Podcast
Questions and Answers
A company plans to deploy identity for improved visibility and identity-based controls for least
privilege access to applications and data. The company does not have an on-premises Active Directory (AD) deployment, and devices are connected and managed by using a combination of Entra ID and Jamf.
Which two supported sources for identity are appropriate for this environment? (Choose two.)
A company plans to deploy identity for improved visibility and identity-based controls for least privilege access to applications and data. The company does not have an on-premises Active Directory (AD) deployment, and devices are connected and managed by using a combination of Entra ID and Jamf. Which two supported sources for identity are appropriate for this environment? (Choose two.)
- Captive portal (correct)
- User-ID agents configured for WMI client probing
- GlobalProtect with an internal gateway deployment
- Cloud Identity Engine synchronized with Entra ID (correct)
A systems engineer (SE) is working with a customer that is fully cloud-deployed for all applications.
The customer is interested in Palo Alto Networks NGFWs but describes the following challenges:
"Our apps are in AWS and Azure, with whom we have contracts and minimum-revenue guarantees.
We would use the built-in firewall on the cloud service providers (CSPs), but the need for centralized
policy management to reduce human error is more important."
Which recommendations should the SE make?
A systems engineer (SE) is working with a customer that is fully cloud-deployed for all applications. The customer is interested in Palo Alto Networks NGFWs but describes the following challenges: "Our apps are in AWS and Azure, with whom we have contracts and minimum-revenue guarantees. We would use the built-in firewall on the cloud service providers (CSPs), but the need for centralized policy management to reduce human error is more important." Which recommendations should the SE make?
- Cloud NGFWs at both CSPs; provide the customer a license for a Panorama virtual appliance from their CSP's marketplace of choice to centrally manage the systems. (correct)
- Cloud NGFWs in AWS and VM-Series firewall in Azure; the customer selects a PAYG licensing Panorama deployment in their CSP of choice.
- VM-Series firewalls in both CSPs; manually built Panorama in the CSP of choice on a host of either type: Palo Alto Networks provides a license.
- VM-Series firewall and CN-Series firewall in both CSPs; provide the customer a private-offer Panorama virtual appliance from their CSP’s marketplace of choice to centrally manage the systems.
A customer claims that Advanced WildFire miscategorized a file as malicious and wants proof,
because another vendor has said that the file is benign.
How could the systems engineer assure the customer that Advanced WildFire was accurate?
A customer claims that Advanced WildFire miscategorized a file as malicious and wants proof, because another vendor has said that the file is benign. How could the systems engineer assure the customer that Advanced WildFire was accurate?
- Review the threat logs for information to provide to the customer.
- Use the WildFire Analysis Report in the log to show the customer the malicious actions the file took when it was detonated. (correct)
- Open a TAG ticket for the customer and allow support engineers to determine the appropriate action.
- Do nothing because the customer will realize Advanced WildFire is right.
Which three known variables can assist with sizing an NGFW appliance? (Choose three.)
Which three known variables can assist with sizing an NGFW appliance? (Choose three.)
Flashcards
Capital of France (example flashcard)
Capital of France (example flashcard)
Paris
