Which of the following is an appropriate first step for a customer interested in moving to Zero Trust?

A. Ask administrators to switch on the Zero Trust options and features of their current products.

B. Secure the funding required to incorporate the new architecture into their existing networks.

C. Set priorities by identifying the most valuable and critical assets and data on their networks.

D. Request a statement ofcompliance from their IT vendors against the Zero Trust standard.

Which two of the following are ways that Palo Alto Networks CloudDelivered Security Services (CDSS) use confidential information collected from users? (Choose two.)

Select 2 Correct Responses

A. legal compliance

B. attack retaliation attribution

C. verification of entitlements

D. verification of applicant statements

Which of the following statements applies to WildFire Public Cloud verdicts?

A. They are unique to the affected Next-Generation Firewall (NGFW).

B. They are shared globally with all WildFire customers.

C. They must be manually downloaded from the WildFire portal.

D. They are automatically shared with third-party firewall vendors.

A customer interested in Panorama is concerned about managing multiple firewalls they are putting in place globally. Each location has its own IP addresses,zones, and VPN configurations.

Which element of Panorama will assist the customer in pushing this unique configuration information to the individual firewalls?

A. device profile

B. GlobalProtect

C. templates

D. device groups

What is a technical benefit of User-ID in relation to policy control?

A. It matches traffic against policy to check whether it is allowed on the network.

B. It allows all users to designate view-only access to itinerant personnel.

C. It improves safe enablement of applications traversing the network.

D. It encrypts all private keys and passwords in the configuration.

A Human Resources (HR) application has the URL of https://hr.company.com:4433/.

How should the "Service" column of the Security policy be set to match and permit this application?

A. Define and then select a new custom Transmission Control Protocol (TCP) service with port 4433.

B. Edit "service-https" to use port 4433.

C. Set to "service-http".

D. Set to "application-defaults," which will locate and match the HR application.

Which subscription should be activated when a predefined, known malicious IP address is updated?

A. WildFire

B. Cortex Data Lake

C. Threat Prevention

D. URL Filtering

Using a comprehensive range of natively-integratedsubscriptions and inline machine learning (ML), what does a Next-Generation Firewall (NGFW) use to prevent known and unknown threats in real time?

A. Cloud Delivered Security Services (CDSS)

B. Cloud Security Posture Management (CSPM)

C. Cloud NativeSecurity Platform (CNSP)

D. Cloud Identity Access Management (CIAM)

A customer has enabled the Threat Prevention subscription on their Palo Alto Networks Next-Generation Firewall.

How will the performance of the firewall beaffected if the customer also enables both WildFire and User-ID?

A. The maximum throughput performance will be reduced, but the impact will vary based on the firewall model being used.

B. Enabling User-ID will have no additional performance impact, but enabling WildFire will reduce throughput.

C. There will be no additional performance impact to the firewall, and throughput will remain the same, regardless of firewall model.

D. Enabling WildFire will have no additional performance impact, but enabling User-ID will reduce throughput.

Which of the following statements applies to enabling App-ID on a Next-Generation Firewall (NGFW)?

A. No additional purchase is required, but App-ID must be enabled for the customer to use it.

B. An App-ID subscription must be purchased and enabled.

C. No configuration is required, because App-ID is always enabled by default.

D. A Threat Protection license must be purchased and enabled.