NGFW-Engineer Practice Questions

An organization's Security policy states that for all outbound web traffic, the TCP session to the external web server must be established by the firewall, not the user's workstation. This requires configuring user web browsers to point to the firewall. Authentication is also required.

Which solution on a PA-Series firewall meets these specific needs?

An administrator is troubleshooting a newly configured site-to-site VPN between a PAN-OS firewall and a third-party policy-based VPN gateway. The tunnel allows traffic between the first pair of configured subnets, but traffic to a newly added remote subnet is failing. The administrator has confirmed that routing and Security policies are correct.

What is the most likely cause of this issue?

An NGFW engineer is configuring multiple Layer 2 interfaces on a Palo Alto Networks firewall, and all interfaces must be assigned to the same VLAN. During initial testing, it is reported that clients located behind the various interfaces cannot communicate with each other.

Which action taken by the engineer will resolve this issue?

For which two purposes is an IP address configured on a tunnel interface? (Choose two.)

Which set of options is available for detailed logs when building a custom report on a Palo Alto Networks NGFW?

A security administrator is creating a new custom report to get a consolidated view of network events and needs to select a database to query for the report data.

Which valid set of databases is available for the task?

A network engineer observes that after a primary link recovers, the firewall immediately switches traffic back from the backup static route to the primary static route. The engineer checks the path monitoring configuration for the primary route.

Which value is configured for the preemptive hold time to cause this behavior?