Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Changed NGFW-Engineer Exam Questions

Palo Alto Networks Next-Generation Firewall Engineer Questions and Answers

Question 5

An organization is migrating its data center to Amazon Web Services (AWS) and needs to deploy VM-Series firewalls to inspect all ingress and egress traffic. The solution must provide both resilience across multiple Availability Zones and the ability to scale horizontally.

Which combination of AWS services and Palo Alto Networks components is required for this use case?

Options:

A.

AWS Lambda function that monitors the firewall's health and re-routes traffic using the AWS API

B.

PAN-OS active/active high availability (HA) pair with an AWS Transit Gateway

C.

Amazon EC2 Auto Scaling group with VM-Series firewalls and an Amazon Gateway Load Balancer

D.

Single VM-Series firewall with an Elastic IP address that can be re-associated upon failure

Question 6

When configuring a Zone Protection profile, in which section (protection type) would an NGFW engineer configure options to protect against activities such as spoofed IP addresses and split handshake session establishment attempts?

Options:

A.

Flood Protection

B.

Protocol Protection

C.

Packet-Based Attack Protection

D.

Reconnaissance Protection

Question 7

Which forwarding methods can be used on the Objects tab when configuring the Log Forwarding profile?

Options:

A.

Panorama, syslog, email

B.

Syslog, HTTP, NetFlow

C.

Panorama, ADEM, syslog

D.

SNMP, HTTP, RADIUS

Question 8

After an engineer configures an IPSec tunnel with a Cisco ASA, the Palo Alto Networks firewall generates system messages reporting the tunnel is failing to establish.

Which of the following actions will resolve this issue?

Options:

A.

Ensure that an active static or dynamic route exists for the VPN peer with next hop as the tunnel interface.

B.

Configure the Proxy IDs to match the Cisco ASA configuration.

C.

Check that IPSec is enabled in the management profile on the external interface.

D.

Validate the tunnel interface VLAN against the peer’s configuration.