PALO ALTO TEST BANK PREP 2026
ACCURATE QUESTIONS VERIFIED
◍ What is default setting for "Action" in a decryption policy rule?
Answer: No-decrypt
◍ Which type of Next Generation Firewall decryption inspects SSL
traffic between an internal host and an external web server? Answer:
SSL Forward Proxy
◍ When SSL encrypted traffic first arrives at the Next Generation
Firewall, which technology initially identifies the application as web-
browsing? Answer: App-ID
◍ On the Next Generation Firewall, which is the first configuration
step for SSL Forward Proxy decryption? Answer: Forward Trust
Certificate
◍ Which type of Next Generation Firewall decryption inspects SSL
traffic coming from external users to internal servers? Answer: SSL
Inbound Inspection
◍ True or False. In the Next Generation Firewall, even if the
Decryption policy rule action is "no-decrypt," the Decryption Profile
attached to the rule can still be configured to block sessions with
expired or untrusted certificates. Answer: True
, ◍ On the Next Generation firewall, what type of security profile
detects infected files being transferred with the application? Answer:
Anti-Virus
◍ Which WildFire verdict includes viruses, worms, trojans, remote
access tools, rootkits, and botnets? Answer: Malware
◍ Without a Wildfire subscription, which of the following files can be
submitted by the Next Generation FIrewall to the hosted Wildfire
virtualized sandbox? Answer: PE Files Only
◍ In the latest Next Generation firewall version, what is the shortest
time that can be configured on the firewall to check for Wildfire
updates? Answer: 5 Minutes
◍ Which CLI command is used to verify successful file uploads to
WildFire? Answer: debug wildfire upload-log show
◍ Which WildFire verdict indicates no security threat but might
display obtrusive behavior? Answer: Grayware
◍ True or False. If a file type is matched in the File Blocking Profile
and WildFire Analysis Profile, and if the File Blocking Profile action
is set to "block," then the file is not forwarded to WildFire. Answer:
True
ACCURATE QUESTIONS VERIFIED
◍ What is default setting for "Action" in a decryption policy rule?
Answer: No-decrypt
◍ Which type of Next Generation Firewall decryption inspects SSL
traffic between an internal host and an external web server? Answer:
SSL Forward Proxy
◍ When SSL encrypted traffic first arrives at the Next Generation
Firewall, which technology initially identifies the application as web-
browsing? Answer: App-ID
◍ On the Next Generation Firewall, which is the first configuration
step for SSL Forward Proxy decryption? Answer: Forward Trust
Certificate
◍ Which type of Next Generation Firewall decryption inspects SSL
traffic coming from external users to internal servers? Answer: SSL
Inbound Inspection
◍ True or False. In the Next Generation Firewall, even if the
Decryption policy rule action is "no-decrypt," the Decryption Profile
attached to the rule can still be configured to block sessions with
expired or untrusted certificates. Answer: True
, ◍ On the Next Generation firewall, what type of security profile
detects infected files being transferred with the application? Answer:
Anti-Virus
◍ Which WildFire verdict includes viruses, worms, trojans, remote
access tools, rootkits, and botnets? Answer: Malware
◍ Without a Wildfire subscription, which of the following files can be
submitted by the Next Generation FIrewall to the hosted Wildfire
virtualized sandbox? Answer: PE Files Only
◍ In the latest Next Generation firewall version, what is the shortest
time that can be configured on the firewall to check for Wildfire
updates? Answer: 5 Minutes
◍ Which CLI command is used to verify successful file uploads to
WildFire? Answer: debug wildfire upload-log show
◍ Which WildFire verdict indicates no security threat but might
display obtrusive behavior? Answer: Grayware
◍ True or False. If a file type is matched in the File Blocking Profile
and WildFire Analysis Profile, and if the File Blocking Profile action
is set to "block," then the file is not forwarded to WildFire. Answer:
True
