A.  

REST API’s “sdwanInterfaceprofiles” parameter on a Panorama device

B.  

REST API’s “sdwanInterfaces” parameter on a firewall device

C.  

XML API’s “sdwanprofiles/interfaces” parameter on a Panorama device

D.  

XML API’s “InterfaceProfiles/sdwan” parameter on a firewall device

A.  

Panorama, syslog, email

B.  

Syslog, HTTP, NetFlow

C.  

Panorama, ADEM, syslog

D.  

SNMP, HTTP, RADIUS

A.  

DDNS

B.  

Link Duplex

C.  

NetFlow

D.  

LLDP

A.  

Flood Protection

B.  

Protocol Protection

C.  

Packet-Based Attack Protection

D.  

Reconnaissance Protection

A.  

Create a testing and rollback plan for the transition from Radius to SAML, as the two authentication profiles cannot be run in tandem.

B.  

Create an authentication sequence that includes both the “RADIUS” Server Profile and “SAML Identity Provider” Server Profile to run the two services in tandem.

C.  

Create and apply an authentication profile with the “SAML Identity Provider” Server Profile.

D.  

Create and add the “SAML Identity Provider” Server Profile to the authentication profile for the “RADIUS” Server Profile.

A.  

Log redundancy is available only if each Log Collector has the same amount of total disk storage.

B.  

Enabling redundancy increases the log processing traffic in a Collector Group by 50%.

C.  

In any single Collector Group, all the Log Collectors must run on the same Panorama model.

D.  

The maximum number of Log Collectors in a Log Collector Group is 18 plus two hot spares.

A.  

Tunnel

B.  

Intrazone

C.  

Internal

D.  

Virtual Wire

A.  

Select IKE v2, enable the Advanced Options • PQ PPK, then set a 64+ character string for the post-quantum pre shared key.

B.  

Ensure Authentication is set to “certificate,” then import a post-quantum derived certificate.

C.  

Select IKE v2 Preferred, enable the Advanced Options • PQ KEM, then add one or more “Rounds.”

D.  

Select IKE v2, enable the Advanced Options • PQ KEM, then create an IKE Crypto Profile with Advanced Options adding one or more “Rounds.”

A.  

Allow access to all resources without restrictions.

B.  

Enable multi-factor authentication (MFA) for administrator access.

C.  

Define granular permissions for management tasks.

D.  

Restrict access to sensitive report data.

A.  

Deploy self-signed certificates at each site to simplify local certificate validation and reduce dependencies on a centralized C

A.  

Turn off certificate revocation checks for lower overhead, rely on IP-based rules for GlobalProtect authentication, and use a single certificate profile for both users and devices.

B.  

Distribute the root and intermediate CA certificates via Panorama as shared objects to ensure all firewalls have a consistent trust chain. Configure OCSP responder profiles on each firewall to offload revocation checks to an internal OCSP server while keeping CRL checks as a fallback. Maintain separate certificate profiles for user and device authentication and use an automated enrollment method – such as Group Policy or SCEP – to deploy ce

C.  

Configure each firewall independently to trust the root and intermediate CA certificates. Rely only on manual CRL checks for certificate revocation, and import both user and device certificates directly into each firewall’s local certificate store for authentication.

D.  

Obtain wildcard certificates from a public CA for both user and device authentication, and configure firewalls to perform CRL polling at the default update interval. Manually install user certificates on endpoints and synchronize firewall certificate stores through frequent manual SSH updates to maintain consistency.

A.  

Deploy a VM-Series firewall in AWS in each VPC, create an IPSec tunnel between AWS and Azure, and manage the policy with Panorama.

B.  

Deploy Cloud NGFW for Azure in vNET/s, update the vNET/s routing to path traffic through the deployed NGFWs, and manage the policy with Panorama.

C.  

Deploy Cloud NGFW for Azure in vWAN, create a vWAN to route all appropriate traffic to the Cloud NGFW attached to the vWAN, and manage the policy with local rules.

D.  

Deploy Cloud NGFW for AWS in a centralized Security VPC, update the Transit Gateway to route all appropriate traffic through the Security VPC, and manage the policy with Panorama.

A.  

8 hours

B.  

16 hours

C.  

32 hours

D.  

48 hours

A.  

Suspend the active firewall to trigger a failover to the passive firewall. With traffic now running on the former passive unit, upgrade the suspended (now passive) firewall and confirm proper operation. Then fail traffic back and upgrade the remaining firewall.

B.  

Shut down the currently active firewall and upgrade it offline, allowing the passive firewall to handle all traffic. Once the active firewall finishes upgrading, bring it back online and rejoin the HA cluster. Finally, upgrade the passive firewall while the newly upgraded unit remains active.

C.  

Isolate both firewalls from the production environment and upgrade them in a separate, offline setup. Reconnect them only after validating the new software version, resuming HA functionality once both units are fully upgraded and tested.

D.  

Push the new PAN-OS version simultaneously to both firewalls, having them upgrade and reboot in parallel. Rely on automated HA reconvergence to restore normal operations without manually failing over traffic.

A.  

It acts as a logging service for NGFW performance metrics.

B.  

It orchestrates real-time traffic inspection for network segments.

C.  

It provides Infrastructure-as-Code (IaC) to automate NGFW deployment.

D.  

It manages threat intelligence data synchronization with NGFWs.

A.  

Security zone

B.  

IPSec tunnel

C.  

Virtual system (VSYS)

D.  

Autonomous Digital Experience Manager (ADEM)