Which CLI command displays the physical media that are connected to ethernet1/8?
As a best practice, which URL category should you target first for SSL decryption?
For company compliance purposes, three new contractors will be working with different device groups in their hierarchy to deploy policies and objects. Which type of role-based access is most appropriate for this project?
A firewall engineer creates a destination static NAT rule to allow traffic from the internet to a webserver hosted behind the edge firewall. The pre-NAT IP address of the server is 153.6 12.10, and the post-NAT IP address is 192.168.10.10. Refer to the routing and interfaces information below.
What should the NAT rule destination zone be set to?
A company wants to implement threat prevention to take action without redesigning the network routing.
What are two best practice deployment modes for the firewall? (Choose two.)
Which three external authentication services can the firewall use to authenticate admins into the Palo Alto Networks NGFW without creating administrator account on the firewall? (Choose three.)
An administrator needs to gather information about the CPU utilization on both the management plane and the data plane. Where does the administrator view the desired data?
A company has deployed policies based on AD groups to restrict user access to critical infrastructure systems. However, a phishing campaign against the organization prompts a search for more controls to secure access to critical assets. For users who need to access these systems, the company decides to use PAN-OS multi-factor authentication (MFA) integration to enforce MFA.
What must the company do in order to use PAN-OS MFA?
A security team has enabled real-time WildFire signature lookup on all its firewalls. Which additional action will further reduce the likelihood of newly discovered malware being allowed through the firewalls?
TESTED 18 Aug 2025
