An engineer is in the planning stages of deploying User-ID in a diverse directory services environment. Which server OS platforms can be used for server monitoring with User-ID?

1. A. Microsoft Terminal Server, Red Hat Linux, and Microsoft Active Directory
2. B. Microsoft Active Directory, Red Hat Linux, and Microsoft Exchange
3. C. Microsoft Exchange, Microsoft Active Directory, and Novell eDirectory
4. D. Novell eDirectory, Microsoft Terminal Server, and Microsoft Active Directory

Correct Answer: B
https://docs.paloaltonetworks.com/compatibility-matrix/user-id-agent/which-servers-can-the-user-id-agent-moni

During the process of developing a decryption strategy and evaluating which websites are required for corporate users to access, several sites have been identified that cannot be decrypted due to technical reasons. In this case, the technical reason is unsupported ciphers. Traffic to these sites will therefore be blocked if decrypted
How should the engineer proceed?

1. A. Allow the firewall to block the sites to improve the security posture
2. B. Add the sites to the SSL Decryption Exclusion list to exempt them from decryption
3. C. Install the unsupported cipher into the firewall to allow the sites to be decrypted
4. D. Create a Security policy to allow access to those sites

Correct Answer: A

How should an administrator enable the Advance Routing Engine on a Palo Alto Networks firewall?

1. A. Enable Advanced Routing Engine in Device > Setup > Session > Session Settings, then commit and reboot.
2. B. Enable Advanced Routing in Network > Virtual Routers > Redistribution Profiles and then commit.
3. C. Enable Advanced Routing in Network > Virtual Routers > Router Settings > General, then commit and reboot.
4. D. Enable Advanced Routing in General Settings of Device > Setup > Management, then commit and reboot

Correct Answer: C
Enable Advanced Routing in Network > Virtual Routers > Router Settings > General, then commit and reboot 1. This means that the administrator can enable advanced routing features such as RIB filtering, BFD, multicast, and redistribution profiles for each virtual router on the firewall. The firewall requires a reboot after enabling advanced routing to apply the changes.

What is the function of a service route?

1. A. The service route is the method required to use the firewall's management plane to provide services to applications
2. B. The service packets enter the firewall on the port assigned from the external servic
3. C. The server sends its response to the configured destination interface and destination IP address
4. D. The service packets exit the firewall on the port assigned for the external servic
5. E. The server sends its response to the configured source interface and source IP address
6. F. Service routes provide access to external services such as DNS servers external authentication servers or Palo Alto Networks services like the Customer Support Portal

Correct Answer: C

SSL Forward Proxy decryption is configured but the firewall uses Untrusted-CA to sign the website https://www important-website com certificate End-users are receiving me "security certificate is not trusted is warning Without SSL decryption the web browser shows that the website certificate is trusted and signed by a well-known certificate chain Well-Known-lntermediate and Well-Known-Root- CA.
The network security administrator who represents the customer requires the following two behaviors when SSL Forward Proxy is enabled:
1 End-users must not get the warning for the https://www.very-important-website.com website. 2 End-users should get the warning for any other untrusted website
Which approach meets the two customer requirements?

1. A. Navigate to Device > Certificate Management > Certificates > Device Certificates importWell-Known-lntermediate-CA and Well-Known-Root-CA select the Trusted Root CA checkbox and commit the configuration
2. B. Install the Well-Known-lntermediate-CA and Well-Known-Root-CA certificates on all end-user systems m the user and local computer stores
3. C. Navigate to Device > Certificate Management - Certificates s Default Trusted Certificate Authorities import Well-Known-intermediate-CA and Well-Known-Root-CA select the Trusted Root CA check box and commit the configuration
4. D. Clear the Forward Untrust Certificate check box on the Untrusted-CA certificate and commit the configuration

Correct Answer: C