Академический Документы
Профессиональный Документы
Культура Документы
Question 1 of 30.
Question 2 of 30.
Which selections should be used for applications, destinations, and users in the Security policy
rule used by a firewall to collect data for an SLR?
pre-logon, all-palo-alto-base, trust
any, any, any
any, any, untrust
pre-logon, any, trust
Mark for follow up
Question 3 of 30.
To configure a firewall to collect data for an SLR, what should the WildFire® action be in the
Antivirus Profile attached to the security rule used by the interface receiving customer traffic?
"reset client" for all actions
"alert" for all actions
"default" for all actions
"alert" for FTP and HTTP, and "reset both" for all other decoders
Mark for follow up
Question 4 of 30.
Which two features provide visibility into malware delivery? (Choose two.)
WildFire®
decryption
anti-spyware
antivirus protection
Mark for follow up
Question 5 of 30.
Question 6 of 30.
Question 8 of 30.
After a Tech Support File is uploaded to the partner portal to create a BPA report, what does
Zone Mapping do?
It allows a user to rename zones for clarity in the BPA report.
It allows a user an additional opportunity to specify source and destination zones for firewall
rules analyzed in the BPA.
It allows a user to map each zone in the Tech Support File to its area of architecture,
such as internet, DMZ, remote/VPN, or other areas.
When the Tech Support File is from Panorama and reflects multiple firewalls, it allows a
user to specify whether each firewall is physical or virtual.
Mark for follow up
Question 9 of 30.
Which three options are firewall configuration steps to prepare for SLR data collection? (Choose
three.)
Receive license keys from the license server.
From Device > Setup > Interfaces > Management, edit Management Interface Settings
and add an address and default gateway.
From Device > Setup > Services, edit DNS settings and set the update server to the address
of one of the existing firewalls.
From Device > Setup > Services, edit DNS settings and set the update server to
updates.paloaltonetworks.com.
From Objects > Security Profiles > Antivirus, edit the Antivirus Profile and set its
WildFire® action to "reset both" for all decoders.
Mark for follow up
Question 10 of 30.
Question 11 of 30.
How does use of User-ID in a security rule help implement the Palo Alto Networks security
posture?
specifies traffic data pattern matching to support Zero Trust
reduces the attack surface to support Zero Trust
specifies the exfiltration zones to which security profiles apply
increases the attack surface to support positive enforcement
Mark for follow up
Question 12 of 30.
When a customer is using competitors’ security products, which two tools are appropriate to help
the customer reassess their security posture? (Choose two.)
BPA
PPA
TMS
SLR
Mark for follow up
Question 13 of 30.
Question 14 of 30.
A customer evolving its computing from on-premises through private cloud, public cloud, and
SaaS computing has which three main security challenges? (Choose three.)
With cloud computing, small human errors can result in sensitive data being exposed to
scripts and bots that scan the internet for public leaks.
Security processes in the cloud environment cannot be automated so the benefits of cloud
computing cannot be fully leveraged.
Security cannot be made consistent across the different places applications are deployed.
With manual processes, managing policy and investigating incidents across multiple
cloud environments and various tools can be difficult.
If they keep remnants from each step in their evolution, the resulting security
architecture can be so fragmented that is impossible to operate.
Mark for follow up
Question 15 of 30.
In addition to reporting deviations from best practice, the BPA Report provides which two pieces
of information? (Choose two.)
a reason to follow best practice for each best-practice fail that the BPA identifies
a recommendation to achieve a pass for each best-practice fail that the BPA identifies
a configuration file that when used by the firewall will enable it to pass all best-practice tests
all the parameters used by any security rules or other rules configured for the firewall
Mark for follow up
Question 16 of 30.
Question 17 of 30.
Question 18 of 30.
Which answer best describes the meaning of the above picture in the context of Palo Alto
Networks Security Lifecycle Reviews?
The firewall essentially is a router on a stick.
Firewalls can connect only to customer switches, they cannot connect to customer routers.
Firewalls involved in Security Lifecycle Reviews use wireless interfaces only.
The firewall in Tap mode connects to a switch and does not impact customer traffic at
all.
Mark for follow up
Question 19 of 30.
To prepare for data collection for an SLR, what needs to be done about licenses and dynamic
updates?
Licenses and dynamic updates are provided by the Partner Portal or Support Portal as part of
deal registration.
Licenses and dynamic updates are configured on the firewall.
The customer can use their existing licenses and dynamic updates.
The firewall is in Tap mode so licenses and dynamic updates are unnecessary.
Mark for follow up
Question 20 of 30.
What allows an SLR evaluation firewall to collect data to obtain information about who is
sending or receiving traffic?
The customer provides endpoint Traffic logs.
Syslog data is uploaded while the SLR report is generated.
Data about who sends or receives traffic is not collected for an SLR.
User-ID is configured on the firewall.
Mark for follow up
Question 21 of 30.
App-ID provides value protecting against threats in which two ways? (Choose two.)
With application dependency, the identified application depends on the intent of the attacker
and App-ID can be used this way to block malicious intent.
App-ID can be used in a security rule to specify that traffic initiating from a specific group
of users is blocked.
Once an application is identified, App-ID provides interpretation of the application's payload
to ensure that the application is used only as intended.
App-ID can be used with User-ID and Content-ID to reduce the attack surface.
App-ID can be used in a security rule to specify that traffic belonging to a set of
applications is blocked.
Mark for follow up
Question 22 of 30.
How do security rules and security profiles work together to create security policy?
Security rules specify what happens to traffic that an attached security profile would
otherwise allow.
Security profiles specify what happens to traffic that an attached security rule blocks.
The firewall forwards traffic when it finds either a security rule or a security profile that
allows that traffic.
Security profiles specify what happens to traffic that an attached security rule would
otherwise allow.
Mark for follow up
Question 23 of 30.
Question 25 of 30.
Which feature or option helps find the security rule that allowed traffic from a particular
application at a particular time?
BPA heatmap
WildFire® verdict
log at NGFW Monitor > Traffic
Prisma SaaS Risk Assessment Report
Mark for follow up
Question 26 of 30.
Which three security capabilities can be combined to provide necessary protection for current
multi-platform cloud application architecture? (Choose three.)
detection and prevention of zero-day attacks by securing applications and operating systems
from within their workload or host
inline security with the ability to protect and segment traffic that’s entering
applications, going between applications, and leaving applications
use of IaaS and PaaS APIs to obtain good insight into how services are consumed,
configured, and deployed
a set of point products from multiple vendors that provide frictionless security for specific
corner use cases, along with a corresponding set of security administration and reporting tools
native cloud-platform security offerings that provide security for multiple platforms and on-
premises data center infrastructures
Mark for follow up
Question 27 of 30.
Question 28 of 30.
How is the data in a Stats Dump file made available for SLR Report creation?
automatically pulled by Panorama and uploaded to the Partner Portal
uploaded directly from the firewall to the Partner Portal
downloaded from the firewall to a computer, then uploaded when requested from the
Partner Portal
fed through the Cortex Data Lake and made available to the SLR app
Mark for follow up
Question 29 of 30.
For Tap mode installation of an NGFW to collect data for an SLR, where is the NGFW placed?
off a SPAN port of a switch that sees all north-south traffic of the network to be
reviewed
between the internet and existing perimeter security competitive firewalls
between an internal database server and its backup server
off a SPAN port of a firewall that will be the competition for the NGFW
Mark for follow up
Question 30 of 30.