1 QUESTION NO: 1 OK

A host attached to ethernet1/4 cannot ping the default gateway. The widget on the dashboard shows
ethernet1/1 and ethernet1/4 to be green. The IP address of ethernet1/1 is 192.168.1.7 and the IP
address of ethernet1/4 is 10.1.1.7. The default gateway is attached to ethernet1/l. A default route is
properly configured.

What can be the cause of this problem?

A. No zone has been configured on ethernet1/4.

B. Interface ethernet1/1 is in Virtual Wire Mode
C. DNS has not been properly configured on the firewall.
D. DNS has not been properly configured on the host.

Answer: A

2 QUESTION NO: 2 OK
Site-A and Site- have a site-to-site VPN set up between them. OSPF is configured to dynamically
create the routes between the sites. The OSPF configuration in Site- is configured properly, but the
route for the tunnel is not being established. The Site- interfaces in the graphic are using a broadcast
Link Type. The administrator has determined that the OSPF configuration in Site- is using the wrong
Link Type for one of its interfaces.

Which Link Type setting will correct the error?

A. Set tunnel.1 to p2p

B. Set tunnel.1 to p2mp
C. Set ethernet1/1 to p2mp
D. Set ethernet1/1 to p2p

Answer: A

3 QUESTION NO: 3 OK - 132

Given the following routing table:
Which configuration change on the firewall would cause it to use 10.66.24.88 as the next hop for the
192.168.93.0/30 network?

A. Configuring the Administrative Distance for RIP to be lower than that of OSPF Int
B. Configuring the metric for RIP to be higher than that of OSPF Int
C. Configuring the Administrative Distance for RIP to be higher than that of OSPF Ext
D. Configuring the metric for RIP to be lower than that of OSPF Ext

Answer: A

4 QUESTION NO: 4 OK
A VPN connection is set up between Site-A and Site-B, but no traffic is passing. In the system log of
Site-A, there is an event logged as ike-nego-p1-fail-psk.
What action will bring the VPN up and allow traffic to start passing between the sites?

A. Change the Site- IKE Gateway profile version to match Site-A.

B. Change the Site- IKE Gateway profile exchange mode to aggressive mode.
C. Enable NAT Traversal on the Site- IKE Gateway profile.
D. Change the pre-shared key of Site- to match the pre-shared key of Site-A.

Answer: D

5 QUESTION NO: 5 OK
A company is upgrading its existing Palo Alto Networks firewalls from version 7.0.1 to 7.0.4.
Which three methods can the firewall administrator use to install PAN-OS 7.0.4 across the enterprise?
(Choose three.)
A. Download PAN-OS 7.0.4 files from the support site and install them on each firewall after
manually uploading.
B. Download PAN-OS 7.0.4 to a USB drive and the firewall will automatically update after the
USB drive is inserted in the firewall.
C. Push the PAN-OS 7.0.4 updates from the support site to install on each firewall.
D. Push the PAN-OS 7.0.4 update from one firewall to all of the other remaining after updating
one firewall.
E. Download and install PAN-OS 7.0.4 directly on each firewall.
F. Download and push PAN-OS 7.0.4 from Panorama to each firewall.

Answer: A,E,F

6 QUESTION NO: 6 OK
A logging infrastructure may need to handle more than 10,000 logs per second.
Which two options support a dedicated log collector function? (Choose two.)

A. Panorama virtual appliance on ESX(i) only

 B. M-500
C. M-100 with Panorama installed
D. M-100

Answer: A,D

7 QUESTION NO: 7 OK
Which three fields can be included in a pcap filter? (Choose three.)

A. Egress Interface
B. Source IP
C. Rule number
D. Destination IP
E. Ingress Interface

Answer: B, D, E

8 QUESTION NO: 8 OK - 4
A company hosts a publicly accessible web server behind a Palo Alto Networks next-generation
firewall with the following configuration information:

Users outside the company are in the Untrust-L3 zone.

The web server physically resides in the Trust-L3 zone.
Web server public IP address: 23.54.6.10.
Web server private IP address: 192.168.1.10.

Which two items must the NAT policy contain to allow users in the Untrust-L3 zone to access the
web server? (Choose two.)

A. Untrust-L3 for both Source and Destination Zone

B. Destination IP of 192.168.1.10
C. Untrust-L3 for Source Zone and Trust-L3 for Destination Zone
D. Destination IP of 23.54.6.10

Answer: A,D

9 QUESTION NO: 9 OK
A network engineer has received a report of problems reaching 98.139.183.24 through vr1 on the
firewall. The routing table on this firewall is extensive and complex.
Which CLI command will help identify the issue?

A. test routing fib virtual-router vrl

B. show routing route type static destination 98.139.183.24
C. test routing fib-lookup ip 98.139.183.24 virtual-router vrl
D. show routing interface

Answer: C

10 QUESTION NO: 10 OK
A network administrator needs to view the default action for a specific spyware signature. The
administrator follows the tabs and menus through Objects > Security Profiles > Anti-Spyware and
selects the default profile.
What should be done next?

A. Click the simple-critical rule and then click the Action drop-down list.
B. Click the Exceptions tab and then click Show all signatures.
C. View the default actions displayed in the Action column.
D. Click the Rules tab and then look for rules with default in the Action column.

Answer: B
11 QUESTION NO: 11 OK
Which two statements are correct for the out-of-box configuration for Palo Alto Networks NGFWs?
(Choose two.)

A. The devices are pre-configured with a virtual wire pair out of the first two interfaces.
B. The devices are licensed and ready for deployment.
C. The management interface has an IP address of 192.168.1.1 and allows SSH and HTTPS
connections.
D. A default bidirectional rule is configured that allows Untrust zone traffic to go to the Trust
zone.
E. The interfaces are pingable.

Answer: B,C

12 QUESTION NO: 12 OK
Which two mechanisms help prevent a split brain scenario in an Active/Passive High Availability
(HA) pair? (Choose two.)

A. Configure the management interface as HA3 Backup

B. Configure ethernet1/1 as HA1 Backup
C. Configure ethernet1/1 as HA2 Backup
D. Configure the management interface as A2 Backup
E. Configure the management interface as HA1 Backup
F. Configure ethernet1/1 as HA3 Backup

Answer: B,E

13 QUESTION NO: 13 OK
Click the Exhibit button.

An administrator has noticed a large increase in bittorrent activity. The administrator wants to
determine where the traffic is going on the company network.
What would be the administrators next step?

A. A. Right-click on the bittorrent link and select Value from the context menu.
B. Create a global filter for bittorrent traffic and then view Traffic logs.
C. Create a local filter for bittorrent traffic and then view Traffic logs.
D. Click on the bittorrent application link to view network activity.

Answer: D

14 QUESTION NO: 14 OK - 143

How is the Forward Untrust Certificate used?
 A. It issues certificates encountered on the Untrust security zone when clients attempt to
connect to a site that has to be decrypted.
B. It is used when web servers request a client certificate.
C. It is presented to clients when the server they are connecting to is signed by a certificate
authority that is not trusted by the firewall.
D. It is used for Captive Portal to identify unknown users.

Answer: C

15 QUESTION NO: 15 OK
Which command can be used to validate a Captive Portal policy?
A. eval captive-portal policy <criteria>
B. request cppolicyeval <criteria>
C. test cppolicymatch <criteria>
D. debug cppolicy <criteria >

Answer: C

16 QUESTION NO: 16 OK
What are three valid actions in a File Blocking Profile? (Choose three.)
A. Forward
B. Block
C. Alert
D. Upload
E. Reset-both
F. Continue

Answer: B,C,F

17 QUESTION NO: 17 OK
Which setting will allow a DoS protection profile to limit the maximum concurrent sessions from a
source IP address?
A. Set the type to Aggregate, clear the Sessions box and set the Maximum Concurrent Sessions
to 4000.
B. Set the type to Classified, clear the Sessions box and set the Maximum Concurrent Sessions to
4000.
C. Set the type to Classified, check the Sessions box and set the Maximum Concurrent Sessions
to 4000.
D. Set the type to Aggregate, check the Sessions box and set the Maximum Concurrent Sessions
to 4000.

Answer: C

18 QUESTION NO: 18 OK
A company has a pair of Palo Alto Networks firewalls configured as an Active/Passive High
availability (HA) pair. What allows the firewall administrator to determine the last date a failover
event occurred?

A. From the CLI issue use the show system info command
B. Apply the filter subtype eq ha to the System log
C. Apply the filter subtype eq ha to the Configuration log
D. Check the status of the High Availability widget on the Dashboard tab of the GUI

Answer: B

19 QUESTION NO: 19 OK
The company's Panorama server (IP: 10.10.10.5) is not able to manage a firewall that was recently
deployed. The firewall's dedicated management port is being used to connect to the management
network.
Which two commands may be used to troubleshoot this issue from the CLI of the new firewall?
(Choose two.)

A. test panorama-connect 10.10.10.5

B. show panorama-status
C. show arp all | match 10.10.10.5
D. tcpdump filter host 10.10.10.5
E. debug dataplane packet-diag set capture on

Answer: A,C

20 QUESTION NO: 20 OK - 108

Which Public Key Infrastructure component is used to authenticate users for GlobalProtect when the
Connect Method is set to pre-logon?

A. Certificate revocation list

B. Trusted root certificate
C. Machine certificate
D. Online Certificate Status Protocol

Answer: C

21 QUESTION NO: 21 OK
Which three log-forwarding destinations require a server profile to be configured? (Choose three.)

A. SNMP Trap
B. Email
C. RADIUS
D. Kerberos
E. Panorama
F. Syslog

Answer: A,E,F

22 QUESTION NO: 22 OK
A critical US-CERT notification is published regarding a newly discovered botnet. The malware is
very evasive and is not reliably detected by endpoint antivirus software. Furthermore, SSL is used to
tunnel malicious traffic to command-and-control servers on the Internet and SSL Forward Proxy
Decryption is not enabled.

Which component, once enabled on a perimeter firewall, will allow the identification of existing
infected hosts in an environment?

A. Anti-spyware profiles applied to outbound security policies with DNS Query action set to
sinkhole
B. File Blocking profiles applied to outbound security policies with action set to alert
C. Vulnerability Protection profiles applied to outbound security polices with action set to block
D. Antivirus profiles applied to outbound security policies with action set to alert

Answer: C

23 QUESTION NO: 23 OK
An administrator is configuring an IPSec VPN to a Cisco ASA at the administrator's home and
experiencing issues completing the connection. The following is the output from the command:

less mp-log ikemgr.log:

What could be the cause of this problem?

A. The public IP addresses do not match for both the Palo Alto Networks Firewall and the ASA.
B. The Proxy IDs on the Palo Alto Networks Firewall do not match the settings on the ASA.
C. The shared secrets do not match between the Palo Alto Networks Firewall and the ASA.
D. The dead peer detection settings do not match between the Palo Alto Networks Firewall
and the ASA.

Answer: A

24 QUESTION NO: 24 OK
How does Panorama handle incoming logs when it reaches the maximum storage capacity?

A. Panorama discards incoming logs when storage capacity is full.

B. Panorama stops accepting logs until licenses for additional storage space are applied.
C. Panorama stops accepting logs until a reboot to clean storage space.
D. Panorama automatically deletes older logs to create space for new ones.

Answer: D

25 QUESTION NO: 25 OK
Which client software can be used to connect remote Linux clients into a Palo Alto Networks
infrastructure without sacrificing the ability to scan traffic and protect against threats?

A. X-Auth IPsec VPN

B. GlobalProtect Apple iOS
C. GlobalProtect SSL
D. GlobalProtect Linux

Answer: A

26 QUESTION NO: 26 OK
Only two Trust to Untrust allow rules have been created in the Security policy.
Rule1 allows google-base
Rule2 allows youtube-base
The youtube-base App-ID depends on google-base to function. The google-base App-ID implicitly
uses SSL and web-browsing. When users try to access https://www.youtube.com in a web browser,
they get an error indicating that the server cannot be found.

Which action will allow youtube.com to display in the browser correctly?

A. Add the SSL App-ID to Rule1.

B. Create an additional Trust to Untrust Rule, add the web-browsing, and SSL App-ID's to it.
C. Add the DNS App-ID to Rule2.
D. Add the web-browsing App-ID to Rule2.

Answer: C
27 QUESTION NO: 27 OK
Which three options are available when creating a security profile? (Choose three.)

A. Anti-malware
B. File Blocking
C. URL Filtering
D. IDS/IPS
E. Threat Prevention
F. Antivirus

Answer: B,C,F

28 QUESTION NO: 28 OK
Which two methods can be used to mitigate resource exhaustion of an application server?
(Choose two.)
A. Vulnerability Object
B. DoS Protection Profile
C. Data Filtering Profile
D. Zone Protection Profile

Answer: B,D

29 QUESTION NO: 29 OK - 7
The IT department has received complaints about VoIP call jitter when the sales staff is making or
receiving calls. QoS is enabled on all firewall interfaces, but there is no QoS policy written in the
rulebase. The IT manager wants to find out what traffic is causing the jitter in real time when a user
reports the jitter.

Which feature can be used to identify, in real time, the applications taking up the most bandwidth?

A. QoS Statistics
B. Applications Report
C. Application Command Center (ACC)
D. QoS Log

Answer: A

30 QUESTION NO: 30 OK - 47
A Palo Alto Networks firewall is being targeted by an NTP Amplification attack and is being flooded
with tens of thousands of bogus UDP connections per second to a single destination IP address and
port.
Which option, when enabled with the correct threshold, would mitigate this attack without dropping
legitimate traffic to other hosts inside the network?

A. Zone Protection Policy with UDP Flood Protection

B. QoS Policy to throttle traffic below maximum limit
C. Security Policy rule to deny traffic to the IP address and port that is under attack
D. Classified DoS Protection Policy using destination IP only with a Protect action

Answer: D

31 QUESTION NO: 31 OK
Which two options are required on an M-100 appliance to configure it as a Log Collector? (Choose
two.)
A. From the Panorama tab of the Panorama GUI select Log Collector mode and then commit
changes.
B. Enter the command request system system-mode- logger then enter to confirm the change to
Log Collector mode.
C. From the Device tab of the Panorama GUI select Log Collector mode and then commit
changes.
 D. Enter the command logger-mode enable then enter to confirm the change to Log Collector
mode.
E. Log in to the Panorama CLI of the dedicated Log Collector.

Answer: B,E

32 QUESTION NO: 32 OK
The web server is configured to listen for HTTP traffic on port 8080. The clients access the web
server using the IP address 1.1.1.100 on TCP Port 80. The destination NAT rule is configured to
translate both IP address and port to 10.1.1.100 on T port 8080.

Which NAT and security rules must he configured on the firewall? (Choose two.)

A. A security policy with a source of any from untrust-l3 zone to a destination of 10.1.1.100 in
dmz-l3 zone using web-browsing application.
B. A NAT rule with a source of any from untrust-l3 zone to a destination of 10.1.1.100 in dmz-
l3 zone using service-http service.
C. A NAT rule with a source of any from untrust-l3 zone to a destination of 1.1.1.100 in untrus-
l3 zone using service-http service.
D. A security policy with a source of any from untrust-l3 zone to a destination of 1.1.1.100 in
dmz-l3 zone using web-browsing application.

Answer: B,D

33 QUESTION NO: 33 OK
A firewall administrator has completed most of the steps required to provision a standalone Palo
Alto Networks Next-Generation Firewall. As a final step, the administrator wants to test one of the
security policies.

Which CLI command syntax will display the rule that matches the test?

A. test security-policy-match source <ip_address> destination <IP_address> destination port

<port number> protocol <protocol number>
B. show security rule source <ip_address> destination <IP_address> destination port <port
number> protocol <protocol number>
C. test security rule source <ip_address> destination <IP_address> destination port <port
number> protocol <protocol number>
D. show security-policy-match source <ip_address> destination <IP_address> destination port
<port number> protocol <protocol number>

Answer: A

34 QUESTION NO: 34 OK - 65
Palo Alto Networks maintains a dynamic database of malicious domains.
Which two Security Platform components use this database to prevent threats? (Choose two.)
 A. Brute-force signatures
B. BrightCloud URL Filtering
C. PAN-DB URL Filtering
D. DNS-based command-and-control signatures

Answer: C,D

35 QUESTION NO: 35 OK
A network security engineer is asked to perform a Return Merchandise Authorization (RMA) on a
firewall.
Which pair of files needs to be imported back into the replacement firewall that is using Panorama?

A. Device state and license files

B. Configuration and serial number files
C. Configuration and statistics files
D. Configuration and Large Scale VPN (LSVPN) setups files

Answer: B

36 QUESTION NO: 36 OK
A company has a web server behind a Palo Alto Networks next-generation firewall that it wants to
make accessible to the public at 1.1.1.1. The company has decided to configure a destination NAT
Policy rule. Given the following zone information:

DMZ zone: DMZ-L3

Public zone: Untrust-L3
Guest zone: Guest-L3
Web server zone: Trust-L3
Public IP address (Untrust-L3): 1.1.1.1
Private IP address (Trust-L3): 192.168.1.50

What should be configured as the destination zone on the Original Packet tab of the NAT Policy
rule?
A. Untrust-L3
B. DMZ-L3
C. Guest-L3
D. Trust-L3

Answer: A

37 QUESTION NO: 37 OK
Company.com has an in-house application that the Palo Alto Networks device doesn't identify
correctly. A Threat Management Team member has mentioned that this in-house application is very
sensitive and all traffic being identified needs to be inspected by the Content-ID engine.

Which method should company.com use to immediately address this traffic on a Palo Alto Networks
device?
A. Create a Custom Application without signatures, then Create an Application Override policy
that includes the: Source, Destination, Destination Port/Protocol, and Custom Application of
the traffic.
B. Wait until an official Application signature is provided from Palo Alto Networks.
C. Modify the session timer settings on the closest referenced application to meet the needs of
the inhouse application.
D. Create a Custom Application with signatures matching unique identifiers of the in-house
application traffic.

Answer: A
38 QUESTION NO: 38 OK
What must be used in Security Policy Rules that contain addresses where NAT policy applies?

A. Pre-NAT addresses and Pre-NAT zones

B. Post-NAT addresses and Post-NAT zones
C. Pre-NAT addresses and Post-NAT zones
D. Post-NAT addresses and Pre-NAT zones

Answer: C

39 QUESTION NO: 39 OK
A network security engineer is asked to provide a report on bandwidth usage. Which tab in the ACC
provides the information needed to create the report?

A. Blocked Activity
B. Bandwidth Activity
C. Threat Activity
D. Network Activity

Answer: D

40 QUESTION NO: 40 OK
A network security engineer has been asked to analyze WildFire activity. However, the WildFire
Submissions item is not visible from the Monitor tab.
What could cause this condition?

A. The firewall does not have an active WildFire subscription.

B. The engineer's account does not have permissions to view WildFire Submissions.
C. A policy is blocking WildFire Submission traffic.
D. Though WildFire is working, there are currently no WildFire Submissions log entries.

Answer: A

41 QUESTION NO: 41 OK - 50
A network administrator uses Panorama to push security policies to managed firewalls at branch
offices.
Which policy type should be configured on Panorama if the administrator wants to allow local
administrators at the branch office sites to override these policies?

A. Pre Rules
B. Post Rules
C. Explicit Rules
D. Implicit Rules

Answer: A

42 QUESTION NO: 42 OK
Click the Exhibit button below.
A firewall has three PBF rules and a default route with a next hop of 172.20.10.1 that is configured in
the default VR. A user named Will has a PC with a 192.168.10.10 IP address. He makes an HTTPS
connection to 172.16.10.20.

What is the next hop IP address for the HTTPS traffic from Wills PC?

A. 172.20.30.1
B. 172.20.40.1
C. 172.20.20.1
D. 172.20.10.1

Answer: B

43 QUESTION NO: 43 OK
Which three functions are found on the dataplane of a PA-5050? (Choose three.)

A. Protocol Decoder
B. Dynamic routing
C. Management
D. Network processing
E. Signature Match

Answer: A,D,E

44 QUESTION NO: 44 OK
What are three valid methods of user mapping? (Choose three.)

A. Syslog
B. XML API
C. 802.1X
D. WildFire
E. Server Monitoring

Answer: A,B,E

45 QUESTION NO: 45 OK
What are three possible verdicts that WildFire can provide for an analyzed sample? (Choose three.)

A. Clean
B. Benign
C. Adware
D. Suspicious
E. Grayware
F. Malware

Answer: B,E,F
46 QUESTION NO: 46 OK - 27
What can cause missing SSL packets when performing a packet capture on dataplane interfaces?

A. The packets are hardware offloaded to the offload processor on the dataplane.
B. The missing packets are offloaded to the management plane CPU.
C. The packets are not captured because they are encrypted.
D. There is a hardware problem with the offloading FPGA on the management plane.

Answer: A

47 QUESTION NO: 47 OK - 151

Which Security Policy Rule configuration option disables antivirus and anti-spyware scanning of
server-to-client flows only?

A. Disable Server Response Inspection

B. Apply an Application Override
C. Disable HIP Profile
D. Add server IP to Security Policy exception

Answer: A

48 QUESTION NO: 48 OK
How are IPv6 DNS queries configured to use interface ethernet1/3?

A. Network > Virtual Routers > DNS Interface

B. Objects > CustomObjects > DNS
C. Network > Interface Mgmt
D. Device > Setup > Services > Service Route Configuration

Answer: D

49 QUESTION NO: 49 OK - 21
A firewall administrator is troubleshooting problems with traffic passing through the Palo Alto
Networks firewall.

Which method shows the global counters associated with the traffic after configuring the appropriate
packet filters?

A. From the CLI, issue the show counter global filter pcap yes command.
B. From the CLI, issue the show counter global filter packet-filter yes command.
C. From the GUI, select show global counters under the monitor tab.
D. From the CLI, issue the show counter interface command for the ingress interface.

Answer: B

50 QUESTION NO: 50 OK
A host attached to ethernet1/3 cannot access the Internet. The default gateway is attached to
ethernet1/4. After troubleshooting, it is determined that traffic cannot pass from ethernet1/3 to
ethernet1/4.

What can be the cause of this problem?

A. DHCP has been set to Auto.

B. Interface ethernet1/3 is in Layer 2 mode and interface ethernet1/4 is in Layer 3 mode.
C. Interfaces ethernet1/3 and ethernet1/4 are in Virtual Wire Mode.
D. DNS has not been properly configured on the firewall.

Answer: B
51 QUESTION NO: 51 OK
The GlobalProtect Portal interface and IP address have been configured.
Which other value needs to be defined to complete the network settings configuration of the
GlobalProtect Portal?

A. Server Certificate
B. Client Certificate
C. Authentication Profile
D. Certificate Profile

Answer: A

52 QUESTION NO: 52 OK
Which interface configuration will accept specific VLAN IDs?

A. Tap Mode
B. Subinterface
C. Access Interface
D. Trunk Interface

Answer: B

53 QUESTION NO: 53 OK
A company has a policy that denies all applications it classifies as bad and permits only applications it
classifies as good. The firewall administrator created the following security policy on the company's
firewall:

Which two benefits are gained from having both rule 2 and rule 3 present? (Choose two.)

A. A report can be created that identifies unclassified traffic on the network.

B. Different security profiles can be applied to traffic matching rules 2 and 3.
C. Rule 2 and Rule 3 apply to traffic on different ports.
D. Separate Log Forwarding profiles can be applied to rules 2 and 3.

Answer: A, B

54 QUESTION NO: 54 OK
A client is deploying a pair of PA-5000 series firewalls using High Availability (HA) in Active/Passive
mode. Which statement is true about this deployment?

A.The two devices must share a routable floating IP address.

B.The two devices may be different models within the PA-5000 series.
C.The HA1 IP address from each peer must be on a different subnet.
D.The management port may be used for a backup control connection.

Answer: D

55 QUESTION NO: 55 OK
Which Palo Alto Networks VM-Series firewall is supported for VMware NSX?

A. VM-100
B. VM-200
C. VM-1000-HV
D. VM-300
Answer: C

56 QUESTION NO: 56 OK - 53
Which two interface types can be used when configuring GlobalProtect Portal? (Choose two.)

A. Virtual Wire
B. Loopback
C. Layer 3
D. Tunnel

Answer: B,C

57 QUESTION NO: 57 OK
Which three options does the WF-500 appliance support for local analysis? (Choose three.)

A. E-mail links
B. APK files
C. jar files
D. PNG files
E. Portable Executable (PE) files

Answer: A,C,E

58 QUESTION NO: 58 OK - 45
After pushing a security policy from Panorama to a PA-3020 firewall, the firewall administrator
notices that traffic logs from the PA-3020 are not appearing in Panoramas traffic logs.

What could be the problem?

A. A Server Profile has not been configured for logging to this Panorama device.
B. Panorama is not licensed to receive logs from this particular firewall.
C. The firewall is not licensed for logging to this Panorama device.
D. None of the firewall's policies have been assigned a Log Forwarding profile.

Answer: D

59 QUESTION NO: 59 OK
Support for which authentication method was added in PAN-OS 7.0?

A. RADIUS
B. LDAP
C. Diameter
D. TACACS+

Answer: D

60 QUESTION NO: 60 OK
Company.com wants to enable Application Override. Given the following screenshot:
Which two statements are true if Source and Destination traffic match the Application Override
policy? (Choose two.)

A. Traffic that matches rtp-base will bypass the App-ID and Content-ID engines.
B. Traffic will be forced to operate over UDP Port 16384.
C. Traffic utilizing UDP Port 16384 will now be identified as rtp-base.
D. Traffic utilizing UDP Port 16384 will bypass the App-ID and Content-ID engines.

Answer: C,D