A firewall administrator has completed most of the steps required to provision a standalone Palo Alto Networks Next-Generation Firewall. As a final step, the administrator wants to test one of the security policies.
Which CLI command syntax will display the rule that matches the test?

• A.test security -policy- match source <ip_address> destination <IP_address> destination port <port number> protocol <protocol number
• B.show security rule source <ip_address> destination <IP_address> destination port <port number> protocol <protocol number>
• C.test security rule source <ip_address> destination <IP_address> destination port <port number> protocol <protocol number>
• D.show security-policy-match source <ip_address> destination <IP_address> destination port <port number> protocol <protocol number> test security-policy-match source

Comment: *

Name: *

Email: *

Verification: *

Which Captive Portal mode must be configured to support MFA authentication?

• A.NTLM
• B.Redirect
• C.Single Sign-On
• D.Transparent

Comment: *

Name: *

Email: *

Verification: *

On the NGFW. how can you generate and block a private key from export and thus harden your security posture and prevent rogue administrators or other bad actors from misusing keys?

• A.1.Select Device > Certificate Management > Certificates >Devace > Certificates
  2. Import the certificate.
  3 Select Import Private Key
  4 Click Generate to generate the new certificate
• B.1 Select Device > Certificates
  2 Select Certificate Profile
  3 Generate the certificate
  4 Select Block Private Key Export.
• C.1 Select Device > Certificates
  2 Select Certificate Profile.
  3 Generate the certificate
  4 Select Block Private Key Export
• D.1 Select Device > Certificate Management > Certificates > Device > Certificates
  2 Generate the certificate
  3 Select Block Private Key Export
  4 Click Genet ale to generate the new certificate.

Comment: *

Name: *

Email: *

Verification: *

A firewall has Security policies from three sources
1. locally created policies
2. shared device group policies as pre-rules
3. the firewall's device group as post-rules
How will the rule order populate once pushed to the firewall?

• A.shared device group policies, firewall device group policies. local policies.
• B.firewall device group policies, local policies. shared device group policies
• C.shared device group policies. local policies, firewall device group policies
• D.local policies, firewall device group policies, shared device group policies

Comment: *

Name: *

Email: *

Verification: *

A firewall administrator is configuring an IPSec tunnel between a company's HQ and a remote location. On the HQ firewall, the interface used to terminate the IPSec tunnel has a static IP. At the remote location, the interface used to terminate the IPSec tunnel has a DHCP assigned IP address. Which two actions are required for this scenario to work? (Choose two.)

• A.On the HQ firewall select peer IP address type FQDN
• B.On the remote location firewall enable DONS under the interface used for the IPSec tunnel
• C.On the remote location firewall select peer IP address type Dynamic
• D.On the HQ firewall enable DDNS under the interface used for the IPSec tunnel

Comment: *

Name: *

Email: *

Verification: *