Spring Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Last Attempt NGFW-Engineer Questions

Palo Alto Networks Next-Generation Firewall Engineer Questions and Answers

Question 9

When considering the various methods for User-ID to learn user-to-IP address mappings, which source is considered the most accurate due to the mapping being explicitly created through an authentication event directly with the firewall?

Options:

A.

X-Forwarded-For (XFF) headers

B.

Server monitoring

C.

GlobalProtect

D.

Authentication Portal

Question 10

By default, which type of traffic is configured by service route configuration to use the management interface?

Options:

A.

Security zone

B.

IPSec tunnel

C.

Virtual system (VSYS)

D.

Autonomous Digital Experience Manager (ADEM)

Question 11

An NGFW engineer is establishing bidirectional connectivity between the accounting virtual system (VSYS) and the marketing VSYS. The traffic needs to transition between zones without leaving the firewall (no external physical connections). The interfaces for each VSYS are assigned to separate virtual routers (VRs), and inter-VR static routes have been configured. An external zone has been created correctly for each VSYS. Security policies have been added to permit the desired traffic between each zone and its respective external zone. However, the desired traffic is still unable to successfully pass from one VSYS to the other in either direction.

Which additional configuration task is required to resolve this issue?

Options:

A.

Create a transit VSYS and route all inter-VSYS traffic through it.

B.

Add each VSYS to the list of visible virtual systems of the other VSYS.

C.

Enable the “allow inter-VSYS traffic” option in both external zone configurations.

D.

Create Security policies to allow the traffic between the two external zones.

Question 12

An administrator needs to perform several maintenance tasks on a managed firewall directly from the Panorama console, without using the Context Switch feature. Which set of tasks can the administrator fully execute from the Panorama UI? (Choose one answer)

Options:

A.

Download and install a new content update. View current firewall session details. Initiate a device reboot.

B.

Create a new zone. Configure a new virtual router. View the local ACC on the firewall.

C.

Edit a post-rule. Create a new certificate profile. Configure the firewall's hostname.

D.

Modify the IP address of a Layer 3 interface. Configure a new local administrator account. Edit a pre-rule.