NGFW ENGINEER
Q: 1
According to dynamic updates best practices, what is the recommended threshold value for content
updates in a mission- critical network?
Options
Q: 2
When deploying Palo Alto Networks NGFWs in a cloud service provider (CSP) environment, which
method ensures high availability (HA) across multiple availability zones?
Options
Q: 3
An engineer is implementing a new rollout of SAML for administrator authentication across a
company’s Palo Alto Networks NGFWs. User authentication on company firewalls is currently
performed with RADIUS, which will remain available for six months, until it is decommissioned. The
company wants both authentication types to be running in parallel during the transition to SAML.
Which two actions meet the criteria? (Choose two.)
Options
Q: 4
Which two statements apply to configuring required security rules when setting up an IPSec tunnel
between a Palo Alto Networks firewall and a third- party gateway? (Choose two.)
Options
Q: 5
What is a result of enabling split tunneling in the GlobalProtect portal configuration with the “Both
Network Traffic and DNS” option?
Options
Q: 6
An engineer at a managed services provider is updating an application that allows its customers to
request firewall changes to also manage SD-WAN. The application will be able to make any approved
changes directly to devices via API.
What is a requirement for the application to create SD-WAN interfaces?
Options
Q: 7
What are the phases of the Palo Alto Networks AI Runtime Security: Network Intercept solution?
Options
Q: 8
Which statement applies to the relationship between Panorama-pushed Security policy and local
firewall Security policy?
Options
Q: 9
Palo Alto Networks NGFWs use SSL/TLS profiles to secure which two types of connections? (Choose
two.)
Options
Q: 10
In regard to the Advanced Routing Engine (ARE), what must be enabled first when configuring a
logical router on a PAN-OS firewall?
Options
Question 1 of 10
