Refer to the diagram. Users at an internal system want to ssh to the SSH server. The server is configured to respond only to the ssh requests coming from IP 172.16.16.1.
In order to reach the SSH server only from the Trust zone, which Security rule and NAT rule must be configured on the firewall?

• A.NAT Rule:
  Source Zone: Trust -
  Source IP: Any -
  Destination Zone: Server -
  Destination IP: 172.16.15.10 -
  Source Translation: Static IP / 172.16.15.1
  Security Rule:
  Source Zone: Trust -
  Source IP: Any -
  Destination Zone: Trust -
  Destination IP: 172.16.15.10 -
  Application: ssh
• B.NAT Rule:
  Source Zone: Trust -
  Source IP: 192.168.15.0/24 -
  Destination Zone: Trust -
  Destination IP: 192.168.15.1 -
  Destination Translation: Static IP / 172.16.15.10
  Security Rule:
  Source Zone: Trust -
  Source IP: 192.168.15.0/24 -
  Destination Zone: Server -
  Destination IP: 172.16.15.10 -
  Application: ssh
• C.NAT Rule:
  Source Zone: Trust -
  Source IP: Any -
  Destination Zone: Trust -
  Destination IP: 192.168.15.1 -
  Destination Translation: Static IP /172.16.15.10
  Security Rule:
  Source Zone: Trust -
  Source IP: Any -
  Destination Zone: Server -
  Destination IP: 172.16.15.10 -
  Application: ssh
• D.NAT Rule:
  Source Zone: Trust -
  Source IP: Any -
  Destination Zone: Server -
  Destination IP: 172.16.15.10 -
  Source Translation: dynamic-ip-and-port / ethernet1/4
  Security Rule:
  Source Zone: Trust -
  Source IP: Any -
  Destination Zone: Server -
  Destination IP: 172.16.15.10 -
  Application: ssh

Comment: *

Name: *

Email: *

Verification: *

A network administrator wants to deploy SSL Forward Proxy decryption. What two attributes should a forward trust certificate have? (Choose two.)

• A.A certificate authority (CA) certificate
• B.A private key
• C.A server certificate
• D.A subject alternative name

Comment: *

Name: *

Email: *

Verification: *

A firewall administrator has completed most of the steps required to provision a standalone Palo Alto Networks Next-Generation Firewall. As a final step, the administrator wants to test one of the security policies.
Which CLI command syntax will display the rule that matches the test?

• A.test security -policy- match source <ip_address> destination <IP_address> destination port <port number> protocol <protocol number
• B.show security rule source <ip_address> destination <IP_address> destination port <port number> protocol <protocol number>
• C.test security rule source <ip_address> destination <IP_address> destination port <port number> protocol <protocol number>
• D.show security-policy-match source <ip_address> destination <IP_address> destination port <port number> protocol <protocol number> test security-policy-match source

Comment: *

Name: *

Email: *

Verification: *

Which rule type controls end user SSL traffic to external websites?

• A.SSL Outbound Proxyless Inspection
• B.SSL Forward Proxy
• C.SSH Proxy
• D.SSL Inbound Inspection

Comment: *

Name: *

Email: *

Verification: *

An engineer manages a high availability network and requires fast failover of the routing protocols. The engineer decides to implement BFD.
Which three dynamic routing protocols support BFD? (Choose three.)

• A.RIP
• B.OSPF
• C.BGP
• D.OSPFv3 virtual link
• E.IGRP

Comment: *

Name: *

Email: *

Verification: *