Practice Free NGFW Engineer Exam Online Questions
Which networking technology can be configured on Layer 3 interfaces but not on Layer 2 interfaces?
- A . DDNS
- B . Link Duplex
- C . NetFlow
- D . LLDP
When multiple routes have the same destination prefix, which attribute does the firewall use first to determine route preference?
- A . Administrative distance
- B . Route metric
- C . Next-hop availability
- D . Longest prefix match
What is the purpose of assigning an Admin Role Profile to a user in a Palo Alto Networks NGFW?
- A . Allow access to all resources without restrictions.
- B . Enable multi-factor authentication (MFA) for administrator access.
- C . Define granular permissions for management tasks.
- D . Restrict access to sensitive report data.
By default, which type of traffic is configured by service route configuration to use the management interface?
- A . Security zone
- B . IPSec tunnel
- C . Virtual system (VSYS)
- D . Autonomous Digital Experience Manager (ADEM)
Which two services are configured by applying an SSL/TLS service profile? (Choose two.)
- A . Global Protect portal
- B . Log forwarding to Strata Logging Service
- C . Forward-Trust certificate
- D . Syslog server monitoring
During an upgrade to the routing infrastructure in a customer environment, the network administrator wants to implement Advanced Routing Engine (ARE) on a Palo Alto Networks firewall.
Which firewall models support this configuration?
- A . PA-5280, PA-7080, PA-3250, VM-Series
- B . PA-455, VM-Series, PA-1410, PA-5450
- C . PA-3260, PA-5410, PA-850, PA-460
- D . PA-7050, PA-1420, VM-Series, CN-Series
What must be configured before a firewall administrator can define policy rules based on users and groups?
- A . User Mapping profile
- B . Authentication profile
- C . Group mapping settings
- D . LDAP Server profile
After a recent security audit, a company is required to enforce more strict validation for all certificate-based authentication, including for GlobalProtect clients. An engineer observes the firewall accepting certificates from a recently compromised intermediate certificate authority (CA). The engineer needs to update the firewall configuration to use an Online Certificate Status Protocol (OCSP) responder to check for revoked certificates in real time.
In which configuration object would the engineer enable OCSP verification for the CAs used in the authentication process?
- A . Authentication sequence
- B . Decryption profile
- C . SSL/TLS service profile
- D . Certificate profile
Palo Alto Networks NGFWs use SSL/TLS profiles to secure which two types of connections? (Choose two.)
- A . NAT tables
- B . User Authentication
- C . GlobalProtect Gateways
- D . GlobalProtect Portal
When deploying a pair of Palo Alto Networks firewalls in an active/active high availability (HA) cluster what is the dedicated role of the HA3 link?
- A . Control plane synchronization for heartbeats and state information
- B . Packet forwarding for session setup and asymmetric traffic
- C . Management plane synchronization for configurations and policies
- D . Data plane synchronization for session tables and forwarding tables