EMT Practice Test

1. Question Content...


Question List

Question1: How frequently do WildFire signatures move into the antivirus database?

Question2: A specific URL keeps appearing in URL filtering log entries, it was blocked successfully, but the administrator would like to investigate further.
In which two ways would AutoFocus help this administrator? (Choose two.)

Question3: A potential customer requires an NGFW solution which enables high-throughput, low-latency network security, all while incorporating unprecedented features and technology. They need a solution that solves the performance problems that plague today's security infrastructure.
Which aspect of the Palo Alto Networks NGFW capabilities can you highlight to help them address the requirements?

Question4: Which two methods can be used to verify firewall connectivity to AutoFocus? (Choose two.)

Question5: Which functionality is available to firewall users with an active Threat Prevention subscription, but no WildFire license?

Question6: What can be applied to prevent users from unknowingly downloading malicious file types from the internet?

Question7: Which three categories are identified as best practices in the Best Practice Assessment tool? (Choose three.)

Question8: Which two features are found in a Palo Alto Networks NGFW but are absent in a legacy firewall product?
(Choose two.)

Question9: How do Highly Suspicious artifacts in-AutoFocus help identify when an unknown, potential zero- day, targeted attack occur to allow one to adjust the security posture?

Question10: Which two features can be enabled to support asymmetric routing with redundancy on a Palo Alto networks next-generation firewall (NGFW)? (Choose two.)

Question11: Which CLI allows you to view the names of SD-WAN policy rules that send traffic to the specified virtual SD-WAN interface, along with the performance metrics?
A)

B)

C)

D)

Question12: Which two types of security chains are supported by the Decryption Broker? (Choose two.)

Question13: Which two tabs in Panorama can be used to identify templates to define a common base configuration? (Choose two.)

Question14: Which three features are used to prevent abuse of stolen credentials? (Choose three.)

Question15: A customer is designing a private data center to host their new web application along with a separate headquarters for users.
Which cloud-delivered security service (CDSS) would be recommended for the headquarters only?

Question16: What two advantages of the DNS Sinkholing feature? (Choose two)

Question17: Which two methods can be used to verify firewall connectivity to AutoFocus? (Choose two.)

Question18: Access to a business site is blocked by URL Filtering inline machine learning (ML) and considered as a false-positive.
How should the site be made available?

Question19: WildFire can discover zero-day malware in which three types of traffic? (Choose three)

Question20: Select the BOM for the Prisma Access, to provide access for 5500 mobile users and 10 remote locations (100Mbps each) for one year, including Base Support and minimal logging. The customer already has 4x PA5220r 8x PA3220,1x Panorama VM for 25 devices.

Question21: in which step of the Palo Alto Networks Five-Step Zero Trust Methodology would an organization's critical data, applications, assets, and services (DAAS) be identified?

Question22: Which three categories are identified as best practices in the Best Practice Assessment tool? (Choose three.)

Question23: A customer worried about unknown attacks is hesitant to enable SSL decryption due to privacy and regulatory issues. How does the platform address the customer's concern?

Question24: An administrator needs a PDF summary report that contains information compiled from existing reports based on data for the top 5 in each category.
How often will the Administrator receive the report?

Question25: What is the key benefit of Palo Alto Networks Single Pass Parallel Processing design?

Question26: What are two core values of the Palo Alto Network Security Platform? (Choose two)

Question27: Which three categories are identified as best practices in the Best Practice Assessment tool? (Choose three.)

Question28: What two types of certificates are used to configure SSL Forward Proxy? (Choose two.)

Question29: Which license is required to receive weekly dynamic updates to the correlation objects on the firewall and Panorama?

Question30: Which two statements are correct for the out-of-box configuration for Palo Alto Networks NGFWs? (Choose two)

Question31: What are three best practices for running an Ultimate Test Drive (UTD)? (Choose three.)

Question32: Which selection must be configured on PAN-OS External Dynamic Lists to support MineMeld indicators?

Question33: Which CLI command will allow you to view latency, jitter and packet loss on a virtual SD-WAN interface?
A)

B)

C)

D)

Question34: An Administrator needs a PDF summary report that contains information compiled from existing reports based on data for the Top five(5) in each category Which two timeframe options are available to send this report? (Choose two.)

Question35: What aspect of PAN-OS allows for the NGFW admin to create a policy that provides auto- remediation for anomalous user behavior and malicious activity while maintaining user visibility?

Question36: A customer is concerned about zero-day targeted attacks against its intellectual property.
Which solution informs a customer whether an attack is specifically targeted at them?

Question37: A packet that is already associated with a current session arrives at the firewall.
What is the flow of the packet after the firewall determines that it is matched with an existing session?

Question38: Which three of the following actions must be taken to enable Credential Phishing Prevention? (Choose three.)

Question39: What will a Palo Alto Networks next-generation firewall (NGFW) do when it is unable to retrieve a DNS verdict from the DNS cloud service in the configured lookup time?

Question40: Which task would be identified in Best Practice Assessment tool?

Question41: Prisma SaaS provides which two SaaS threat prevention capabilities? (Choose two)

Question42: Which three categories are identified as best practices in the Best Practice Assessment tool? (Choose three.)

Question43: What are three purposes for the Eval Systems, Security Lifecycle Reviews and Prevention Posture Assessment tools? (Choose three.)

Question44: Within the Five-Step Methodology of Zero Trust, in which step would application access and user access be defined?

Question45: Which two network events are highlighted through correlation objects as potential security risks? (Choose two.)

Question46: A customer with a legacy firewall architecture is focused on port and protocol level security, and has heard that next generation firewalls open all ports by default.
What is the appropriate rebuttal that positions the value of a NGFW over a legacy firewall?

Question47: Which User-ID method maps IP addresses to usernames for users connecting through an
802.1x-enabled wireless network device that has no native integration with PAN-OS software?

Question48: Which functionality is available to firewall users with an active Threat Prevention subscription, but no WildFire license?

Question49: Which two methods can be used to verify firewall connectivity to AutoFocus? (Choose two.)

Question50: A price-sensitive customer wants to prevent attacks on a Windows Virtual Server. The server will max out at
100Mbps but needs to have 45.000 sessions to connect to multiple hosts within a data center Which VM instance should be used to secure the network by this customer?

Question51: Which three network events are highlighted through correlation objects as a potential security risks? (Choose three.)

Question52: Which three script types can be analyzed in WildFire? (Choose three)

Question53: What are the three benefits of the Palo Alto Networks migration tool? (Choose three.)

Question54: Which three categories are identified as best practices in the Best Practice Assessment tool? (Choose three.)

Question55: What action would address the sub-optimal traffic path shown in the figure?
Key:
RN -Remote Network
SC -Service Connection
MU GW -Mobile User Gateway

Question56: Which CLI command will allow you to view latency, jitter and packet loss on a virtual SD-WAN interface?
A)

B)

C)

D)

Question57: Which Palo Alto Networks pre-sales tool involves approximately 4 hour interview to discuss a customer's current security posture?

Question58: Which three policies or certificates must be configured for SSL Forward Proxy decryption?
(Choose three.)

Question59: A customer is seeing an increase in the number of malicious files coming in from undetectable sources in their network. These files include doc and .pdf file types.
The customer uses a firewall with User-ID enabled
Which feature must also be enabled to prevent these attacks?

Question60: Which two features are found in Palo Alto Networks NGFW but are absent in a legacy firewall product? (Choose two.)

Question61: Which two methods can be used to verify firewall connectivity to AutoFocus? (Choose two.)

Question62: A customer requires protections and verdicts for portable executable (PE) and executable and linkable format (ELF), as well as the ability to integrate with existing security tools.
Which Cloud-Delivered Security Service (CDSS) does Palo Alto Networks provide that will address this requirement?

Question63: How do you configure the rate of file submissions to WildFire in the NGFW?

Question64: Which two types of security chains are supported by the Decryption Broker? (Choose two.)

Question65: A customer is concerned about malicious activity occurring directly on their endpoints and will not be visible to their firewalls.
Which three actions does the Traps agent execute during a security event, beyond ensuring the prevention of this activity? (Choose three.)

Question66: Match the WildFire Inline Machine Learning Model to the correct description for that model.

Question67: A client chooses to not block uncategorized websites.
Which two additions should be made to help provide some protection? (Choose two.)

Question68: Given the following network diagram, an administrator is considering the use of Windows Log Forwarding and Global Catalog servers for User-ID implementation. What are two potential bandwidth and processing bottlenecks to consider? (Choose two.)

Question69: Which CLI command allows visibility into SD-WAN events such as path Selection and path quality measurements?

Question70: Which three new script types can be analyzed in WildFire? (Choose three.)

Question71: Which three settings must be configured to enable Credential Phishing Prevention? (Choose three.)

Question72: A WildFire subscription is required for which two of the following activities? (Choose two)

Question73: What is the basis for purchasing Cortex XDR licensing?

Question74: XYZ Corporation has a legacy environment with asymmetric routing. The customer understands that Palo Alto Networks firewalls can support asymmetric routing with redundancy. Which two features must be enabled to meet the customer's requirements? (Choose two.)

Question75: Which two components must be configured within User-ID on a new firewall that has been implemented? (Choose two.)

Question76: Palo Alto Networks maintains a dynamic database of malicious domains. Which two Security Platform components use this database to prevent threats? (Choose two)

Question77: What are three best practices for running an Ultimate Test Drive (UTD)? (Choose three.)

Question78: Which three signature-based Threat Prevention features of the firewall are informed by intelligence from the Threat Intelligence Cloud? (Choose three.)

Question79: What are two presales selling advantages of using Expedition? (Choose two.)

Question80: What are three key benefits of the Palo Alto Networks platform approach to security? (Choose three)

Question81: Which CLI commands allows you to view SD-WAN events such as path selection and path quality measurements?

Question82: Palo Alto Networks publishes updated Command-and-Control signatures. How frequently should the related signatures schedule be set?

Question83: A customer is adopting Microsoft Office 365 but is concerned about the potential security exposure that such a move could mean. The security analyst suggests using Aperture and the Palo Alto Network firewall together to provide data and network security.
What are the two reasons this solution has been suggested? (Choose two.)

Question84: How do you configure the rate of file submissions to WildFire in the NGFW?

Question85: Which is the smallest Panorama solution that can be used to manage up to 2500 Palo Alto Networks Next Generation firewalls?

Question86: In an HA pair running Active/Passive mode, over which interface do the dataplanes communicate?

Question87: Which profile or policy should be applied to protect against port scans from the internet?

Question88: What are two core values of the Palo Alto Network Security Operating Platform? (Choose two.}

Question89: A customer is seeing an increase in the number of malicious files coming in from undetectable sources in their network. These files include doc and .pdf file types. The customer believes that someone has clicked an email that might have contained a malicious file type. The customer already uses a firewall with User-ID enabled.
Which feature must also be enabled to prevent these attacks?

Question90: An endpoint, inside an organization, is infected with known malware. The malware attempts to make a command and control connection to a C&C server via the destination IP address.
Which mechanism prevent this connection from succeeding?

Question91: Which two tabs in Panorama can be used to identify templates to define a common base configuration?
(Choose two.)

Question92: Which option is required to activate/retrieve a Device Management License on the M.100 Appliance after the Auth Codes have been activated on the Palo Alto Networks Support Site?

Question93: How does SSL Forward Proxy decryption work?

Question94: Drag and Drop Question
Match the WildFire Inline Machine Learning Model to the correct description for that model.

Question95: Which three categories are identified as best practices in the Best Practice Assessment tool? (Choose three.)

Question96: Which statement is true about Deviating Devices and metrics?

Question97: Which two types of security chains are supported by the Decryption Broker? (Choose two.)

Question98: Which three categories are identified as best practices in the Best Practice Assessment tool? (Choose three.)

Question99: Because of regulatory compliance a customer cannot decrypt specific types of traffic.
Which license should an SE recommend to the customer who will be decrypting traffic on the Palo Alto Networks firewall?

Question100: Which three new script types can be analyzed in WildFire? (Choose three.)

Question101: Which methods are used to check for Corporate Credential Submissions? (Choose three.)

Question102: An administrator wants to justify the expense of a second Panorama appliance for HA of the management layer.
The customer already has multiple M-100s set up as a log collector group. What are two valid reasons for deploying Panorama in High Availability? (Choose two.)

Question103: The need for a file proxy solution, virus and spyware scanner, a vulnerability scanner, and HTTP decoder for URL filtering is handled by which component in the NGFW?

Question104: In which two ways can PAN-OS software consume MineMeld outputs? (Choose two.)

Question105: Which option is required to Activate/Retrieve a Device Management License on the M-100 Appliance after the Auth Codes have been activated on the Palo Alto Networks Support Site?