Enable SSL decryption, block SSH traffic
Enable SSL decryption, block SSH tunnel traffic
Enable SSH decryption, block SSH traffic
Mark for follow up
Question 25 of 72.
When setting up GlobalProtect, what is the job of the GlobalProtect Portal? Select the best answer
答案: C
To load balance GlobalProtect client connections to GlobalProtect Gateways
To maintain the list of GlobalProtect Gateways and list of categories for checking the client machine To apply Global Server Load Balancing to Global Protect clients to other GlobalProtect Portals or
Gateways.
To maintain the list of remote GlobalProtect Portals and list of categories for checking the client machine
Mark for follow up
Question 26 of 72.
The maximum number of interfaces that can be configured in a single Virtual Wire object is:
答案:B
1
2
4
8
16
Mark for follow up
Question 27 of 72.
The \
答案:D
can only be configured in Tap Mode
does not perform higher-level inspection of traffic from the side that originated the TCP SYN packet
does not perform higher-level inspection of traffic from the side that originated the TCP SYN packet
performs higher-level inspection of traffic from the side that originated the TCP SYN packet
None of the above
Mark for follow up
Question 28 of 72.
The \
答案: B
Increased speed on the downloads of the allowed file types.
Protection against unwanted downloads, by alerting the user with a response page indicating that a file is going to be downloaded.
an administrator the ability to leverage Authentication Profiles in order to protect against unwanted downloads.
Password-protected access to specific file downloads, for authorized users.
Mark for follow up
Question 29 of 72.
To allow the PAN device to resolve internal and external DNS host names for reporting and for security policy, an administrator can do the following:
答案:B
In the device settings set the Primary DNS server to an external server and the secondary to an internal server.
Create a DNS Proxy Object with a default DNS Server for external resolution and a DNS server for internal domain. Then, in the device settings, point to this proxy object for DNS resolution.
Create a DNS Proxy Object with a default DNS Server for external resolution and a DNS server for internal
domain. Then, in the device settings, select the proxy object as the Primary DNS and create a custom security rule which references that object.
In the device settings define internal hosts via a static list.
None of the above
Mark for follow up
Question 30 of 72.
What happens at the point of Threat Prevention license expiration?
答案:A
Threat Prevention no longer updated; existing database still effective
Threat Prevention no longer used; traffic is allowed or blocked by configuration per Security Rule
Threat Prevention no longer used; applicable traffic is blocked
Threat Prevention is no longer used; applicable traffic is allowed
Mark for follow up
Question 31 of 72.
Where can you enable the “Dynamic URL Filtering” option?
答案:D
In the zone configuration that includes the interface for the URL filtered traffic
In the Zone Protection Profile settings
Under Device / Licenses / URL Filtering
In the URL Filtering security profile object
None of the above
Mark for follow up
Question 32 of 72.
Which of the following types of protection are available in DoS policy?
答案:A
Session Limit, SYN Flood, UDP Flood
Session Limit, SYN Flood, Host Swapping, UDP Flood
Session Limit, SYN Flood, Port Scanning, Host Swapping
Session Limit, Port Scanning, Host Swapping, UDP Flood
Mark for follow up
Question 33 of 72.
A customer would like to identify any TCP port scans or UDP ports scans traversing their network links. Where can this type of security policy be configured?
答案:A
Network / Network Profiles / Zone Protection
Policies / Profile / Zone Protection
Objects / Zone Protection
Interfaces / Interface number / Zone Protection
Mark for follow up
Question 34 of 72.
To reduce the amount of URL logs generated you can configure:
答案:A
A URL Filtering Profile with \
A URL Filtering Profile with \
A URL Filtering Profile with the block list set to \
The following CLI command: \
Mark for follow up
Question 35 of 72.
When configuring Security rules based on FQDN objects, which of the following statements are true?
答案: A
The firewall resolves the FQDN first when the policy is committed, and is refreshed at TTL expiration. There is no limit on the number of IP addresses stored for each resolved FQDN.
In order to create FQDN-based objects, you need to manually define a list of associated IP. Up to 10 IP addresses can be configured for each FQDN entry.
The firewall resolves the FQDN first when the policy is committed, and is refreshed each time Security rules are evaluated.
The firewall resolves the FQDN first when the policy is committed, and is refreshed at TTL expiration. The resolution of this FQDN stores up to 10 different IP addresses.
Mark for follow up