Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

PCNSA Exam 132 Questions with Verified Answers,100% CORRECT, Exams of Business Fundamentals

PCNSA Exam 132 Questions with Verified Answers

Typology: Exams

2023/2024

Available from 08/16/2024

paul-kamau-2
paul-kamau-2 🇺🇸

2.7

(3)

3.3K documents

1 / 30

Toggle sidebar

Related documents


Partial preview of the text

Download PCNSA Exam 132 Questions with Verified Answers,100% CORRECT and more Exams Business Fundamentals in PDF only on Docsity!

PCNSA Exam 132 Questions with Verified Answers

Which two actions are available for antivirus security profiles? (Choose two.) A. continue B. allow C. block IP D. alert - CORRECT ANSWER B. allow D. alert Which two HTTP Header Logging options are within a URL filtering profile? (Choose two.) A. User‐Agent B. Safe Search C. URL redirection D. X‐Forward‐For - CORRECT ANSWER A. User‐Agent D. X‐Forward‐For What are the two components of Denial‐of‐Service Protection? (Choose two.) A. zone protection profile B. DoS protection profile and policy rules C. flood protection D. reconnaissance protection - CORRECT ANSWER A. zone protection profile B. DoS protection profile and policy rules Which two types of attacks does the PAN‐DB prevent? (Choose two.) A. phishing sites B. HTTP based command‐and‐control C. infected JavaScript D. flood attacks - CORRECT ANSWER A. phishing sites B. HTTP based command‐and‐control Which two valid URLs can be used in a custom URL category? (Choose two.) A. ww.youtube.** B. www.**.com

C. www.youtube.com D. *.youtube.com - CORRECT ANSWER C. www.youtube.com D. *.youtube.com What are three methods of mapping usernames to IP addresses? (Choose three.) A. Server Monitoring B. Traps C. Minemeld D. syslog E. AutoFocus F. port mapping - CORRECT ANSWER A. Server Monitoring D. syslog F. port mapping Which type of server profile is used to create group mappings? A. RADIUS B. TACACS+ C. Kerberos D. LDAP - CORRECT ANSWER D. LDAP The Server Monitoring user mapping method can monitor which three types of servers? (Choose three.) A. RADIUS B. Microsoft Domain Controllers C. Exchange Servers D. Novell eDirectory Servers - CORRECT ANSWER B. Microsoft Domain Controllers C. Exchange Servers D. Novell eDirectory Servers The Port Mapping user mapping method can monitor which two types of environments? (Choose two.) A. Citrix B. Microsoft terminal servers C. Exchange Servers D. Linux servers - CORRECT ANSWER A. Citrix B. Microsoft terminal servers

The Windows User‐ID Agent can be installed on which two operating systems? (Choose two.) A. Linux B. Server 2016 C. XP D. Server 2008 - CORRECT ANSWER B. Server 2016 D. Server 2008 A Heatmap provides an adoption rate for which three features? (Choose three.) A. WildFire B. Traps C. File Blocking D. User‐ID E. SSL certificates F. authentication profiles - CORRECT ANSWER A. WildFire C. File Blocking D. User‐ID What are three Best Practice Assessment tool primary categories? (Choose three.) A. User‐ID B. Logging C. Vulnerability Protection D. Security E. Decryption F. DoS Protection - CORRECT ANSWER D. Security E. Decryption F. DoS Protection Which two security features normally do not achieve an adoption rate of 100%? (Choose two.) A. URL Filtering B. App‐ID C. Logging D. DNS Sinkhole - CORRECT ANSWER D. DNS Sinkhole A. URL Filtering

Which type of file is used to generate the Heatmap report and the BPA report? A. Technical Support B. Configuration C. Statistics D. XML - CORRECT ANSWER A. Technical Support What are two components of the BPA tool? (Choose two.) A. Security Policy Adoption Heatmap B. BPA C. XML D. Security Policy - CORRECT ANSWER A. Security Policy Adoption Heatmap B. BPA The Palo Alto Networks Security Operating Platform is designed for which three purposes? (Choose three.) A. consume innovations quickly B. ensure compliance C. focus on what matters D. prevent successful cyberattacks - CORRECT ANSWER A. consume innovations quickly C. focus on what matters D. prevent successful cyberattacks Which item is not one of the six primary components of the Palo Alto Networks Security Operating Platform? A. Applications (Palo Alto Networks apps, third‐party apps, customer apps) B. Cloud‐Delivered Security Services C. WildFire D. Application Framework and Logging Service E. Network Security F. Advanced Endpoint Protection G. Cloud Security - CORRECT ANSWER C. WildFire Which cloud‐delivered security service provides instant access to community‐ based threat data? A. Aperture B. AutoFocus

C. Threat 42 D. Magnifier - CORRECT ANSWER B. AutoFocus - It provides instant access to community‐based threat data, enhanced with deep context and attribution from the Unit 42 threat research team A. Aperture C. Threat 42 - Unit 42 threat research team D. Magnifier - Magnifier behavioral analytics applies machine learning at a cloud scale to network, endpoint, and cloud data so that you can quickly find and stop targeted attacks, insider abuse, and compromised endpoints Which cloud‐delivered security services provides security for branches and mobile users? A. MineMeld B. Magnifier C. Traps D. Global Protect - CORRECT ANSWER D. Global Protect Which Palo Alto Networks Security Operating Platform component provides access to apps from Palo Alto Networks, third parties, and customers? A. Applications (Palo Alto Networks apps, third‐party apps, customer apps) B. Cloud‐Delivered Security Services C. WildFire D. Application Framework E. Network Security F. Advanced Endpoint Protection G. Cloud Security - CORRECT ANSWER D. Application Framework Which Palo Alto Networks firewall feature provides all of the following abilities? Stops malware, exploits, and ransomware before they can compromise endpoints Provides protection while endpoints are online and offline, on network and off Coordinates enforcement with network and cloud security to prevent successful attacks Detects threats and automates containment to minimize impact

Includes WildFire cloud‐based threat analysis service with your Traps subscription Integrates with the Palo Alto Networks Security Operating Platform A. Traps B. Aperture C. URL Filtering D. WildFire E. GlobalProtect F. AutoFocus - CORRECT ANSWER A. Traps Which management features does the control plane provide? (Choose three.) A. security processing B. logging C. reporting D. firewall configuration E. signature matching F. network processing - CORRECT ANSWER B. logging C. reporting D. firewall configuration Which three data processing features does the data plane provide? (Choose three.) A. network processing B. security processing C. signature matching D. firewall configuration E. logging F. reporting - CORRECT ANSWER A. network processing B. security processing C. signature matching What are three components of the Network Processing module? (Choose three.) A. QoS B. NAT C. App‐ID D. flow control E. url match

F. spyware - CORRECT ANSWER A. QoS B. NAT D. flow control Which approach most accurately defines the Palo Alto Networks SP architecture? A. prioritize first B. sequential processing C. scan it all, scan it once D. zero trust segmentation platform - CORRECT ANSWER C. scan it all, scan it once What is the result of using a stream‐based design of architecture? A. superior performance B. increased latency C. superior latency D. increased functionality - CORRECT ANSWER A. superior performance Palo Alto Networks has reduced latency enormously, using the Single‐Pass Parallel Processing (SP3) architecture, which combines two complementary components: - CORRECT ANSWER Single‐Pass Software Parallel Processing Hardware Which security model does Palo Alto Networks recommend that you deploy? A. separation‐of‐trust B. Zero Trust C. trust‐then‐verify D. never trust - CORRECT ANSWER B. Zero Trust The Zero Trust model is implemented to specifically address which type of traffic? A. east‐west B. north‐south C. left‐right D. up‐down - CORRECT ANSWER A. east‐west What are the three main concepts of Zero Trust? (Choose three.) A. All resources are accessed in a secure manner, regardless of location.

B. Access control is on a "need‐to‐know" basis and is strictly enforced. C. Credentials need to be verified. D. All traffic is logged and inspected. E. Internal users are trusted implicitly. F. External users are trusted explicitly. - CORRECT ANSWER A. All resources are accessed in a secure manner, regardless of location. B. Access control is on a "need‐to‐know" basis and is strictly enforced. D. All traffic is logged and inspected. Which two statements are true about the Zero Trust model? (Choose two.) A. Traffic is inspected laterally. B. Traffic is inspected east‐west. C. Internal traffic is implicitly trusted. D. External traffic is implicitly trusted. - CORRECT ANSWER A. Traffic is inspected laterally. B. Traffic is inspected east‐west. Which three Palo Alto Networks products secure your network? (Choose three.) A. MineMerge B. Aperture C. URL filtering D. AutoMagnifier E. TrapContent F. WildFire - CORRECT ANSWER B. Aperture C. URL filtering F. WildFire True or false: Blocking just one stage in the Cyber‐Attack Lifecycle is all that is needed to protect a company's network from attack. A. True B. False - CORRECT ANSWER B. False What are two stages of the Cyber‐Attack Lifecycle? (Choose two.) A. Weaponization and delivery B. Manipulation C. Extraction D. Command and Control - CORRECT ANSWER A. Weaponization and delivery

D. Command and Control Command and control be prevented through which two methods? (Choose two.) A. exploitation B. DNS Sinkholing C. URL filtering D. reconnaissance - CORRECT ANSWER B. DNS Sinkholing C. URL filtering Exploitation can be mitigated by which two actions? (Choose two.) A. keeping systems patched B. using local accounts C. blocking known and unknown vulnerability exploits on the endpoint D. providing admin credentials - CORRECT ANSWER A. keeping systems patched C. blocking known and unknown vulnerability exploits on the endpoint What are two firewall management methods? (Choose two.) A. CLI B. RDP C. VPN D. XML API - CORRECT ANSWER A. CLI D. XML API Which two devices are used to can connect a computer to the firewall for management purposes? (Choose two.) A. rollover cable B. serial cable C. RJ‐45 Ethernet cable D. USB cable - CORRECT ANSWER B. serial cable C. RJ‐45 Ethernet cable What is the default IP address on the MGT interfaces of a Palo Alto Networks firewall? A. 192.168.1. B. 192.168.1. C. 10.0.0.

D. 10.0.0.254 - CORRECT ANSWER A. 192.168.1.

What are the two default services that are available on the MGT interface? (Choose two.) A. HTTPS B. SSH C. HTTP D. Telnet - CORRECT ANSWER A. HTTPS B. SSH True or false. Service route traffic has Security policy rules applied against it. A. True B. False - CORRECT ANSWER A. True By default, the firewall uses the management interface to communicate with various servers including those for External Dynamic Lists, DNS, email, and Palo Alto Networks updates servers. Service routes are used so that the communication between the firewall and servers goes through the data ports on the data plane. These data ports require appropriate security policies before external servers can be accessed. Service routes may be used to forward which two traffic types out a data port? Choose two.) A. External Dynamic Lists B. MineMeld C. Skype D. Palo Alto Networks updates - CORRECT ANSWER A. External Dynamic Lists D. Palo Alto Networks updates Which plane does the running‐config reside on? A. Management B. Control C. Data D. Security - CORRECT ANSWER C. Data

All configuration changes in a Palo Alto Networks firewall are done to a candidate configuration, which resides in memory on the control plane. A commit activates the changes since the last commit and installs the running configuration on the data plane, where it will become the running configuration. Which plane does the candidate config reside on? A. Management B. Control C. Data D. Security - CORRECT ANSWER B. Control All configuration changes in a Palo Alto Networks firewall are done to a candidate configuration, which resides in memory on the control plane. A commit activates the changes since the last commit and installs the running configuration on the data plane, where it will become the running configuration. Candidate config and running config files are saved as which file type? A. EXE B. TXT C. HTML D. XML E. RAR - CORRECT ANSWER D. XML Which command must be performed on the firewall to activate any changes? A. commit B. save C. load D. save named E. import F. copy - CORRECT ANSWER A. commit Which command backs up configuration files to a remote network device? A. import

B. load C. copy D. export - CORRECT ANSWER D. export The command load named configuration snapshot overwrites the current candidate configuration with which three items? (Choose three.) A. custom‐named candidate configuration snapshot (instead of the default snapshot) B. custom‐named running configuration that you imported C. snapshot.xml D. current running configuration (running‐config.xml) E. Palo Alto Networks updates - CORRECT ANSWER A. custom‐named candidate configuration snapshot (instead of the default snapshot) B. custom‐named running configuration that you imported D. current running configuration (running‐config.xml) This option overwrites the current candidate configuration with one of the following: Custom‐named candidate configuration snapshot (instead of the default snapshot) Custom‐named running configuration that you imported Current running configuration (running‐config.xml) What is the shortest time interval that you can configure a Palo Alto Networks firewall to download WildFire updates? A. 1 minute B. 5 minutes C. 15 minutes D. 60 minutes - CORRECT ANSWER A. 1 minute What is the publishing interval for WildFire updates, with a valid WildFire license? A. 1 minute B. 5 minutes C. 15 minutes D. 60 minutes - CORRECT ANSWER B. 5 minutes

True or false. A Palo Alto Networks firewall automatically provides a backup of the config during a software upgrade. A. True B. False - CORRECT ANSWER A. True Although the firewall automatically creates a configuration backup, a best practice is to create and externally store a backup before you upgrade If you have a Threat Prevention subscription and not a WildFire subscription, how long must you wait for the WildFire signatures to be added into the antivirus update? A. 1 to 2 hours B. 2 to 4 hours C. 10 to 12 hours D. 12 to 48 hours - CORRECT ANSWER D. 12 to 48 hours Which three actions should you complete before you upgrade to a newer version of software? (Choose three.) A. Review the release notes to determine any impact of upgrading to a newer version of software. B. Ensure the firewall is connected to a reliable power source. C. Export the device state. D. Create and externally store a backup before you upgrade. - CORRECT ANSWER A. Review the release notes to determine any impact of upgrading to a newer version of software. B. Ensure the firewall is connected to a reliable power source. D. Create and externally store a backup before you upgrade. What are five ways to download software? (Choose five.) A. over the MGT interface on the control plane B. over a data interface on the data plane C. upload from a computer D. from the Palo Alto Networks Customer Support Portal E. from the PAN‐DB database

F. from Panorama - CORRECT ANSWER A. over the MGT interface on the control plane B. over a data interface on the data plane C. upload from a computer D. from the Palo Alto Networks Customer Support Portal F. from Panorama Which two statements are true about an admin role profile role? (Choose two.) A. It is a built‐in role. B. It can be used for CLI commands. C. It can be used for XML API. D. Superuser is an example. - CORRECT ANSWER B. It can be used for CLI commands. C. It can be used for XML API. These are custom roles you can configure for more granular access control over the functional areas of the web interface, CLI, and XML API. PAN‐OS® software supports which two authentication types? (Choose two.) A. RADIUS B. SMB C. TACACS+ D. AWS - CORRECT ANSWER A. RADIUS C. TACACS+ Which two dynamic role types are available on the PAN‐OS software? (Choose two.) A. Superuser B. Superuser (write only) C. Device user D. Device administrator (read‐only) - CORRECT ANSWER A. Superuser D. Device administrator (read‐only) o Superuser: Full access to the firewall, including defining new administrator accounts and virtual systems o Superuser (read‐only): Read‐only access to the firewall

o Virtual system administrator: Full access to a selected virtual system (vsys) on the firewall o Virtual system administrator (read‐only): Read‐only access to a selected vsys on the firewall o Device administrator: Full access to all firewall settings except for defining new accounts or virtual systems o Device administrator (read‐only): Read‐only access to all firewall settings except password profiles (no access) and administrator accounts (only the logged‐in account is visible) Which type of profile does an Authentication Sequence include? A. Security B. Authorization C. Admin D. Authentication - CORRECT ANSWER D. Authentication An authentication profile includes which other type of profile? A. Server B. Admin C. Customized D. Built‐in - CORRECT ANSWER A. Server True or False: Dynamic roles are called "dynamic" because you can customize them. A. True B. False - CORRECT ANSWER B. False These are dynamic because they are predefined roles that update with the firewall during updates What is used to override global Minimum Password Complexity Requirements? A. authentication profile B. local profile C. password role D. password profile - CORRECT ANSWER D. password profile Which two default zones are included with the PAN‐OS® software? (Choose two.) A. Interzone

B. Extrazone C. Intrazone D. Extranet - CORRECT ANSWER A. Interzone C. Intrazone Which two zone types are valid? (Choose two.) A. Trusted B. Tap C. Virtual Wire D. Untrusted E. DMZ - CORRECT ANSWER B. Tap C. Virtual Wire There are five primary zone types (Tap, Layer 2, Layer 3, Tunnel, and Virtual Wire) A sixth zone type named External is a special zone that is available only on some firewall models. What is the zone of type External used to pass traffic between? A. Layer 2 interfaces B. Layer 3 interfaces C. virtual routers D. virtual systems - CORRECT ANSWER D. virtual systems A sixth zone type named External is a special zone that is available only on some firewall models. Which two statements are correct? (Choose two.) A. Interfaces must be configured before you can create a zone. B. Interfaces do not have to be configured before you can create a zone. C. An interface can belong to only one zone. D. An interface can belong to multiple zones. - CORRECT ANSWER B. Interfaces do not have to be configured before you can create a zone. C. An interface can belong to only one zone. Which three interface types can belong in a Layer 3 zone? (Choose three.)

A. loopback B. Layer 3 C. tunnel D. virtual wire - CORRECT ANSWER A. loopback B. Layer 3 C. tunnel Layer 3 Zone allows four interface types: Layer 3 (Ethernet1/6), loopback, tunnel, and vlan: What are used to control traffic through zones? A. access lists B. security policy lists C. security policy rules D. access policy rules - CORRECT ANSWER C. security policy rules Which two actions can be done with a Tap interface? (Choose two.) A. encrypt traffic B. decrypt traffic C. allow or block traffic D. log traffic - CORRECT ANSWER B. decrypt traffic D. log traffic Which two actions can be done with a Virtual Wire interface? (Choose two.) A. NAT B. route C. switch D. log traffic - CORRECT ANSWER A. NAT D. log traffic A Virtual Wire interface is used to simply pass traffic through a firewall by binding two Ethernet interfaces, allowing traffic to pass between them. Virtual Wire interfaces are often placed between an existing firewall and a secured network to allow analysis of the traffic before actually migrating from a legacy firewall to a Palo Alto Networks firewall.

Which two actions can be done with a Layer 3 interface? (Choose two.) A. NAT B. route C. switch D. create a Virtual Wire object - CORRECT ANSWER A. NAT B. route Layer 3 interfaces support which two items? (Choose two.) A. NAT B. IPv C. switching D. spanning tree - CORRECT ANSWER A. NAT B. IPv What are some examples of Layer 3 loopback interfaces? - CORRECT ANSWER They can be destination configurations for DNS sinkholes, GlobalProtect service interfaces (portals and gateways), routing identification, and more. What is required for a complete Virtual Wire configuration - CORRECT ANSWER 2 virtual wire interfaces, each in a virtual wire zone, and a virtual wire object True or false, route and switching are done on a virtual wire interface? - CORRECT ANSWER False A virtual wire interface that receives a frame or packet ignores any Layer 2 or Layer 3 addresses for switching or routing purposes, but applies your security or NAT policy rules before passing an allowed frame or packet over the virtual wire to the second Virtual Wire interface and on to the network device connected to it. Layer 3 interfaces support which three advance settings? (Choose three.)

A. IPv4 addressing B. IPv6 addressing C. NTP configuration D. NDP configuration E. link speed configuration F. link duplex configuration - CORRECT ANSWER D. NDP configuration E. link speed configuration F. link duplex configuration Layer 2 interfaces support which three items? (Choose three.) A. spanning tree blocking B. traffic examination C. forwarding of spanning tree BPDUs D. traffic shaping via QoS E. firewall management F. routing - CORRECT ANSWER B. traffic examination C. forwarding of spanning tree BPDUs D. traffic shaping via QoS Note that Layer 2 interfaces do not participate in spanning tree other than forward BPDUs. Which two interface types support subinterfaces? (Choose two.) A. Virtual Wire B. Layer 2 C. Loopback D. Tunnel - CORRECT ANSWER A. Virtual Wire B. Layer 2 Which two statements are true regarding Layer 3 interfaces? (Choose two.) A. You can configure a Layer 3 interface with one or more as a DHCP client. B. You can assign only one IPv4 addresses to the same interface. C. You can enable an interface to send IPv4 Router Advertisements by selecting the Enable Router Advertisement check box on the Router Advertisement tab.

D. You can apply an interface management profile to the interface. - CORRECT ANSWER A.You can configure a Layer 3 interface with one or more as a DHCP client. D.You can apply an interface management profile to the interface. Dynamic routing protocols available on a Palo Alto Networks firewall are as follows: - CORRECT ANSWER BGP OSPFv OSPVv RIPv Multicast routing protocols available on a Palo Alto Networks firewall are as follows: - CORRECT ANSWER IGMPv1, IGMPv2, IGMPv PIM‐SM, PIM‐ASM, PIM‐SSM What is the firewall's RIB? (Virtual Router) - CORRECT ANSWER Routing Information Base The firewall initially populates its learned routes into the firewall's IP routing information base (RIB What is a firewall's FIB (Virtual Router) - CORRECT ANSWER Forwarding Information Base The virtual router obtains the best route from the RIB, and then places it in the forwarding information base (FIB). Packets then are forwarded to the next hop router defined in the FIB. What is the default administrative distance of a static route within the PAN‐OS ® software? A. 1 B. 5 C. 10 D. 100 - CORRECT ANSWER C. 10 Which two dynamic routing protocols are available in the PAN‐OS ® software? (Choose two.) A. RIP

B. RIPv2 C. OSPFv3 D. EIGRP - CORRECT ANSWER B. RIPv2 C. OSPFv3 Which value is used to distinguish the preference of routing protocols? A. Metric B. Weight C. Distance D. Cost E. Administrative Distance - CORRECT ANSWER A. Metric In path monitoring, what is used to monitor remote network devices? A. Ping B. SSL C. HTTP D. HTTPS E. Link State - CORRECT ANSWER A. Ping What are the two default (predefined) security policy types in PAN‐OS ® software? (Choose two.) A. Universal B. Interzone C. Intrazone D. Extrazone - CORRECT ANSWER B. Interzone C. Intrazone True or false. Because the first rule that matches the traffic is applied, the more specific rules must follow the more general ones. A. True B. False - CORRECT ANSWER B. False Which statement is true? A. For Intrazone traffic, traffic logging is enabled by default. B. For Interzone traffic, traffic logging is enabled by default. C. For Universal traffic, traffic logging is enabled by default.

D. none of the above - CORRECT ANSWER C. For Universal traffic, traffic logging is enabled by default. What are the two default (predefined) security policy types in PAN‐OS ® software? (Choose two.) A. Universal B. Interzone C. Intrazone D. Extrazone - CORRECT ANSWER B. Interzone C. Intrazone True or false? Best practice is to enable logging for the two predefined security policy rules. A. True B. False - CORRECT ANSWER A. True What will be the result of one or more occurrences of shadowing? A. a failed commit B. an invalid configuration C. a warning D. none of the above - CORRECT ANSWER C. a warning Which type of security policy rules always exist above the two predefined security policies? A. intrazone B. interzone C. universal D. global - CORRECT ANSWER C. universal What are two source NAT types? (Choose two.) A. universal B. static C. dynamic D. extrazone - CORRECT ANSWER B. static C. dynamic

A simple way to remember how to configure security policies where NAT was implemented is to memorize the following: A. post‐NAT zone, post‐NAT zone B. post‐NAT IP, post‐NAT zone C. pre‐NAT IP, post‐NAT zone D. pre‐NAT IP, pre‐NAT zone - CORRECT ANSWER C. pre‐NAT IP, post‐NAT zone When you add an IP address to a security policy, you must add the IP address value that existed before NAT was implemented, which is called the pre‐NAT IP. After the IP address is translated (post‐NAT IP), determine the zone where the post‐NAT IP address would exist. This post‐NAT zone is used in the Security Policy Rule. What are two types of destination NAT? (Choose two.) A. dynamic IP (with session distribution) B. DIPP C. global D. static - CORRECT ANSWER A. dynamic IP (with session distribution) D. static Destination NAT (DNAT) typically is used to allow an external client to initiate access to an internal host such as a web server What are two possible values for DIPP NAT oversubscription? (Choose two.) A. 1x B. 4x C. 16x D. 32x - CORRECT ANSWER A. 1x B. 4x Platform Default turns off oversubscription, whereby the default rate of the firewall model applies:

1x: means no oversubscription, where each IP address and port pair can be used only one time 2x: oversubscribed two times 4x: oversubscribed three times 8x: oversubscribed eight times Which statement is true regarding bidirectional NAT? A. For static translations, bidirectional NAT allows the firewall to create a corresponding translation in the opposite direction of the translation you configure. B. For static translations, bidirectional NAT allows the firewall to create a corresponding translation in the same direction of the translation you configure. C. For dynamic translations, bidirectional NAT allows the firewall to create a corresponding translation in the opposite direction of the translation you configure. D. For dynamic translations, bidirectional NAT allows the firewall to create a corresponding translation in the same direction of the translation you configure. - CORRECT ANSWER A. For static translations, bidirectional NAT allows the firewall to create a corresponding translation in the opposite direction of the translation you configure. If you are configuring static source NAT, bidirectional NAT allows you to eliminate the need to create an additional NAT policy rule for the incoming traffic. What are two application dependencies for icloud‐mail? (Choose two.) A. ssl B. skype C. google‐base D. icloud‐base - CORRECT ANSWER A. ssl D. icloud‐base What does an application filter enable an administrator to do? A. manually categorize multiple service filters

B. dynamically categorize multiple service filters C. dynamically categorize multiple applications D. manually categorize multiple applications - CORRECT ANSWER C. dynamically categorize multiple applications An administrator can dynamically categorize multiple applications into an application filter based on the specific attributes Category, Subcategory, Technology, Risk, and Characteristic. Which two items can be added to an application group? (Choose two.) A. application groups B. application services C. application filters D. admin accounts - CORRECT ANSWER A. application groups C. application filters What does the TCP Half Closed setting mean? A. maximum length of time that a session remains in the session table between receiving the first FIN and receiving the third FIN or RST. B. minimum length of time that a session remains in the session table between receiving the first FIN and receiving the second FIN or RST. C. maximum length of time that a session remains in the session table between receiving the first FIN and receiving the second FIN or RST. D. minimum length of time that a session remains in the session table between receiving the first FIN and receiving the third FIN or RST - CORRECT ANSWER C. maximum length of time that a session remains in the session table between receiving the first FIN and receiving the second FIN or RST. What are two application characteristics? (Choose two.) A. stateful B. excessive bandwidth use C. intensive D. evasive - CORRECT ANSWER B. excessive bandwidth use D. evasive