Palo Alto EDU-210 and EDU-220 Questions & Answers
Which option describes the result of clicking an application's name in the
Dashboard's Top Applications widget?
A. The web interface displays a popup window with application usage
details.
B. The color of the application changes to indicate its risk factor.
C. The ACC tab opens with the application added as a global filter.
D. Nothing happens because the application name is not a web link.
Correct Ans - C
Which two elements of a credential-based attack are examples of credential
theft? (Choose two.)
A. malware
B. keystroke logging
C. infiltration at the perimeter
D. brute force Correct Ans - BD
A Security policy rule displayed in italic font indicates which condition?
A. The rule is active.
B. The rule has been overridden.
C. The rule is a clone.
D. The rule is disabled. Correct Ans - D
Which two statements are true regarding network segmentation? (Choose
two.)
A. reduces the attack surface
B. depends on network VLAN capability
C. implementation requires at least two firewalls
D. often aligns with firewall security zone configuration Correct Ans -
AD
Which Security Profile type would you configure to block access to known-
malicious domains?
A. URL Filtering
B. Vulnerability Protection
C. Anti-Spyware
D. Data Filtering Correct Ans - C
,Which two statements are true about sessions on the firewall? (Choose
two.)
A. The firewall tries to match network packets to an existing session ID.
B. The only session information tracked in the session logs are the five
tuples.
C. Sessions always are matched to a Security policy rule.
D. Return traffic is allowed. Correct Ans - AD
Which firewall profile protects against port scan reconnaissance activities?
A. Zone Protection Profile
B. URL Filtering Profile
C. DoS Protection Profile
D. Data Filtering Profile Correct Ans - A
Which two conditions must be met before the firewall can use a Security
Profile to inspect network traffic for malicious activity? (Choose two.)
A. Traffic must be decrypted (clear text).
B. Zone protection must be enabled.
C. User-ID must be enabled.
D. Traffic must match a Security policy rule. Correct Ans - AD
Which three objects can be sent to WildFire for analysis? (Choose three.)
A. URL links found in email
B. known files and URL links
C. MGT interface traffic
D. email attachments
E. files traversing the firewall Correct Ans - ADE
An Interface Management Profile can be attached to which two interface
types? (Choose two.)
A. Layer 2
B. Loopback
C. Tap
D. Layer 3
E. Virtual Wire Correct Ans - BD
Which two statements are true regarding how the firewall uses its master
key? (Choose two.)
A. It is used to encrypt file transfers from WildFire.
, B. It is used to encrypt file transfers to WildFire.
C. It is used to encrypt local firewall account passwords.
D. It is used to encrypt private keys. Correct Ans - CD
Which statement is true about a URL Filtering Profile's continue password?
A. There is a single, per-firewall password.
B. There is a password per session.
C. There is a password per firewall administrator account.
D. There is a password per website. Correct Ans - A
During which cyber-attack lifecycle stage is the attacker working outside
the target environment to prepare the attack method and malware?
A. reconnaissance
B. weaponization
C. exploitation
D. delivery Correct Ans - B
Which two statements are true regarding SSL key pinning? (Choose two.)
A. It can prevent secure SSL Forward Proxy connections.
B. It can prevent secure SSL Inbound Inspection connections.
C. It can prevent secure SSH Proxy connections.
D. It can prevent the use of counterfeit certificates. Correct Ans -
AD
Which interface type does NOT require any configuration changes to
adjacent network devices?
A. Layer 3
B. Layer 2
C. Tap
D. Virtual Wire Correct Ans - D
Which two items are used by the firewall's Content-ID Engine to analyze
network traffic for threats? (Choose two.)
A. protocol decoders
B. custom application signatures
C. Security Profiles
D. standard application signatures Correct Ans - AC
Which option describes the result of clicking an application's name in the
Dashboard's Top Applications widget?
A. The web interface displays a popup window with application usage
details.
B. The color of the application changes to indicate its risk factor.
C. The ACC tab opens with the application added as a global filter.
D. Nothing happens because the application name is not a web link.
Correct Ans - C
Which two elements of a credential-based attack are examples of credential
theft? (Choose two.)
A. malware
B. keystroke logging
C. infiltration at the perimeter
D. brute force Correct Ans - BD
A Security policy rule displayed in italic font indicates which condition?
A. The rule is active.
B. The rule has been overridden.
C. The rule is a clone.
D. The rule is disabled. Correct Ans - D
Which two statements are true regarding network segmentation? (Choose
two.)
A. reduces the attack surface
B. depends on network VLAN capability
C. implementation requires at least two firewalls
D. often aligns with firewall security zone configuration Correct Ans -
AD
Which Security Profile type would you configure to block access to known-
malicious domains?
A. URL Filtering
B. Vulnerability Protection
C. Anti-Spyware
D. Data Filtering Correct Ans - C
,Which two statements are true about sessions on the firewall? (Choose
two.)
A. The firewall tries to match network packets to an existing session ID.
B. The only session information tracked in the session logs are the five
tuples.
C. Sessions always are matched to a Security policy rule.
D. Return traffic is allowed. Correct Ans - AD
Which firewall profile protects against port scan reconnaissance activities?
A. Zone Protection Profile
B. URL Filtering Profile
C. DoS Protection Profile
D. Data Filtering Profile Correct Ans - A
Which two conditions must be met before the firewall can use a Security
Profile to inspect network traffic for malicious activity? (Choose two.)
A. Traffic must be decrypted (clear text).
B. Zone protection must be enabled.
C. User-ID must be enabled.
D. Traffic must match a Security policy rule. Correct Ans - AD
Which three objects can be sent to WildFire for analysis? (Choose three.)
A. URL links found in email
B. known files and URL links
C. MGT interface traffic
D. email attachments
E. files traversing the firewall Correct Ans - ADE
An Interface Management Profile can be attached to which two interface
types? (Choose two.)
A. Layer 2
B. Loopback
C. Tap
D. Layer 3
E. Virtual Wire Correct Ans - BD
Which two statements are true regarding how the firewall uses its master
key? (Choose two.)
A. It is used to encrypt file transfers from WildFire.
, B. It is used to encrypt file transfers to WildFire.
C. It is used to encrypt local firewall account passwords.
D. It is used to encrypt private keys. Correct Ans - CD
Which statement is true about a URL Filtering Profile's continue password?
A. There is a single, per-firewall password.
B. There is a password per session.
C. There is a password per firewall administrator account.
D. There is a password per website. Correct Ans - A
During which cyber-attack lifecycle stage is the attacker working outside
the target environment to prepare the attack method and malware?
A. reconnaissance
B. weaponization
C. exploitation
D. delivery Correct Ans - B
Which two statements are true regarding SSL key pinning? (Choose two.)
A. It can prevent secure SSL Forward Proxy connections.
B. It can prevent secure SSL Inbound Inspection connections.
C. It can prevent secure SSH Proxy connections.
D. It can prevent the use of counterfeit certificates. Correct Ans -
AD
Which interface type does NOT require any configuration changes to
adjacent network devices?
A. Layer 3
B. Layer 2
C. Tap
D. Virtual Wire Correct Ans - D
Which two items are used by the firewall's Content-ID Engine to analyze
network traffic for threats? (Choose two.)
A. protocol decoders
B. custom application signatures
C. Security Profiles
D. standard application signatures Correct Ans - AC
