ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSE

Palo Alto Networks PCNSE Practice Test - Questions Answers, Page 14

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

If a URL is in multiple custom URL categories with different actions, which action will take priority?
When you navigate to Network: > GlobalProtect > Portals > Method section, which three options are available? (Choose three )
A network security engineer is attempting to peer a virtual router on a PAN-OS firewall with an external router using the BGP protocol. The peer relationship is not establishing. What command could the engineer run to see the current state of the BGP state between the two devices?
Which type of policy in Palo Alto Networks firewalls can use Device-ID as a match condition?
Based on the screenshots above, and with no configuration inside the Template Stack itself, what access will the device permit on its Management port?
A firewall administrator has been tasked with ensuring that all firewalls forward System logs to Panorama. In which section is this configured?
DRAG DROP An engineer is troubleshooting traffic routing through the virtual router. The firewall uses multiple routing protocols, and the engineer is trying to determine routing priority Match the default Administrative Distances for each routing protocol.
An administrator analyzes the following portion of a VPN system log and notices the following issue "Received local id 10 10 1 4/24 type IPv4 address protocol 0 port 0, received remote id 10.1.10.4/24 type IPv4 address protocol 0 port 0." What is the cause of the issue?
Following a review of firewall logs for traffic generated by malicious activity, how can an administrator confirm that WildFire has identified a virus?
An engineer is reviewing policies after a PAN-OS upgrade What are the two differences between Highlight Unused Rules and the Rule Usage Hit counters immediately after a reboot?

Question 131

Report
Export
Collapse

Cortex XDR notifies an administrator about grayware on the endpoints. There are no entries about grayware in any of the logs of the corresponding firewall. Which setting can the administrator configure on the firewall to log grayware verdicts?

A.
within the log forwarding profile attached to the Security policy rule
A.
within the log forwarding profile attached to the Security policy rule
Answers
B.
within the log settings option in the Device tab
B.
within the log settings option in the Device tab
Answers
C.
in WildFire General Settings, select "Report Grayware Files"
C.
in WildFire General Settings, select "Report Grayware Files"
Answers
D.
in Threat General Settings, select "Report Grayware Files"
D.
in Threat General Settings, select "Report Grayware Files"
Answers
Suggested answer: C

Explanation:

https://docs.paloaltonetworks.com/wildfire/10-2/wildfire-admin/monitor-wildfire-activity/use-the- firewall-to-monitor-malware/configure-wildfire-submissions-log-settings/enable-logging-for-benign- and-grayware-samples

Question 132

Report
Export
Collapse

You have upgraded your Panorama and Log Collectors lo 10.2 x. Before upgrading your firewalls using Panorama, what do you need do?

A.
Refresh your licenses with Palo Alto Network Support - Panorama/Licenses/Retrieve License Keys from License Server.
A.
Refresh your licenses with Palo Alto Network Support - Panorama/Licenses/Retrieve License Keys from License Server.
Answers
B.
Re-associate the firewalls in Panorama/Managed Devices/Summary.
B.
Re-associate the firewalls in Panorama/Managed Devices/Summary.
Answers
C.
Commit and Push the configurations to the firewalls.
C.
Commit and Push the configurations to the firewalls.
Answers
D.
Refresh the Mastor Key in Panorama/Master Key and Diagnostic
D.
Refresh the Mastor Key in Panorama/Master Key and Diagnostic
Answers
Suggested answer: C

Explanation:

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-upgrade/upgrade-pan-os/upgrade-the- firewall-pan-os/upgrade-firewalls-using-panorama

Question 133

Report
Export
Collapse

A network security engineer has applied a File Blocking profile to a rule with the action of Block. The user of a Linux CLI operating system has opened a ticket. The ticket states that the user is being blocked by the firewall when trying to download a TAR file. The user is getting no error response on the system.

Where is the best place to validate if the firewall is blocking the user's TAR file?

A.
URL Filtering log
A.
URL Filtering log
Answers
B.
Data Filtering log
B.
Data Filtering log
Answers
C.
Threat log
C.
Threat log
Answers
D.
WildFire Submissions log
D.
WildFire Submissions log
Answers
Suggested answer: B

Explanation:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClZ1CAK

Question 134

Report
Export
Collapse

A network engineer has discovered that asymmetric routing is causing a Palo Alto Networks firewall to drop traffic. The network architecture cannot be changed to correct this.

Which two actions can be taken on the firewall to allow the dropped traffic permanently? (Choose two.)

A.
Navigate to Network > Zone Protection Click AddSelect Packet Based Attack Protection > TCP/IP Drop Set "Reject Non-syn-TCP" to No Set "Asymmetric Path" to Bypass
A.
Navigate to Network > Zone Protection Click AddSelect Packet Based Attack Protection > TCP/IP Drop Set "Reject Non-syn-TCP" to No Set "Asymmetric Path" to Bypass
Answers
B.
> set session tcp-reject-non-syn no
B.
> set session tcp-reject-non-syn no
Answers
C.
Navigate to Network > Zone Protection Click AddSelect Packet Based Attack Protection > TCP/IP Drop Set "Reject Non-syn-TCP" to Global Set "Asymmetric Path" to Global
C.
Navigate to Network > Zone Protection Click AddSelect Packet Based Attack Protection > TCP/IP Drop Set "Reject Non-syn-TCP" to Global Set "Asymmetric Path" to Global
Answers
D.
# set deviceconfig setting session tcp-reject-non-syn no
D.
# set deviceconfig setting session tcp-reject-non-syn no
Answers
Suggested answer: A, D

Explanation:

Option A is correct because setting "Reject Non-syn-TCP" to No and "Asymmetric Path" to Bypass in the Zone Protection profile disables the TCP checks that can cause the firewall to drop packets due to asymmetric routing. This allows the firewall to accept non-SYN TCP packets without a session match and packets that are out of sequence or out of window.Option D is correct because setting session tcp-reject-non-syn to no in the CLI also disables the TCP checks that can cause the firewall to drop packets due to asymmetric routing. This allows the firewall to accept non-SYN TCP packets without a session match and packets that are out of sequence or out of window.Option B is incorrect because setting session tcp-reject-non-syn to no in the CLI has the same effect as setting "Reject Non-syn-TCP" to No in the Zone Protection profile, so there is no need to do both.Also, setting "Asymmetric Path" to Global in the Zone Protection profile does not disable the TCP checks that can cause the firewall to drop packets due to asymmetric routing. It only allows the firewall to use a global timer for asymmetric path detection instead of a per-session timer.Option C is incorrect because setting "Reject Non-syn-TCP" to Global and "Asymmetric Path" to Global in the Zone Protection profile does not disable the TCP checks that can cause the firewall to drop packets due to asymmetric routing. It only allows the firewall to use a global timer for both non- SYN TCP rejection and asymmetric path detection instead of a per-session timer.Reference: 1 https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClReCAK 2 https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSHCA0

Question 135

Report
Export
Collapse

Which CLI command is used to determine how much disk space is allocated to logs?

A.
show logging-status
A.
show logging-status
Answers
B.
show system info
B.
show system info
Answers
C.
debug log-receiver show
C.
debug log-receiver show
Answers
D.
show system logdfo-quota
D.
show system logdfo-quota
Answers
Suggested answer: D

Explanation:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClgZCAS

Question 136

Report
Export
Collapse

An engineer has been tasked with reviewing traffic logs to find applications the firewall is unable to identify with App-ID. Why would the application field display as incomplete?

A.
The client sent a TCP segment with the PUSH flag set.
A.
The client sent a TCP segment with the PUSH flag set.
Answers
B.
The TCP connection was terminated without identifying any application data.
B.
The TCP connection was terminated without identifying any application data.
Answers
C.
There is insufficient application data after the TCP connection was established.
C.
There is insufficient application data after the TCP connection was established.
Answers
D.
The TCP connection did not fully establish.
D.
The TCP connection did not fully establish.
Answers
Suggested answer: D

Explanation:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClibCAC Incomplete in the application field: Incomplete means that either the three-way TCP handshake did not complete OR the three-way TCP handshake did complete but there was no enough data after the handshake to identify the application. In other words that traffic being seen is not really an application. One example is, if a client sends a server a SYN and the Palo Alto Networks device creates a session for that SYN , but the server never sends a SYN ACK back to the client, then that session is incomplete.

Question 137

Report
Export
Collapse

Which Panorama mode should be used so that all logs are sent to, and only stored in. Cortex Data Lake?

A.
Legacy
A.
Legacy
Answers
B.
Log Collector
B.
Log Collector
Answers
C.
Panorama
C.
Panorama
Answers
D.
Management Only
D.
Management Only
Answers
Suggested answer: D

Explanation:

https://docs.paloaltonetworks.com/panorama/10-2/panorama-admin/panorama- overview/panorama-modelsManagement Only mode is the only Panorama mode that allows all logs to be sent to and only stored in Cortex Data Lake. In this mode, Panorama does not store any logs locally and only acts as a management interface for the firewalls and Cortex Data Lake. The other modes either store somelogs locally (Legacy and Log Collector) or do not support Cortex Data Lake (Panorama).

Question 138

Report
Export
Collapse

An administrator has configured a pair of firewalls using high availability in Active/Passive mode. Link and Path Monitoring Is enabled with the Failure Condition set to "any." There is one link group configured containing member interfaces ethernet1/1 and ethernet1/2 with a Group Failure Condition set to "all." Which HA state will the Active firewall go into if ethernet1/1 link goes down due to a failure?

A.
Non-functional
A.
Non-functional
Answers
B.
Passive
B.
Passive
Answers
C.
Active-Secondary
C.
Active-Secondary
Answers
D.
Active
D.
Active
Answers
Suggested answer: D

Explanation:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClG7CAK

Question 139

Report
Export
Collapse

An engineer is pushing configuration from Panorama lo a managed firewall.

What happens when the pushed Panorama configuration has Address Object names that duplicate the Address Objects already configured on the firewall?

A.
The firewall rejects the pushed configuration, and the commit fails.
A.
The firewall rejects the pushed configuration, and the commit fails.
Answers
B.
The firewall renames the duplicate local objects with "-1" at the end signifying they are clones; it will update the references to the objects accordingly and fully commit the pushed configuration.
B.
The firewall renames the duplicate local objects with "-1" at the end signifying they are clones; it will update the references to the objects accordingly and fully commit the pushed configuration.
Answers
C.
The firewall fully commits all of the pushed configuration and overwrites its locally configured objects
C.
The firewall fully commits all of the pushed configuration and overwrites its locally configured objects
Answers
D.
The firewall ignores only the pushed objects that have the same name as the locally configured objects, and it will commit the rest of the pushed configuration.
D.
The firewall ignores only the pushed objects that have the same name as the locally configured objects, and it will commit the rest of the pushed configuration.
Answers
Suggested answer: A

Explanation:

it fails the commit should the local FW has the same object as the Panorama. on this docs it say"shared" https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/manage- firewalls/transition-a-firewall-to-panorama-management/ plan-the-transition-to-panorama- management

Question 140

Report
Export
Collapse

What is a correct statement regarding administrative authentication using external services with a local authorization method?

A.
Prior to PAN-OS 10.2. an administrator used the firewall to manage role assignments, but access domains have not been supported by this method.
A.
Prior to PAN-OS 10.2. an administrator used the firewall to manage role assignments, but access domains have not been supported by this method.
Answers
B.
Starting with PAN-OS 10.2. an administrator needs to configure Cloud Identity Engine to use external authentication services for administrative authentication.
B.
Starting with PAN-OS 10.2. an administrator needs to configure Cloud Identity Engine to use external authentication services for administrative authentication.
Answers
C.
The administrative accounts you define locally on the firewall serve as references to the accounts defined on an external authentication server.
C.
The administrative accounts you define locally on the firewall serve as references to the accounts defined on an external authentication server.
Answers
D.
The administrative accounts you define on an external authentication server serve as references to the accounts defined locally on the firewall.
D.
The administrative accounts you define on an external authentication server serve as references to the accounts defined locally on the firewall.
Answers
Suggested answer: C

Explanation:

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/firewall-administration/manage- firewall-administrators/administrative-authentication

Total 426 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms