If a template stack is assigned to a device and the stack includes three templates with overlapping settings, which settings are published to the device when the template stack is
A. The settings assigned to the template that is on top of thestack.
B. The administrator will be promoted to choose the settings for that chosen firewall.
C. All the settings configured in all templates.
D. Depending on the firewall location, Panorama decides with settings to send.
Reference:https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adm inguide/manage-firewalls/manage- templates-and-template-stacks/configure-a-templatestack
Question # 2:
An administrator has configured the Palo Alto Networks NGFW’s management interface to connect to the internet through a dedicated path that does not traverse back through the
NGFW itself. Which configuration setting or step will allow the firewall to get automatic application signature updates?
A. A scheduler will need to be configured for application signatures.
B. A Security policy rule will need to be configured to allow the update requests from the
firewall to the update servers.
C. A Threat Prevention license will need to be installed.
D. A service route will need to be configured.
The firewall uses the service route to connect to the Update Server and checks for new content release versions and, if there are updates available, displays them at the top of the
Question # 3:
An administrator is using Panorama and multiple Palo Alto Networks NGFWs. After upgrading all devices to the latest PAN-OS® software, the administrator enables log forwarding from the firewalls to PanoramA. Pre-existing logs from the firewalls are not appearing in PanoramA. Which action would enable the firewalls to send their pre-existing logs to Panorama?
A. Use the import option to pull logs into PanoramA.
B. A CLI command will forward the pre-existing logs to PanoramA.
C. Use the ACC to consolidate pre-existing logs.
D. The log database will need to exported form the firewalls and manually imported into PanoramA.
Question # 4:
A web server is hosted in the DMZ, and the server is configured to listen for incoming connections only on TCP port 8080. A Security policy rule allowing access from the Trustzone to the DMZ zone need to be configured to enable we browsing access to the server.
Which application and service need to be configured to allow only cleartext web-browsing traffic to thins server on tcp/8080.
A. application: web-browsing; service:application-default
B. application: web-browsing; service: service-https
C. application: ssl; service: any
D. application: web-browsing; service: (custom with destination TCP port 8080)
Question # 5:
Which two methods can be used to verify firewall connectivity to AutoFocus? (Choose two.)
A. Verify AutoFocus status using CLI.
B. Check the WebUI Dashboard AutoFocus widget.
C. Check for WildFire forwarding logs.
D. Check the license
E. Verify AutoFocus is enabled below Device Management tab.