U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Palo Alto Networks NGFW-Engineer Exam - Topic 3 Question 24 Discussion

An administrator needs to perform several maintenance tasks on a managed firewall directly from the Panorama console, without using the Context Switch feature.Which set of tasks can the administrator fully execute from the Panorama UI? (Choose one answer)
C) Edit a post-rule. Create a new certificate profile. Configure the firewall's hostname.
A) Download and install a new content update. View current firewall session details. Initiate a device reboot.
B) Create a new zone. Configure a new virtual router. View the local ACC on the firewall.
D) Modify the IP address of a Layer 3 interface. Configure a new local administrator account. Edit a pre-rule.

Palo Alto Networks NGFW-Engineer Exam - Topic 3 Question 24 Discussion

Actual exam question for Palo Alto Networks's NGFW-Engineer exam
Question #: 24
Topic #: 3
[All NGFW-Engineer Questions]

An administrator needs to perform several maintenance tasks on a managed firewall directly from the Panorama console, without using the Context Switch feature.

Which set of tasks can the administrator fully execute from the Panorama UI? (Choose one answer)

Show Suggested Answer Hide Answer
Suggested Answer: C

Palo Alto Networks Panorama provides a centralized management platform that allows administrators to manage firewalls through two primary constructs: Templates and Device Groups. When working directly within the Panorama UI (without switching to the firewall's context), an administrator interacts with these constructs to push configurations down to the managed devices.

The tasks listed in Option C represent the core functionality of Panorama's hierarchical management:

Edit a post-rule: Security policies are managed within Device Groups. Post-rules are specific rules that appear after any locally defined rules on the firewall, allowing Panorama to enforce a 'bottom-line' security posture across all managed devices.

Create a new certificate profile: Object management, including certificate profiles, is handled within Templates or Device Groups (depending on scope) and can be easily defined at the Panorama level.

Configure the firewall's hostname: System-level settings, such as hostnames, DNS, and NTP, are managed via Templates.

Conversely, the other options include tasks that generally require a direct connection or a 'Context Switch' to the specific firewall's management plane. For example, viewing real-time session details (Option A) or the local ACC (Option B) requires querying the specific firewall's data plane. While Panorama can trigger a software update, performing a device reboot (Option A) or managing local administrator accounts (Option D) are typically performed either locally or through the context switch to ensure the administrator is interacting with the device's specific local database rather than the global Panorama template.


Contribute your Thoughts:

0/2000 characters

Currently there are no comments in this discussion, be the first to comment!


Save Cancel