Which three authentication types can be used to authenticate users? (Choose three.)

• A.Local database authentication
• B.PingID
• C.Kerberos single sign-on
• D.GlobalProtect client
• E.Cloud authentication service

Comment: *

Name: *

Email: *

Verification: *

Which three use cases are valid reasons for requiring an Active/Active high availability deployment? (Choose three )

• A.The environment requires real full-time redundancy from both firewalls at all times
• B.The environment requires Layer 2 interfaces in the deployment
• C.The environment requires that both firewalls maintain their own routing tables for faster dynamic routing protocol convergence
• D.The environment requires that all configuration must be fully synchronized between both members of the HA pair
• E.The environment requires that traffic be load-balanced across both firewalls to handle peak traffic spikes

Comment: *

Name: *

Email: *

Verification: *

An administrator deploys PA-500 NGFWs as an active/passive high availability pair. The devices are not participating in dynamic routing and preemption is disabled.
What must be verified to upgrade the firewalls to the most recent version of PAN-OS software?

• A.Wildfire update package
• B.User-ID agent
• C.Anti virus update package
• D.Application and Threats update package

Comment: *

Name: *

Email: *

Verification: *

Refer to the exhibit.

An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the specific server based on the application, where Host A (10.1.1.100) receives HTTP traffic and HOST B (10.1.1.101) receives SSH traffic.) Which two security policy rules will accomplish this configuration? (Choose two.)

• A.Untrust (Any) to DMZ (10.1.1.100.10.1.1.101), ssh, web-browsing -Allow
• B.Untrust (Any) to Untrust (10.1.1.101), ssh -Allow
• C.Untrust (Any) to DMZ (10.1.1.100), web-browsing -Allow
• D.Untrust (Any) to DMZ (10.1.1.100), ssh -Allow
• E.Untrust (Any) to Untrust (10.1.1.100), web-browsing -Allow

Comment: *

Name: *

Email: *

Verification: *

Which three statements accurately describe Decryption Mirror? (Choose three.)

• A.Decryption Mirror requires a tap interface on the firewall
• B.Use of Decryption Mirror might enable malicious users with administrative access to the firewall to harvest sensitive information that is submitted via an encrypted channel
• C.Only management consent is required to use the Decryption Mirror feature.
• D.Decryption, storage, inspection, and use of SSL traffic are regulated in certain countries.
• E.You should consult with your corporate counsel before activating and using Decryption Mirror in a production environment.

Comment: *

Name: *

Email: *

Verification: *