Palo Alto Networks PCNSE Practice Test - Questions Answers, Page 10
List of questions
Related questions
Question 91
Which three items are import considerations during SD-WAN configuration planning? (Choose three.)
Explanation:
https://docs.paloaltonetworks.com/sd-wan/1-0/sd-wan-admin/sd-wan-overview/plan-sd-wan-configuration
Question 92
An engineer needs to redistribute User-ID mappings from multiple data centers. Which data flow best describes redistribution of user mappings?
Explanation:
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/user-id/deploy-user-id-in-a-large- scale-network/redistribute-user-mappings-and-authentication-timestamps/firewall-deployment-for- user-id-redistribution#ide3661b46-4722-4936-bb9b-181679306809
Question 93
An engineer is configuring Packet Buffer Protection on ingress zones to protect from single-session DoS attacks Which sessions does Packet Buffer Protection apply to?
Explanation:
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/zone-protection-and-dos- protection/zone-defense/packet-buffer-protection
Question 94
The administrator for a small company has recently enabled decryption on their Palo Alto Networks firewall using a self-signed root certificate. They have also created a Forward Trust and Forward Untrust certificate and set them as such
The admin has not yet installed the root certificate onto client systems What effect would this have on decryption functionality?
Explanation:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEZCA0
Question 95
A firewall has Security policies from three sources
Explanation:
https://docs.paloaltonetworks.com/panorama/10-2/panorama-admin/manage-firewalls/manage- device-groups/manage-the-rule-hierarchy
Question 96
Which three use cases are valid reasons for requiring an Active/Active high availability deployment?
(Choose three )
Explanation:
Active/Active high availability is a deployment mode that allows both firewalls in an HA pair to actively process traffic and share the load. Active/Active HA is suitable for environments that require real, full-time redundancy from both firewalls at all times, as there is no failover time or session loss in case of a firewall failure. Active/Active HA is also suitable for environments that require that both firewalls maintain their own routing tables for faster dynamic routing protocol convergence, as each firewall can run its own routing protocols and exchange routes with other routers independently.Active/Active HA is also suitable for environments that require that traffic be load-balanced across both firewalls to handle peak traffic spikes, as each firewall can process a portion of the traffic and increase the overall throughput and performance. Active/Active HA is not suitable for environments that require Layer 2 interfaces in the deployment, as Layer 2 interfaces are not supported in Active/Active HA mode. Active/Active HA is also not suitable for environments that require that all configuration must be fully synchronized between both members of the HA pair, as some configuration settings are not synchronized in Active/Active HA mode, such as virtual router configuration, virtual wire configuration, and QoS configuration. Reference: : https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/high-availability/set-up-activeactive-ha : https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/high-availability/set-up- activeactive-ha/determine-your-activeactive-use-case
Question 97
An administrator is building Security rules within a device group to block traffic to and from malicious locations How should those rules be configured to ensure that they are evaluated with a high priority?
Explanation:
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-web-interface-help/panorama-web- interface/defining-policies-on-panorama
Question 98
A company requires that a specific set of ciphers be used when remotely managing their Palo Alto Networks appliances. Which profile should be configured in order to achieve this?
Explanation:
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/certificate-management/configure- an-ssh-service-profile
Question 99
A company is using wireless controllers to authenticate users. Which source should be used for User- ID mappings?
Explanation:
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/user-id/user-id-overview
Question 100
An engineer is configuring SSL Inbound Inspection for public access to a company's application.
Which certificate(s) need to be installed on the firewall to ensure that inspection is performed successfully?
Explanation:
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/decryption/configure-ssl-inbound- inspection We recommend uploading a certificate chain (a single file) to the firewall if your end- entity (leaf) certificate is signed by one or more intermediate certificates and your web server supports TLS 1.2 and Rivest, Shamir, Adleman (RSA) or Perfect Forward Secrecy (PFS) key exchange algorithms. Uploading the chain avoids client-side server certificate authentication issues.
You should arrange the certificates in the file as follows: End-entity (leaf) certificate Intermediate certificates (in issuing order) (Optional) Root certificate
Question