EMT Practice Test

1. Question Content...


Question List

Question1: After pushing a security policy from Panorama to a PA-3020 firewall, the firewall administrator notices that traffic logs from the PA-3020 are not appearing in Panorama's traffic logs.
What could be the problem?

Question2: Which Security Policy Rule configuration option disables antivirus and anti-spyware scanning of server-to- client flows only?

Question3: A network security engineer is asked to perform a Return Merchandise Authorization (RMA) on a firewall.
Which pair of files needs to be imported back into the replacement firewall that is using Panorama?

Question4: Palo Alto Networks maintains a dynamic database of malicious domains.
Which two Security Platform components use this database to prevent threats? (Choose two.)

Question5: A Network Administrator wants to deploy a Large Scale VPN solution. The Network Administrator has chosen a GlobalProtect Satellite solution. This configuration needs to be deployed to multiple remote offices and the Network Administrator decides to use Panorama to deploy the configurations.
How should this be accomplished?

Question6: The web server is configured to listen for HTTP traffic on port 8080. The clients access the web server using the IP address 1.1.1.100 on TCP Port 80. The destination NAT rule is configured to translate both IP address and port to 10.1.1.100 on TСР port 8080.

Which NAT and security rules must be configured on the firewall? (Choose two.)

Question7: Several offices are connected with VPNs using static IPv4 routes. An administrator has been tasked with implementing OSPF to replace static routing.
Which step is required to accomplish this goal?

Question8: Site-A and Site-B need to use IKEv2 to establish a VPN connection. Site-A connects directly to the internet using a public IP address. Site-B uses a private IP address behind an ISP router to connect to the internet.
How should NAT Traversal be implemented for the VPN connection to be established between Site-A and Site-B?

Question9: People are having intermittent quality issues during a live meeting via a web application.
How can the performance of this application be improved?

Question10: Which two statements accurately describe how DoS Protection Profiles and Policies mitigate attacks?
(Choose two.)

Question11: Which two virtualized environments support Active/Active High Availability (HA) in PAN-OS 7.0? (Choose two.)

Question12: A company has a policy that denies all applications it classifies as bad and permits only applications it classifies as good. The firewall administrator created the following security policy on the company's firewall:

Which two benefits are gained from having both rule 2 and rule 3 present? (Choose two.)

Question13: Site-A and Site-В have a site-to-site VPN set up between them. OSPF is configured to dynamically create the routes between the sites. The OSPF configuration in Site-А is configured properly, but the route for the tunnel is not being established. The Site-В interfaces in the graphic are using a broadcast Link Type. The administrator has determined that the OSPF configuration in Site-В is using the wrong Link Type for one of its interfaces.

Which Link Type setting will correct the error?

Question14: Company.com has an in-house application that the Palo Alto Networks device doesn't identify correctly. A Threat Management Team member has mentioned that this in-house application is very sensitive and all traffic being identified needs to be inspected by the Content-ID engine.
Which method should company.com use to immediately address this traffic on a Palo Alto Networks device?

Question15: On March 10, 2016, between 11:00 am and 11:30 am, users reported that web-browsing traffic to the IP address 1.1.1.1 failed.
Which filter can be applied to the traffic logs to show how many users were affected during this time frame?

Question16: What must be used in Security Policy Rules that contain addresses where NAT policy applies?

Question17: When is it necessary to activate a license when provisioning a new Palo Alto Networks firewall?

Question18: Which Panorama feature allows for logs generated by Panorama to be forwarded to an external Security Information and Event Management (SIEM) system?

Question19: What happens when the traffic log shows an internal host attempting to open a session to a properly configured sinkhole address?

Question20: Palo Alto Networks maintains a dynamic database of malicious domains.
Which two Security Platform components use this database to prevent threats? (Choose two.)

Question21: When performing the "ping" test shown in this CLI output:

What will be the source address in the ICMP packet?

Question22: Which option is an IPv6 routing protocol?

Question23: A VPN connection is set up between Site-A and Site-B, but no traffic is passing. In the system log of Site- A, there is an event logged as ike-nego-p1-fail-psk.
What action will bring the VPN up and allow traffic to start passing between the sites?

Question24: Server Message Block (SMB), a common file-sharing application, is slow when passing through a Palo Alto Networks firewall. The Network Security Administrator created an application override policy, assigning all SMB traffic to a custom application, to resolve the slowness issue.
Why does this configuration resolve the issue?

Question25: Given the following routing table:

Which configuration change on the firewall would cause it to use 10.66.24.88 as the next hop for the
192.168.93.0/30 network?

Question26: How is the Forward Untrust Certificate used?

Question27: A network design change requires an existing firewall to start accessing Palo Alto Updates from a dataplane interface address instead of the management interface.
Which configuration setting needs to be modified?

Question28: A Palo Alto Networks firewall is being targeted by an NTP Amplification attack and is being flooded with tens of thousands of bogus UDP connections per second to a single destination IP address and port.
Which option, when enabled with the correct threshold, would mitigate this attack without dropping legitimate traffic to other hosts inside the network?

Question29: What can cause missing SSL packets when performing a packet capture on dataplane interfaces?

Question30: A network security engineer is asked to provide a report on bandwidth usage. Which tab in the ACC provides the information needed to create the report?

Question31: A company has a pair of Palo Alto Networks firewalls configured as an Active/Passive High Availability (HA) pair. What allows the firewall administrator to determine the last date a failover event occurred?

Question32: A network security engineer for a large company has just installed a PA-5060 Firewall to isolate the company's PCI environment from its production network. The company's network engineers made configuration changes to the switches on both network segments, and connected them to the new firewall.
Soon after the cutover, however, users began to complain about latency and some servers stopped communicating. There are no security policies that deny traffic between the two network segments. You suspect that there is an interface misconfiguration on ethernet1/1.
Which two commands should be used to troubleshoot the issue? (Choose two.)

Question33: A firewall administrator has completed most of the steps required to provision a standalone Palo Alto Networks Next-Generation Firewall. As a final step, the administrator wants to test one of the security policies.
Which СLI command syntax will display the rule that matches the test?

Question34: A file sharing application is being permitted and no one knows what this application is used for.
How should this application be blocked?

Question35: A critical US-CERT notification is published regarding a newly discovered botnet. The malware is very evasive and is not reliably detected by endpoint antivirus software. Furthermore, SSL is used to tunnel malicious traffic to command-and-control servers on the Internet and SSL Forward Proxy Decryption is not enabled.
Which component, once enabled on a perimeter firewall, will allow the identification of existing infected hosts in an environment?

Question36: YouTube videos are consuming too much bandwidth on the network, causing delays in mission-critical traffic. The administrator wants to throttle YouTube traffic. The following interfaces and zones are in use on the firewall:
ethernet 1/1, Zone: Untrust (Internet-facing)

ethernet 1/2, Zone: Trust (client-facing)

A QoS profile has been created, and QoS has been enabled on both interfaces. A QoS rule exists to put the YouTube application into QoS class 6. Interface Ethernet 1/1 has a QoS profile called Outbound, and interface Ethernet 1/21 has a QoS profile called Inbound.
Which setting for Class 6 will throttle YouTube traffic?

Question37: In an enterprise deployment, a network security engineer wants to assign rights to a group of administrators without creating local administrator accounts on the firewall.
Which authentication method must be used?

Question38: A distributed log collection deployment has dedicated Log Collectors. A developer needs a device to send logs to Panorama instead of sending logs to the Collector Group.
What should be done first?

Question39: Which three rule types are available when defining polices in Panorama? (Choose three.)

Question40: Click the Exhibit button.

An administrator has noticed a large increase in bittorrent activity. The administrator wants to determine where the traffic is going on the company network.
What would be the administrator's next step?

Question41: When a malware-infected host attempts to resolve a known command-and-control server, the traffic matches a security policy with DNS sinkhole enabled, generating a traffic log.
What will be the destination IP address in that log entry?

Question42: Ethernet1/1 has been configured with the following subinterfaces:

The following security policy rule is applied:

The Interface Management Profile permits the following:

A customer is trying to ping 10.10.10.1 from VLAN 799 IP 10.10.10.2/24.
What will be the result of this ping?

Question43: A network security engineer needs to configure a virtual router using IPv6 addresses.
Which two routing options support these addresses? (Choose two.)

Question44: Which URL Filtering Security Profile action logs the URL Filtering category to the URL Filtering log?

Question45: Which setting will allow a DoS protection profile to limit the maximum concurrent sessionsfrom a source IP address?

Question46: Which authentication source requires the installation of Palo Alto Networks software, other than PAN-OS
7x, to obtain username-to-IP-address mapping?

Question47: Only two Trust to Untrust allow rules have been created in the Security policy.
* Rule1 allows google-base
* Rule2 allows youtube-base
The youtube-base App-ID depends on google-base to function. The google-base App-ID implicitly uses SSL and web-browsing. When users try to access https://www.youtube.com in a web browser, they get an error indicating that the server cannot be found.
Which action will allow youtube.com to display in the browser correctly?

Question48: A firewall administrator is troubleshooting problems with traffic passing through the Palo Alto Networks firewall.
Which method shows the global counters associated with the traffic after configuring the appropriate packet filters?

Question49: The GlobalProtect Portal interface and IP address have been configured.
Which other value needs to be defined to complete the network settings configuration of the GlobalProtect Portal?

Question50: Given these tables:


SVR1 is a webserver hosted in the DMZ zone. The FQDN of www.myserver.com is registered to an external DNS provider and resolves to 203.1.200.123 in the Untrust-L3 zone. Users in the Trust-L3 zone use the external FQDN to access SVR1.
Which NAT rule will process traffic sourced from the Trust-L3 zone destined for SVR1?

Question51: Which command can be used to validate a Captive Portal policy?

Question52: Which two interface types can be used when configuring GlobalProtect Portal? (Choose two.)

Question53: Company.com wants to enable Application Override. Given the following screenshot:

Which two statements are true if Source and Destination traffic match the Application Override policy?
(Choose two.)

Question54: Which two statements are correct for the out-of-box configuration for Palo Alto Networks NGFWs?
(Choose two.)

Question55: What is the default behavior when a Certificate Profile is configured to use both CRL and OCSP?

Question56: A company has a web server behind a Palo Alto Networks next-generation firewall that it wants to make accessible to the public at 1.1.1.1. The company has decided to configure a destination NAT Policy rule.
Given the following zone information:
DMZ zone: DMZ-L3
Public zone: Untrust-L3
Guest zone: Guest-L3
Web server zone: Trust-L3
Public IP address (Untrust-L3): 1.1.1.1
Private IP address (Trust-L3): 192.168.1.50
What should be configured as the destination zone on the Original Packet tab of the NAT Policy rule?

Question57: The IT department has received complaints about VoIP call jitter when the sales staff is making or receiving calls. QoS is enabled on all firewall interfaces, but there is no QoS policy written in the rulebase.
The IT manager wants to find out what traffic is causing the jitter in real time when a user reports the jitter.
Which feature can be used to identify, in real time, the applications taking up the most bandwidth?

Question58: The company's Panorama server (IP: 10.10.10.5) is not able to manage a firewall that was recently deployed. The firewall's dedicated management port is being used to connect to the management network.
Which two commands may be used to troubleshoot this issue from the CLI of the new firewall? (Choose two.)

Question59: Which device Group option is assigned by default in Panorama whenever a new device group is created to manage a Firewall?

Question60: Which three functions are found on the dataplane of a PA-5050? (Choose three.)

Question61: A network engineer has received a report of problems reaching 98.139.183.24 through vr1 on the firewall.
The routing table on this firewall is extensive and complex.
Which CLI command will help identify the issue?

Question62: Click the Exhibit button below.

A firewall has three PBF rules and a default route with a next hop of 172.20.10.1 that is configured in the default VR. A user named Will has a PC with a 192.168.10.10 IP address. He makes an HTTPS connection to 172.16.10.20.
What is the next hop IP address for the HTTPS traffic from Will's PC?

Question63: Palo Alto Networks maintains a dynamic database of malicious domains.
Which two Security Platform components use this database to prevent threats? (Choose two.)

Question64: A client is deploying a pair of PA-5000 series firewalls using High Availability (HA) in Active/Passive mode.
Which statement is true about this deployment?

Question65: What are two prerequisites for configuring a pair of Palo Alto Networks firewalls in an active/passive High Availability (HA) pair? (Choose two.)

Question66: Which field is optional when creating a new Security Police rule?

Question67: A company has started utilizing WildFire in its network.
Which three file types are supported? (Choose three.)

Question68: Which three fields can be included in a pcap filter? (Choose three.)

Question69: How are IPv6 DNS queries configured to use interface ethernet1/3?

Question70: The Network Security Administrator discovers that the company's NAT-aware SIP phone system is not working properly through the Palo Alto Networks firewall, even though SIP traffic is being allowed by policy.
Which configuration change can resolve this issue?

Question71: Site-A and Site-В have a site-to-site VPN set up between them. OSPF is configured to dynamically create the routes between the sites. The OSPF configuration in Site-А is configured properly, but the route for the tunnel is not being established. The Site-В interfaces in the graphic are using a broadcast Link Type. The administrator has determined that the OSPF configuration in Site-В is using the wrong Link Type for one of its interfaces.

Which Link Type setting will correct the error?

Question72: What are three valid methods of user mapping? (Choose three.)

Question73: A logging infrastructure may need to handle more than 10,000 logs per second.
Which two options support a dedicated log collector function? (Choose two.)

Question74: How can a Palo Alto Networks firewall be configured to send syslog messages in a format compatible with non-standard syslog servers?

Question75: Support for which authentication method was added in PAN-OS 7.0?

Question76: PAS-OS 7.0 introduced an automated correlation engine that analyzes log patterns and generates correlation events visible in the new Application Command Center (ACC).
Which license must the firewall have to obtain new correlation objectives?

Question77: Which two actions are required to make Microsoft Active Directory users appear in a firewall traffic log?
(Choose two.)

Question78: Firewall administrators cannot authenticate to a firewall GUI.
Which two logs on that firewall will contain authentication-related information useful in troubleshooting this issue? (Choose two.)

Question79: A network design calls for a "router on a stick" implementation with a PA-5060 performing inter-VLAN routing. All VLAN-tagged traffic will be forwarded to the PA-5060 through a single dot1q trunk interface.
Which interface type and configuration setting will support this design?

Question80: For which two functions is the management plane responsible? (Choose two.)

Question81: Given the following diagram:

A VPN connection has been created to allow traffic from the Trust-L3 zone of Site A to reach the Trust-L3 zone of Site B Each site is using tunnel.1 in the Untrust-L3 zone for the VPN connection. A static route needs to be added to the default virtual router in the Site A firewall to enable traffic from Site A to reach all workstations in Site B.
Which static route configuration will satisfy the requirement?

Question82: How does Panorama handle incoming logs when it reaches the maximum storage capacity?

Question83: A host attached to ethernet1/3 cannot access the Internet. The default gateway is attached to ethernet1/4.
After troubleshooting, it is determined that traffic cannot pass from ethernet1/3 to ethernet1/4.
What can be the cause of this problem?

Question84: A network administrator needs to view the default action for a specific spyware signature. The administrator follows the tabs and menus through Objects > Security Profiles > Anti-Spyware and selects the default profile.
What should be done next?

Question85: Which three options does the WF-500 appliance support for local analysis? (Choose three.)

Question86: Site-A and Site-В have a site-to-site VPN set up between them. OSPF is configured to dynamically create the routes between the sites. The OSPF configuration in Site-А is configured properly, but the route for the tunnel is not being established. The Site-В interfaces in the graphic are using a broadcast Link Type. The administrator has determined that the OSPF configuration in Site-В is using the wrong Link Type for one of its interfaces.

Which Link Type setting will correct the error?

Question87: Which interface configuration will accept specific VLAN IDs?

Question88: An administrator is configuring an IPSec VPN to a Cisco ASA at the administrator's home and experiencing issues completing the connection. The following is the output from the command:

What could be the cause of this problem?

Question89: Which CLI command displays the current management plane memory utilization?

Question90: Which Public Key Infrastructure component is used to authenticate users for GlobalProtect when the Connect Method is set to pre-logon?

Question91: A company hosts a publicly accessible web server behind a Palo Alta Networks next-generation firewall with the following configuration information:
* Users outside the company are in the "Untrust-L3" zone.
* The web server physically resides in the "Trust-L3" zone.
* Web server public IP address: 23.54.6.10.
* Web server private IP address: 192.168.1.10.
Which two items must the NAT policy contain to allow users in the Untrust-L3 zone to access the web server? (Choose two.)

Question92: Palo Alto Networks maintains a dynamic database of malicious domains.
Which two Security Platform components use this database to prevent threats? (Choose two.)

Question93: A host attached to ethernet1/4 cannot ping the default gateway. The widget on the dashboard shows ethernet1/1 and ethernet1/4 to be green. The IP address of ethernet1/1 is 192.168.1.7 and the IP address of ethernet1/4 is 10.1.1.7. The default gateway is attached to ethernet1/l. A default route is properly configured.
What can be the cause of this problem?

Question94: Which Palo Alto Networks VM-Series firewall is supported for VMware NSX?

Question95: A network security engineer has been asked to analyze WildFire activity. However, the WildFire Submissions item is not visible from the Monitor tab.
What could cause this condition?

Question96: Which two methods can be used to mitigate resource exhaustion of an application server? (Choose two.)

Question97: A network administrator uses Panorama to push security policies to managed firewalls at branch offices.
Which policy type should be configured on Panorama if the administrator wants to allow local administrators at the branch office sites to override these policies?