Online Access Free NGFW-Engineer Exam Questions

An automation engineer is developing a Python script to standardize SD-WAN deployments across multiple customer tenants in Panorama. A key requirement is to programmatically create path quality profiles to monitor link performance based on latency, jitter, and packet loss.
Which API call is required for this task?

• A.POST request to the pathMonitoringProfiles object endpoint via the REST API on a managed firewall
• B.POST request to the SDWanPathQualityProfiles object endpoint via the REST API on Panorama
• C.XML API command with an xpath of config/devices/entry/vsys/entry/path-quality-profiles on Panorama
• D.XML API command with an xpath of sdwan/path-quality-profiles on a managed firewall

When an engineer creates a new VSYS on a supported firewall platform, which resource can be explicitly limited in the VSYS configuration to control its capacity?

• A.Maximum number of log entries
• B.Dedicated data plane memory
• C.Maximum number of admin accounts
• D.Maximum number of NAT rules

What is a valid configurable limit for setting resource quotas when defining a new VSYS on a Palo Alto Networks firewall?

• A.Disk space allocation for logs
• B.Maximum number of virtual routers
• C.Percentage of total CPU utilization
• D.Maximum number of SSL decryption rules

After a recent security audit, a company is required to enforce more strict validation for all certificate-based authentication, including for GlobalProtect clients. An engineer observes the firewall accepting certificates from a recently compromised intermediate certificate authority (CA). The engineer needs to update the firewall configuration to use an Online Certificate Status Protocol (OCSP) responder to check for revoked certificates in real time.
In which configuration object would the engineer enable OCSP verification for the CAs used in the authentication process?

• A.Certificate profile
• B.SSL/TLS service profile
• C.Decryption profile
• D.Authentication sequence

What is a result of enabling split tunneling in the GlobalProtect portal configuration with the "Both Network Traffic and DNS" option?

• A.It allows users to access internal resources when connected locally and external resources when connected remotely using the same FQDN.
• B.It specifies which domains are resolved by the VPN-assigned DNS servers and which domains are resolved by the local DNS servers.
• C.It specifies when the secondary DNS server is used for resolution to allow access to specific domains that are not managed by the VPN.
• D.It allows devices on a local network to access blocked websites by changing which DNS server resolves certain domain names.