An administrator is using Strata Cloud Manager (SCM) and notices that several firewalls are reporting a low health score due to "Untrusted Certificates" being used for management. Which specific SCM dashboard provides the fastest way to identify which certificates are nearing expiration across the entire estate?

An analyst determines that several sanctioned, predefined applications are being intermittently blocked, even though there is an existing policy permitting them. An investigation reveals that the applications are using non-standard ports, which is causing them to be blocked. The applications are critical for business operations, and the analyst has approval to allow them.

Which configuration adjustment should be implemented to ensure secure access to the applications?

A firewall administrator implementing Palo Alto Networks best practices on the company firewall reviews NGFW alerts in Strata Cloud Manager (SCM) and determines that one alert does not apply to this environment. If the administrator has no intention to resolve the underlying issue, what is the appropriate next step?

An organization wants to decrypt outbound traffic to ensure no malware is hidden in HTTPS sessions. Which type of decryption policy must be configured on the firewall to act as a "Man-in-the-Middle"?

An analyst needs to create a rule that allows a specific group of users to access a cloud application. The application's IP addresses change frequently, but the application is associated with a specific FQDN. What is the most efficient object type to use in this scenario?

When performing a "Push to Devices" from Panorama, an analyst wants to ensure that the push only affects a specific firewall in a shared Device Group. Which option in the push window allows this granular selection?

How often should external dynamic lists be updated to ensure effective Security policy enforcement?

A company wants to ensure that its internal web server is only accessible from the internet on port 443, but the server is actually listening on port 8443. Which NAT configuration should be used?

Which action ensures that sensitive information such as medical records, financial transactions, and legal communications are not decrypted and that they maintain strong security?

An analyst is configuring an Anti-Spyware profile to identify infected internal hosts that are attempting to contact known malicious Command and Control (C2) servers. Which feature should be enabled to redirect these malicious DNS queries to a controlled internal IP address for forensic analysis?

An analyst notices latency on the firewall and wants to improve performance. Which steps can be taken to reduce management plane CPU while working to determine the underlying problem?

What is the purpose of the "Config Audit" feature in Panorama?

Which log type is the most useful for identifying if a user is repeatedly attempting to visit an "Unauthorized" website category that is being blocked by a security profile?

An analyst needs to prevent users from downloading executable files from "High-Risk" URL categories while allowing them from "Business-and-Economy." Which profile should be configured to achieve this specific file-type restriction?

In Panorama, which feature allows an analyst to group multiple Template Stacks together to push a common set of network configurations to a large number of firewalls simultaneously?

A Palo Alto Networks NGFW for a high-security environment is being configured and requires a security profile group that includes vulnerability protection. When configuring the action based on the severity of the threat types, what does Palo Alto Networks recommend? (Choose one answer)

Which action ensures that a Panorama push will not fail due to pending local firewall changes?

A user reports that they can reach a website, but the page elements are not loading correctly. The analyst suspects that a security profile is silently dropping some of the web content. Which log, when filtered by the user's IP, will show the specific Content-ID match that is causing the partial page failure?

A user reports that they are being blocked from a website with a "Certificate Error." Which log will help the analyst determine if the firewall is blocking the session because the web server is using an expired certificate?

Which aspect of a network’s current health does the Strata Cloud Manager (SCM) Device Health dashboard provide?

A security administrator wants to determine which action a URL Filtering profile will take on the URL “www.chatgpt.com ”. The firewall has a custom URL object with “www.chatgpt.com ” as a member called “Permitted-AI.” The URL “www.chatgpt.com ” is also categorized as “Artificial-Intelligence,” “Computer-and-Internet-Info,” and “Low-Risk.” The URL Filtering profile has the following in descending order:

Artificial-Intelligence set to continue

Computer-and-Internet-Info set to block

Low-Risk set to alert

Permitted-AI set to allow

Which action will the URL Filtering profile take when traffic matches the “www.chatgpt.com ” URL on a rule with this profile attached? (Choose one answer)

An analyst is creating a "Data Pattern" for DLP that needs to match a specific 10-digit customer account number that always starts with the letters "ACC". Which pattern type should be used?