ExamGecko
Search Search Login
Ask QuestionAsk Question

Palo Alto Networks PCNSE Practice Test - Questions Answers

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Before an administrator of a VM-500 can enable DoS and zone protection, what actions need to be taken?
Phase two of a VPN will not establish a connection. The peer is using a policy-based VPN configuration. What part of the configuration should the engineer verify'?
During the process of developing a decryption strategy and evaluating which websites are required for corporate users to access, several sites have been identified that cannot be decrypted due to technical reasons. In this case, the technical reason is unsupported ciphers. Traffic to these sites will therefore be blocked if decrypted How should the engineer proceed?
If a URL is in multiple custom URL categories with different actions, which action will take priority?
What is a correct statement regarding administrative authentication using external services with a local authorization method?
You are auditing the work of a co-worker and need to verify that they have matched the Palo Alto Networks Best Practices for Anti-Spyware Profiles. For which three severity levels should single-packet captures be enabled to meet the Best Practice standard? (Choose three.)
An administrator configures a site-to-site IPsec VPN tunnel between a PA-850 and an external customer on their policy-based VPN devices. What should an administrator configure to route interesting traffic through the VPN tunnel?
A company requires that a specific set of ciphers be used when remotely managing their Palo Alto Networks appliances. Which profile should be configured in order to achieve this?
When you navigate to Network: > GlobalProtect > Portals > Method section, which three options are available? (Choose three )
When you import the configuration of an HA pair into Panorama, how do you prevent the import from affecting ongoing traffic?

Question 1

Report
Export
Collapse

DRAG DROP

Match each type of DoS attack to an example of that type of attack.


Question 1
Correct answer: Question 1

Explanation:

Reference: https://www.hackingarticles.in/dos-penetration-testing-part-1/#:~:text=Protocol%2DBased%20Attack%3A%20This%20kind,unresponsive%20to%20other%20legitimate%20requests

asked 23/09/2024
Sheng-Feng Zhang
36 questions

Question 2

Report
Export
Collapse

DRAG DROP

Below are the steps in the workflow for creating a Best Practice Assessment in a firewall and Panorama configuration. Place the steps in order.


Question 2
Correct answer: Question 2

Explanation:

Step 1. In either the NGFW or in Panorama, on the Operations/Support tab, download the technical support file.

Step 2. Log in to the Customer Support Portal (CSP) and navigate to Tools > Best Practice Assessment.

Step 3. Upload or drag and drop the technical support file.

Step 4. Map the zone type and area of the architecture to each zone.

Step 5.Follow the steps to download the BPA report bundle.

Reference:

https://www.paloaltonetworks.com/resources/videos/how-to-run-a-bpa

asked 23/09/2024
Katherine Messick
37 questions

Question 3

Report
Export
Collapse

When using certificate authentication for firewall administration, which method is used for authorization?

A.
Radius
A.
Radius
Answers
B.
LDAP
B.
LDAP
Answers
C.
Kerberos
C.
Kerberos
Answers
D.
Local
D.
Local
Answers
Suggested answer: D

Explanation:

Authentication: Certificates Authorization: Local The administrative accounts are local to the firewall, but authentication to the web interface is based on client certificates. You use the firewall to manage role assignments but access domains are not supported.

asked 23/09/2024
Son Pham Hong
44 questions

Question 4

Report
Export
Collapse

A network administrator wants to use a certificate for the SSL/TLS Service Profile.

Which type of certificate should the administrator use?

A.
certificate authority (CA) certificate
A.
certificate authority (CA) certificate
Answers
B.
client certificate
B.
client certificate
Answers
C.
machine certificate
C.
machine certificate
Answers
D.
server certificate
D.
server certificate
Answers
Suggested answer: D

Explanation:

Use only signed certificates, not CA certificates, in SSL/TLS service profiles.

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/certificate-management/configurean-ssltls-service-profile.html

A server certificate is used for the SSL/TLS Service Profile. The server certificate identifies the firewall to clients that initiate SSL/TLS connections to it. Reference: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/certificate-management/certificates-and-keys/server-certificates

asked 23/09/2024
Balvant Variya
37 questions

Question 5

Report
Export
Collapse

Using multiple templates in a stack to manage many firewalls provides which two advantages?

(Choose two.)

A.
inherit address-objects from templates
A.
inherit address-objects from templates
Answers
B.
define a common standard template configuration for firewalls
B.
define a common standard template configuration for firewalls
Answers
C.
standardize server profiles and authentication configuration across all stacks
C.
standardize server profiles and authentication configuration across all stacks
Answers
D.
standardize log-forwarding profiles for security polices across all stacks
D.
standardize log-forwarding profiles for security polices across all stacks
Answers
Suggested answer: B, C

Explanation:

Using multiple templates in a stack to manage many firewalls provides the advantages of defining a common standard template configuration for firewalls and standardizing server profiles and authentication configuration across all stacks.

A template stack is a container for multiple templates that you can assign to firewalls and firewall groups. The templates in a stack are prioritized so that the settings in a higher-priority template override the same settings in a lower-priority template.This allows you to create a hierarchy of templates that define common settings for all firewalls and specific settings for different groups of firewalls. Reference:https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/ manage-firewalls/manage- templates-and-template-stacks

asked 23/09/2024
Marc Casin Martinez
41 questions

Question 6

Report
Export
Collapse

A network security engineer is attempting to peer a virtual router on a PAN-OS firewall with an external router using the BGP protocol. The peer relationship is not establishing.

What command could the engineer run to see the current state of the BGP state between the two devices?

A.
show routing protocol bgp state
A.
show routing protocol bgp state
Answers
B.
show routing protocol bgp peer
B.
show routing protocol bgp peer
Answers
C.
show routing protocol bgp summary
C.
show routing protocol bgp summary
Answers
D.
show routing protocol bgp rib-out
D.
show routing protocol bgp rib-out
Answers
Suggested answer: C

Explanation:

The show routing protocol bgp summary command displays the current state of the BGP peer relationship between the firewall and other BGP routers. The output includes the peer IP address, AS number, uptime, prefix count, state, and status codes. Reference:https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-cli-quick-start/use-the-cli/show-the- routing-table-and-statistics

asked 23/09/2024
Harry Vervelde
40 questions

Question 7

Report
Export
Collapse

A network security engineer must implement Quality of Service policies to ensure specific levels of delivery guarantees for various applications in the environment They want to ensure that they know as much as they can about QoS before deploying.

Which statement about the QoS feature is correct?

A.
QoS is only supported on firewalls that have a single virtual system configured
A.
QoS is only supported on firewalls that have a single virtual system configured
Answers
B.
QoS can be used in conjunction with SSL decryption
B.
QoS can be used in conjunction with SSL decryption
Answers
C.
QoS is only supported on hardware firewalls
C.
QoS is only supported on hardware firewalls
Answers
D.
QoS can be used on firewalls with multiple virtual systems configured
D.
QoS can be used on firewalls with multiple virtual systems configured
Answers
Suggested answer: D

Explanation:

The correct answer is D - QoS can be used on firewalls with multiple virtual systems configured. QoS is a feature that enables network administrators to prioritize and manage network traffic to ensure that critical applications receive the necessary bandwidth and quality of service. This feature can be used on firewalls with multiple virtual systems, allowing administrators to configure policies on a per-Virtual System basis. Additionally, QoS can be used in conjunction with SSL decryption to ensure that applications running over SSL receive appropriate treatment.

asked 23/09/2024
Hector Quintero
47 questions

Question 8

Report
Export
Collapse

Which statement regarding HA timer settings is true?

A.
Use the Recommended profile for typical failover timer settings
A.
Use the Recommended profile for typical failover timer settings
Answers
B.
Use the Moderate profile for typical failover timer settings
B.
Use the Moderate profile for typical failover timer settings
Answers
C.
Use the Aggressive profile for slower failover timer settings.
C.
Use the Aggressive profile for slower failover timer settings.
Answers
D.
Use the Critical profile for faster failover timer settings.
D.
Use the Critical profile for faster failover timer settings.
Answers
Suggested answer: A

Explanation:

The Recommended profile is the default profile that provides typical failover timer settings for most deployments. The other profiles are designed for specific scenarios where faster or slower failover isdesired. Reference: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/high- availability/ha-concepts/ha-timers

asked 23/09/2024
Luis Hernaiz
40 questions

Question 9

Report
Export
Collapse

When you navigate to Network: > GlobalProtect > Portals > Method section, which three options are available? (Choose three )

A.
user-logon (always on)
A.
user-logon (always on)
Answers
B.
pre-logon then on-demand
B.
pre-logon then on-demand
Answers
C.
on-demand (manual user initiated connection)
C.
on-demand (manual user initiated connection)
Answers
D.
post-logon (always on)
D.
post-logon (always on)
Answers
E.
certificate-logon
E.
certificate-logon
Answers
Suggested answer: A, B, C

Explanation:

The Method section of the GlobalProtect portal configuration allows you to specify how users connect to the portal. The options are: user-logon (always on): The agent connects to the portal as soon as the user logs in to the endpoint. pre-logon then on-demand: The agent connects to the portal before the user logs in to the endpoint and then switches to on-demand mode after the user logs in. on-demand (manual user initiated connection): The agent connects to the portal only when the user initiates the connection manually. Reference: https://docs.paloaltonetworks.com/pan-os/10-1/pan- os-admin/globalprotect/configure-the-globalprotect-portal/configure-the-agent/configure-the-app- tab.html

asked 23/09/2024
Jeremiah Gem Galeon
43 questions

Question 10

Report
Export
Collapse

An engineer must configure the Decryption Broker feature

Which Decryption Broker security chain supports bi-directional traffic flow?

A.
Layer 2 security chain
A.
Layer 2 security chain
Answers
B.
Layer 3 security chain
B.
Layer 3 security chain
Answers
C.
Transparent Bridge security chain
C.
Transparent Bridge security chain
Answers
D.
Transparent Proxy security chain
D.
Transparent Proxy security chain
Answers
Suggested answer: B

Explanation:

Together, the primary and secondary interfaces form a pair of decryption forwarding interfaces. Only interfaces that you have enabled to be Decrypt Forward interfaces are displayed here. Your security chain type (Layer 3 or Transparent Bridge) and the traffic flow direction (unidirectional or bidirectional) determine which of the two interfaces forwards allowed, clear text traffic to the security chain, and which interface receives the traffic back from the security chain after it has undergone additional enforcement.

asked 23/09/2024
SERGIO MELOSEVICH
45 questions
Total 470 questions
Go to page: of 47
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy policy
Terms
Disclaimer
Refund policy
Copyright
Twitter X
Facebook
Medium