ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSE

Palo Alto Networks PCNSE Practice Test - Questions Answers, Page 10

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

If a URL is in multiple custom URL categories with different actions, which action will take priority?
When you navigate to Network: > GlobalProtect > Portals > Method section, which three options are available? (Choose three )
A network security engineer is attempting to peer a virtual router on a PAN-OS firewall with an external router using the BGP protocol. The peer relationship is not establishing. What command could the engineer run to see the current state of the BGP state between the two devices?
Which type of policy in Palo Alto Networks firewalls can use Device-ID as a match condition?
Based on the screenshots above, and with no configuration inside the Template Stack itself, what access will the device permit on its Management port?
A firewall administrator has been tasked with ensuring that all firewalls forward System logs to Panorama. In which section is this configured?
DRAG DROP An engineer is troubleshooting traffic routing through the virtual router. The firewall uses multiple routing protocols, and the engineer is trying to determine routing priority Match the default Administrative Distances for each routing protocol.
An administrator analyzes the following portion of a VPN system log and notices the following issue "Received local id 10 10 1 4/24 type IPv4 address protocol 0 port 0, received remote id 10.1.10.4/24 type IPv4 address protocol 0 port 0." What is the cause of the issue?
Following a review of firewall logs for traffic generated by malicious activity, how can an administrator confirm that WildFire has identified a virus?
An engineer is reviewing policies after a PAN-OS upgrade What are the two differences between Highlight Unused Rules and the Rule Usage Hit counters immediately after a reboot?

Question 91

Report
Export
Collapse

Which three items are import considerations during SD-WAN configuration planning? (Choose three.)

A.
link requirements
A.
link requirements
Answers
B.
the name of the ISP
B.
the name of the ISP
Answers
C.
IP Addresses
C.
IP Addresses
Answers
D.
branch and hub locations
D.
branch and hub locations
Answers
Suggested answer: A, C, D

Explanation:

https://docs.paloaltonetworks.com/sd-wan/1-0/sd-wan-admin/sd-wan-overview/plan-sd-wan-configuration

Question 92

Report
Export
Collapse

An engineer needs to redistribute User-ID mappings from multiple data centers. Which data flow best describes redistribution of user mappings?

A.
Domain Controller to User-ID agent
A.
Domain Controller to User-ID agent
Answers
B.
User-ID agent to Panorama
B.
User-ID agent to Panorama
Answers
C.
User-ID agent to firewall
C.
User-ID agent to firewall
Answers
D.
firewall to firewall
D.
firewall to firewall
Answers
Suggested answer: D

Explanation:

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/user-id/deploy-user-id-in-a-large- scale-network/redistribute-user-mappings-and-authentication-timestamps/firewall-deployment-for- user-id-redistribution#ide3661b46-4722-4936-bb9b-181679306809

Question 93

Report
Export
Collapse

An engineer is configuring Packet Buffer Protection on ingress zones to protect from single-session DoS attacks Which sessions does Packet Buffer Protection apply to?

A.
It applies to existing sessions and is not global
A.
It applies to existing sessions and is not global
Answers
B.
It applies to new sessions and is global
B.
It applies to new sessions and is global
Answers
C.
It applies to new sessions and is not global
C.
It applies to new sessions and is not global
Answers
D.
It applies to existing sessions and is global
D.
It applies to existing sessions and is global
Answers
Suggested answer: D

Explanation:

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/zone-protection-and-dos- protection/zone-defense/packet-buffer-protection

Question 94

Report
Export
Collapse

The administrator for a small company has recently enabled decryption on their Palo Alto Networks firewall using a self-signed root certificate. They have also created a Forward Trust and Forward Untrust certificate and set them as such

The admin has not yet installed the root certificate onto client systems What effect would this have on decryption functionality?

A.
Decryption will function and there will be no effect to end users
A.
Decryption will function and there will be no effect to end users
Answers
B.
Decryption will not function because self-signed root certificates are not supported
B.
Decryption will not function because self-signed root certificates are not supported
Answers
C.
Decryption will not function until the certificate is installed on client systems
C.
Decryption will not function until the certificate is installed on client systems
Answers
D.
Decryption will function but users will see certificate warnings for each SSL site they visit
D.
Decryption will function but users will see certificate warnings for each SSL site they visit
Answers
Suggested answer: D

Explanation:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEZCA0

Question 95

Report
Export
Collapse

A firewall has Security policies from three sources

A.
locally created policies
A.
locally created policies
Answers
B.
shared device group policies as pre-rules
B.
shared device group policies as pre-rules
Answers
C.
the firewall's device group as post-rulesHow will the rule order populate once pushed to the firewall?
C.
the firewall's device group as post-rulesHow will the rule order populate once pushed to the firewall?
Answers
D.
shared device group policies, firewall device group policies. local policies.
D.
shared device group policies, firewall device group policies. local policies.
Answers
E.
firewall device group policies, local policies. shared device group policies
E.
firewall device group policies, local policies. shared device group policies
Answers
F.
shared device group policies. local policies, firewall device group policies
F.
shared device group policies. local policies, firewall device group policies
Answers
G.
local policies, firewall device group policies, shared device group policies
G.
local policies, firewall device group policies, shared device group policies
Answers
Suggested answer: C

Explanation:

https://docs.paloaltonetworks.com/panorama/10-2/panorama-admin/manage-firewalls/manage- device-groups/manage-the-rule-hierarchy

Question 96

Report
Export
Collapse

Which three use cases are valid reasons for requiring an Active/Active high availability deployment?

(Choose three )

A.
The environment requires real, full-time redundancy from both firewalls at all times
A.
The environment requires real, full-time redundancy from both firewalls at all times
Answers
B.
The environment requires Layer 2 interfaces in the deployment
B.
The environment requires Layer 2 interfaces in the deployment
Answers
C.
The environment requires that both firewalls maintain their own routing tables for faster dynamic routing protocol convergence
C.
The environment requires that both firewalls maintain their own routing tables for faster dynamic routing protocol convergence
Answers
D.
The environment requires that all configuration must be fully synchronized between both members of the HA pair
D.
The environment requires that all configuration must be fully synchronized between both members of the HA pair
Answers
E.
The environment requires that traffic be load-balanced across both firewalls to handle peak traffic spikes
E.
The environment requires that traffic be load-balanced across both firewalls to handle peak traffic spikes
Answers
Suggested answer: A, C, E

Explanation:

Active/Active high availability is a deployment mode that allows both firewalls in an HA pair to actively process traffic and share the load. Active/Active HA is suitable for environments that require real, full-time redundancy from both firewalls at all times, as there is no failover time or session loss in case of a firewall failure. Active/Active HA is also suitable for environments that require that both firewalls maintain their own routing tables for faster dynamic routing protocol convergence, as each firewall can run its own routing protocols and exchange routes with other routers independently.Active/Active HA is also suitable for environments that require that traffic be load-balanced across both firewalls to handle peak traffic spikes, as each firewall can process a portion of the traffic and increase the overall throughput and performance. Active/Active HA is not suitable for environments that require Layer 2 interfaces in the deployment, as Layer 2 interfaces are not supported in Active/Active HA mode. Active/Active HA is also not suitable for environments that require that all configuration must be fully synchronized between both members of the HA pair, as some configuration settings are not synchronized in Active/Active HA mode, such as virtual router configuration, virtual wire configuration, and QoS configuration. Reference: : https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/high-availability/set-up-activeactive-ha : https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/high-availability/set-up- activeactive-ha/determine-your-activeactive-use-case

Question 97

Report
Export
Collapse

An administrator is building Security rules within a device group to block traffic to and from malicious locations How should those rules be configured to ensure that they are evaluated with a high priority?

A.
Create the appropriate rules with a Block action and apply them at the top of the Default Rules
A.
Create the appropriate rules with a Block action and apply them at the top of the Default Rules
Answers
B.
Create the appropriate rules with a Block action and apply them at the top of the Security Post- Rules.
B.
Create the appropriate rules with a Block action and apply them at the top of the Security Post- Rules.
Answers
C.
Create the appropriate rules with a Block action and apply them at the top of the local firewall Security rules.
C.
Create the appropriate rules with a Block action and apply them at the top of the local firewall Security rules.
Answers
D.
Create the appropriate rules with a Block action and apply them at the top of the Security Pre- Rules
D.
Create the appropriate rules with a Block action and apply them at the top of the Security Pre- Rules
Answers
Suggested answer: D

Explanation:

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-web-interface-help/panorama-web- interface/defining-policies-on-panorama

Question 98

Report
Export
Collapse

A company requires that a specific set of ciphers be used when remotely managing their Palo Alto Networks appliances. Which profile should be configured in order to achieve this?

A.
SSH Service profile
A.
SSH Service profile
Answers
B.
SSL/TLS Service profile
B.
SSL/TLS Service profile
Answers
C.
Decryption profile
C.
Decryption profile
Answers
D.
Certificate profile
D.
Certificate profile
Answers
Suggested answer: A

Explanation:

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/certificate-management/configure- an-ssh-service-profile

Question 99

Report
Export
Collapse

A company is using wireless controllers to authenticate users. Which source should be used for User- ID mappings?

A.
Syslog
A.
Syslog
Answers
B.
XFF headers
B.
XFF headers
Answers
C.
server monitoring
C.
server monitoring
Answers
D.
client probing
D.
client probing
Answers
Suggested answer: A

Explanation:

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/user-id/user-id-overview

Question 100

Report
Export
Collapse

An engineer is configuring SSL Inbound Inspection for public access to a company's application.

Which certificate(s) need to be installed on the firewall to ensure that inspection is performed successfully?

A.
Self-signed CA and End-entity certificate
A.
Self-signed CA and End-entity certificate
Answers
B.
Root CA and Intermediate CA(s)
B.
Root CA and Intermediate CA(s)
Answers
C.
Self-signed certificate with exportable private key
C.
Self-signed certificate with exportable private key
Answers
D.
Intermediate CA (s) and End-entity certificate
D.
Intermediate CA (s) and End-entity certificate
Answers
Suggested answer: D

Explanation:

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/decryption/configure-ssl-inbound- inspection We recommend uploading a certificate chain (a single file) to the firewall if your end- entity (leaf) certificate is signed by one or more intermediate certificates and your web server supports TLS 1.2 and Rivest, Shamir, Adleman (RSA) or Perfect Forward Secrecy (PFS) key exchange algorithms. Uploading the chain avoids client-side server certificate authentication issues.

You should arrange the certificates in the file as follows: End-entity (leaf) certificate Intermediate certificates (in issuing order) (Optional) Root certificate

Total 426 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms