PALO ALTO PCCET EXAMS: A+ GRADED GUIDE TO ACING
QUESTIONS AND ANSWERS
What is the WildFire private cloud?
the WF-500 appliance, locally analyses unknown files and files and URLs found in email.
Doesnt support phishing verdict.
Can send sample files or analysis data to public cloud.
The GlobalProtect client will connect to either an internal gateway or an external gateway based on
its location (inside or outside the corporate network). This location determination is based on the
result of which option?
A. reverse DNS lookup
B. user selection during agent startup
C. IP address of the client system
D. Whether the user starts the client in offline or online mode.
A. reverse DNS lookup
The GlobalProtect client is available in which two formats?
A. dmg
B. exe
C. msi
D. pkg
B. exe
D. pkg
True or False? If a GlobalProtect agent fails to establish an IPsec connection, the connection type will
failback to SSL-VPN.
A. True
B. False
A. True
Which three statements are true regarding a GlobalProtect gateway
A. Provides security enforcement for traffic from GlobalProtect Gateway
B. Requires a tunnel interface for external clients
C. Tunnel interfaces are optional for internal gateways
D. Authenticates users against a server profile.
A. Provides security enforcement for traffic from GlobalProtect Gateway
B. Requires a tunnel interface for external clients
C. Tunnel interfaces are optional for internal gateways
For which type of functionality can a GlobalProtect Gateway map IP addresses to the user
A. App-ID
, B. Content-ID
C. User-ID
C. User-ID
Which three options are aspects of the basic requirements to create a VPN in a PAN-OS release?
(choose three)
A. Add a static route to the virtual router
B. Create the tunnel interface
C. Configure the IPsec tunnel
D. identify Proxy ID errors
A. Add a static route to the virtual router
B. Create the tunnel interface
C. Configure the IPsec tunnel
True or False? When you create a static route for the VPN, no next hop IP address is required.
A. True
B. False
A. True
Which two options are true regarding a VPN tunnel interface
A. The tunnel interface always requires an IP address
B. A tunnel interface is a logical Layer 3 interface
C. The tunnel interface must be added to a Layer 3 security zone
D. The interface name "tunnel" can be renamed to anything you want, up to 20 characters in length
B. A tunnel interface is a logical Layer 3 interface
C. The tunnel interface must be added to a Layer 3 security zone
True or False? IPSec is a set of protocols used to set up a secure tunnel for the VPN traffic.
A. True
B. False
A. True
Logs can be forwarded to which four of the following Remote Logging Destinations?
A. Email
B. Syslog
C. Common access log
D. Panorama
E. SNMP
A. Email
B. Syslog
D. Panorama
E. SNMP
QUESTIONS AND ANSWERS
What is the WildFire private cloud?
the WF-500 appliance, locally analyses unknown files and files and URLs found in email.
Doesnt support phishing verdict.
Can send sample files or analysis data to public cloud.
The GlobalProtect client will connect to either an internal gateway or an external gateway based on
its location (inside or outside the corporate network). This location determination is based on the
result of which option?
A. reverse DNS lookup
B. user selection during agent startup
C. IP address of the client system
D. Whether the user starts the client in offline or online mode.
A. reverse DNS lookup
The GlobalProtect client is available in which two formats?
A. dmg
B. exe
C. msi
D. pkg
B. exe
D. pkg
True or False? If a GlobalProtect agent fails to establish an IPsec connection, the connection type will
failback to SSL-VPN.
A. True
B. False
A. True
Which three statements are true regarding a GlobalProtect gateway
A. Provides security enforcement for traffic from GlobalProtect Gateway
B. Requires a tunnel interface for external clients
C. Tunnel interfaces are optional for internal gateways
D. Authenticates users against a server profile.
A. Provides security enforcement for traffic from GlobalProtect Gateway
B. Requires a tunnel interface for external clients
C. Tunnel interfaces are optional for internal gateways
For which type of functionality can a GlobalProtect Gateway map IP addresses to the user
A. App-ID
, B. Content-ID
C. User-ID
C. User-ID
Which three options are aspects of the basic requirements to create a VPN in a PAN-OS release?
(choose three)
A. Add a static route to the virtual router
B. Create the tunnel interface
C. Configure the IPsec tunnel
D. identify Proxy ID errors
A. Add a static route to the virtual router
B. Create the tunnel interface
C. Configure the IPsec tunnel
True or False? When you create a static route for the VPN, no next hop IP address is required.
A. True
B. False
A. True
Which two options are true regarding a VPN tunnel interface
A. The tunnel interface always requires an IP address
B. A tunnel interface is a logical Layer 3 interface
C. The tunnel interface must be added to a Layer 3 security zone
D. The interface name "tunnel" can be renamed to anything you want, up to 20 characters in length
B. A tunnel interface is a logical Layer 3 interface
C. The tunnel interface must be added to a Layer 3 security zone
True or False? IPSec is a set of protocols used to set up a secure tunnel for the VPN traffic.
A. True
B. False
A. True
Logs can be forwarded to which four of the following Remote Logging Destinations?
A. Email
B. Syslog
C. Common access log
D. Panorama
E. SNMP
A. Email
B. Syslog
D. Panorama
E. SNMP
