Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Paloalto Networks NGFW-Engineer Questions Answers

Palo Alto Networks Next-Generation Firewall Engineer Questions and Answers

Question 29

A network architect is planning the deployment of a new IPSec VPN tunnel to connect a local data center to a cloud environment. The plan must include all necessary Security policy configurations for both tunnel negotiation and data transit.

Which two Security policy requirements must be included in the implementation plan? (Choose two answers)

Options:

A.

The default interzone-default security policy is sufficient to allow the tunnel negotiation traffic between the firewall and the remote peer.

B.

A pair of policies is required to control the flow of data traffic into and out of the security zone assigned to the tunnel interface.

C.

A policy must explicitly permit only the IKE application between the external-facing zone and local zone.

D.

A policy must explicitly permit the IPSec container application between the external-facing zone and local zone.

Question 30

Which networking technology can be configured on Layer 3 interfaces but not on Layer 2 interfaces?

Options:

A.

DDNS

B.

Link Duplex

C.

NetFlow

D.

LLDP

Question 31

Which method creates the most reliable user-to-IP mapping due to being based on a direct authentication from the user's device to the firewall?

Options:

A.

Portal authentication

B.

PAN-OS XML API to push mappings

C.

Polling security event logs with a User-ID agent

D.

Authentication logs from Syslog receiver

Question 32

When deploying a pair of Palo Alto Networks firewalls in an active/active high availability (HA) cluster what is the dedicated role of the HA3 link?

Options:

A.

Control plane synchronization for heartbeats and state information

B.

Packet forwarding for session setup and asymmetric traffic

C.

Management plane synchronization for configurations and policies

D.

Data plane synchronization for session tables and forwarding tables