HOTSPOT
A company has a Palo Alto Networks firewall with a single VSYS that has both locally defined rules as well as shared and device-group rules pushed from Panorama.
In what order are the policies evaluated?
Hot Area:

Question36: Which Security Policy rule configuration option disables antivirus and anti-spyware scanning of server-to- client flows only?

Question37: A company has a policy that denies all applications they classify as bad and permits only applications they classify as good. The firewall administrator created the following security policy on the company s firewall:

Which two benefits are gained from having both rule 2 and rule 3 present? Choose 2 answers

Question38: A security engineer has been asked by management to optimize how Palo Alto Networks firewall syslog messages are forwarded to a syslog receiver. There are currently 20 PA-5060 s, each of which is configured to forward syslogs individually.
The security engineer would like to leverage their two M-100 appliances to send syslog messages from a single source and has already deployed one in Panorama mode and the other as a Log Collector.
What is the remaining step in implementing this solution?

Question39: HOTSPOT
Within a Zone Protection Profile, under the Reconnaissance Protection tab, there are several possible values for Action:

Match each Reconnaissance Protection Action to its description.
Answer options may be used more than once or not at all.

Hot Area:

Question40: HOTSPOT
A company has a Palo Alto Networks firewall with a single VSYS that has both locally defined rules as well as shared and device-group rules pushed from Panorama.
In what order are the policies evaluated?
Hot Area:

Question41: Which three inspections can be performed with a next-generation firewall but NOT with a legacy firewall?
Choose 3 answers

Question42: HOTSPOT
A company has a Palo Alto Networks firewall with a single VSYS that has both locally defined rules as well as shared and device-group rules pushed from Panorama.
In what order are the policies evaluated?
Hot Area:

Question43: HOTSPOT
A company has a Palo Alto Networks firewall with a single VSYS that has both locally defined rules as well as shared and device-group rules pushed from Panorama.
In what order are the policies evaluated?
Hot Area:

Question44: HOTSPOT
Assuming that the default antivirus profile is installed, match each decoder with its default action.
Answer options may be used more than once or not at all.
Hot Area:

Question45: A Palo Alto Networks firewall has the following interface configuration;

Hosts are directly connected on the following interfaces:
Ethernet 1/6 - Host IP 192.168.62.2
Ethernet 1/3 - Host IP 10.46.40.63
The security administrator is investigating why ICMP traffic between the hosts is not working.
She first ensures that ail traffic is allowed between zones based on the following security policy rule:

The routing table of the firewall shows the following output:

Which interface configuration change should be applied to ethernet1/6 to allow the two hosts to communicate based on this information?

Question46: Company employees have been given access to the GlobalProtect Portal at https://portal.company.com:

Assume the following:
1. The firewall is configured to resolve DNS names using the internal DNS server.
2. The URL portal.company.com resolves to the external interface of the firewall on the company's external DNS server and to the internal interface of the firewall on the company s internal DNS server.
3. The URL gatewayl.company.com resolves to the external interface of the firewall on the company's external DNS server and to the internal interface of the firewall on the company s internal DNS server.
This Gateway configuration will have which two outcomes? Choose 2 answers

Question47: You are configuring a File Blocking Profile to be applied to all outbound traffic uploading a specific file type, and there is a specific application that you want to match in the policy.
What are three valid actions that can be set when the specified file is detected? Choose 3 answers

Question48: A hotel chain is using a system to centrally control a variety of items in guest rooms. The client devices in each guest room communicate to the central controller using TCP and frequently disconnect due to a premature timeouts when going through a Palo Alto Networks firewall.
Which action will address this issue without affecting all TCP traffic traversing the firewall?

Question49: The IT department has received complaints about VoIP call jitter when the sales staff is making or receiving calls. QoS is enabled on all firewall interfaces, but there is no QoS policy written in the rulebase.
The IT manager wants to find out what traffic is causing the jitter in real time when a user reports the jitter.
Which feature can be used to identify, in real-time, the applications taking up the most bandwidth?

Question50: Which authentication method can provide role-based administrative access to firewalls running PAN-OS?

Question51: What can cause missing SSL packets when performing a packet capture on data plane interfaces?

Question52: By default, all PA-5060 syslog data is forwarded out the Management interface. What needs to be configured in order to send syslog data out of a different interface?

Question53: A company wants to run their pair of PA-200 firewalls in a High Availability Active/Passive configuration and will be using HA-Lite.
Which capability can be used in this situation?

Question54: HOTSPOT
A company has a Palo Alto Networks firewall with a single VSYS that has both locally defined rules as well as shared and device-group rules pushed from Panorama.
In what order are the policies evaluated?
Hot Area:

Question55: Which Public Key Infrastructure component is used to authenticate users for GlobalProtect when the Connect Method is set to "pre-logon"?

Question56: A user is reporting that they cannot download a PDF file from the internet.
Which action will show whether the downloaded file has been blocked by a Security Profile?

Question57: A company has purchased a WildFire subscription and would like to implement dynamic updates to download the most recent content as often as possible.
What is the shortest time interval the company can configure their firewall to check for WildFire updates?

Question58: How is the Forward Untrust Certificate used?

Question59: What is a prerequisite for configuring a pair of Palo Alto Networks firewalls in an Active/Passive High Availability (HA) pair?

Question60: Which two interface types provide support for network address translation (NAT)? Choose 2 answers