An engineer needs to see how many existing SSL decryption sessions are traversing a firewall What command should be used?

• A.show dataplane pool statistics I match proxy
• B.debug dataplane pool statistics I match proxy
• C.debug sessions I match proxy
• D.show sessions all

Comment: *

Name: *

Email: *

Verification: *

An engineer is tasked with enabling SSL decryption across the environment. What are three valid parameters of an SSL Decryption policy? (Choose three.)

• A.GlobalProtect HIP
• B.source users
• C.App-ID
• D.source and destination IP addresses
• E.URL categories

Comment: *

Name: *

Email: *

Verification: *

Below are the steps in the workflow for creating a Best Practice Assessment in a firewall and Panorama configuration Place the steps in order.

Correct Answer:

Explanation
Step 1. In either the NGFW or in Panorama, on the Operations/Support tab, download the technical support file.
Step 2. Log in to the Customer Support Portal (CSP) and navigate to Tools > Best Practice Assessment.
Step 3. Upload or drag and drop the technical support file.
Step 4. Map the zone type and area of the architecture to each zone.
Step 5.Follow the steps to download the BPA report bundle.

Comment: *

Name: *

Email: *

Verification: *

A
user's traffic traversing a Palo Alto Networks NGFW sometimes can reach http://www.company.com. At other times the session times out. The NGFW has been configured with a PBF rule that the user's traffic matches when it goes to http://www.company.com.
How can the firewall be configured automatically disable the PBF rule if the next hop goes down?

• A.Create and add a Monitor Profile with an action of Wait Recover in the PBF rule in question:.
• B.Enable and configure a Link Monitoring Profile for the external interface of the firewall.
• C.Configure path monitoring for the next hop gateway on the default route in the virtual router.
• D.Create and add a Monitor Profile with an action of Fail Over in the PBF rule in question:.

Comment: *

Name: *

Email: *

Verification: *

An administrator creates a custom application containing Layer 7 signatures. The latest application and threat dynamic update is downloaded to the same NGFW. The update contains an application that matches the same traffic signatures as the custom application.
Which application should be used to identify traffic traversing the NGFW?

• A.Custom application
• B.System logs show an application error and neither signature is used.
• C.Downloaded application
• D.Custom and downloaded application signature files are merged and both are used

Comment: *

Name: *

Email: *

Verification: *