ExamGecko
Login
Home / Palo Alto Networks / PCNSE / List of questions
Ask Question

Palo Alto Networks PCNSE Practice Test - Questions Answers, Page 14

Add to Whishlist

List of questions

Question 131

Report Export Collapse

Cortex XDR notifies an administrator about grayware on the endpoints. There are no entries about grayware in any of the logs of the corresponding firewall. Which setting can the administrator configure on the firewall to log grayware verdicts?

within the log forwarding profile attached to the Security policy rule
within the log forwarding profile attached to the Security policy rule
within the log settings option in the Device tab
within the log settings option in the Device tab
in WildFire General Settings, select "Report Grayware Files"
in WildFire General Settings, select "Report Grayware Files"
in Threat General Settings, select "Report Grayware Files"
in Threat General Settings, select "Report Grayware Files"
Suggested answer: C
Explanation:

https://docs.paloaltonetworks.com/wildfire/10-2/wildfire-admin/monitor-wildfire-activity/use-the- firewall-to-monitor-malware/configure-wildfire-submissions-log-settings/enable-logging-for-benign- and-grayware-samples

asked 23/09/2024
Matias Cordero Ochoa
37 questions

Question 132

Report Export Collapse

You have upgraded your Panorama and Log Collectors lo 10.2 x. Before upgrading your firewalls using Panorama, what do you need do?

Refresh your licenses with Palo Alto Network Support - Panorama/Licenses/Retrieve License Keys from License Server.
Refresh your licenses with Palo Alto Network Support - Panorama/Licenses/Retrieve License Keys from License Server.
Re-associate the firewalls in Panorama/Managed Devices/Summary.
Re-associate the firewalls in Panorama/Managed Devices/Summary.
Commit and Push the configurations to the firewalls.
Commit and Push the configurations to the firewalls.
Refresh the Mastor Key in Panorama/Master Key and Diagnostic
Refresh the Mastor Key in Panorama/Master Key and Diagnostic
Suggested answer: C
Explanation:

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-upgrade/upgrade-pan-os/upgrade-the- firewall-pan-os/upgrade-firewalls-using-panorama

asked 23/09/2024
Wilson Sigcha
34 questions

Question 133

Report Export Collapse

A network security engineer has applied a File Blocking profile to a rule with the action of Block. The user of a Linux CLI operating system has opened a ticket. The ticket states that the user is being blocked by the firewall when trying to download a TAR file. The user is getting no error response on the system.

Where is the best place to validate if the firewall is blocking the user's TAR file?

URL Filtering log
URL Filtering log
Data Filtering log
Data Filtering log
Threat log
Threat log
WildFire Submissions log
WildFire Submissions log
Suggested answer: B
Explanation:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClZ1CAK

asked 23/09/2024
An Khang Nguyen
50 questions

Question 134

Report Export Collapse

A network engineer has discovered that asymmetric routing is causing a Palo Alto Networks firewall to drop traffic. The network architecture cannot be changed to correct this.

Which two actions can be taken on the firewall to allow the dropped traffic permanently? (Choose two.)

Navigate to Network > Zone Protection Click AddSelect Packet Based Attack Protection > TCP/IP Drop Set "Reject Non-syn-TCP" to No Set "Asymmetric Path" to Bypass
Navigate to Network > Zone Protection Click AddSelect Packet Based Attack Protection > TCP/IP Drop Set "Reject Non-syn-TCP" to No Set "Asymmetric Path" to Bypass
> set session tcp-reject-non-syn no
> set session tcp-reject-non-syn no
Navigate to Network > Zone Protection Click AddSelect Packet Based Attack Protection > TCP/IP Drop Set "Reject Non-syn-TCP" to Global Set "Asymmetric Path" to Global
Navigate to Network > Zone Protection Click AddSelect Packet Based Attack Protection > TCP/IP Drop Set "Reject Non-syn-TCP" to Global Set "Asymmetric Path" to Global
# set deviceconfig setting session tcp-reject-non-syn no
# set deviceconfig setting session tcp-reject-non-syn no
Suggested answer: A, D
Explanation:

Option A is correct because setting "Reject Non-syn-TCP" to No and "Asymmetric Path" to Bypass in the Zone Protection profile disables the TCP checks that can cause the firewall to drop packets due to asymmetric routing. This allows the firewall to accept non-SYN TCP packets without a session match and packets that are out of sequence or out of window.Option D is correct because setting session tcp-reject-non-syn to no in the CLI also disables the TCP checks that can cause the firewall to drop packets due to asymmetric routing. This allows the firewall to accept non-SYN TCP packets without a session match and packets that are out of sequence or out of window.Option B is incorrect because setting session tcp-reject-non-syn to no in the CLI has the same effect as setting "Reject Non-syn-TCP" to No in the Zone Protection profile, so there is no need to do both.Also, setting "Asymmetric Path" to Global in the Zone Protection profile does not disable the TCP checks that can cause the firewall to drop packets due to asymmetric routing. It only allows the firewall to use a global timer for asymmetric path detection instead of a per-session timer.Option C is incorrect because setting "Reject Non-syn-TCP" to Global and "Asymmetric Path" to Global in the Zone Protection profile does not disable the TCP checks that can cause the firewall to drop packets due to asymmetric routing. It only allows the firewall to use a global timer for both non- SYN TCP rejection and asymmetric path detection instead of a per-session timer.Reference: 1 https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClReCAK 2 https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSHCA0

asked 23/09/2024
Edwin Daneel
35 questions

Question 135

Report Export Collapse

Which CLI command is used to determine how much disk space is allocated to logs?

show logging-status
show logging-status
show system info
show system info
debug log-receiver show
debug log-receiver show
show system logdfo-quota
show system logdfo-quota
Suggested answer: D
Explanation:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClgZCAS

asked 23/09/2024
Erik de Bont
44 questions

Question 136

Report Export Collapse

An engineer has been tasked with reviewing traffic logs to find applications the firewall is unable to identify with App-ID. Why would the application field display as incomplete?

The client sent a TCP segment with the PUSH flag set.
The client sent a TCP segment with the PUSH flag set.
The TCP connection was terminated without identifying any application data.
The TCP connection was terminated without identifying any application data.
There is insufficient application data after the TCP connection was established.
There is insufficient application data after the TCP connection was established.
The TCP connection did not fully establish.
The TCP connection did not fully establish.
Suggested answer: D
Explanation:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClibCAC Incomplete in the application field: Incomplete means that either the three-way TCP handshake did not complete OR the three-way TCP handshake did complete but there was no enough data after the handshake to identify the application. In other words that traffic being seen is not really an application. One example is, if a client sends a server a SYN and the Palo Alto Networks device creates a session for that SYN , but the server never sends a SYN ACK back to the client, then that session is incomplete.

asked 23/09/2024
Nogueira Elder
42 questions

Question 137

Report Export Collapse

Which Panorama mode should be used so that all logs are sent to, and only stored in. Cortex Data Lake?

Legacy
Legacy
Log Collector
Log Collector
Panorama
Panorama
Management Only
Management Only
Suggested answer: D
Explanation:

https://docs.paloaltonetworks.com/panorama/10-2/panorama-admin/panorama- overview/panorama-modelsManagement Only mode is the only Panorama mode that allows all logs to be sent to and only stored in Cortex Data Lake. In this mode, Panorama does not store any logs locally and only acts as a management interface for the firewalls and Cortex Data Lake. The other modes either store somelogs locally (Legacy and Log Collector) or do not support Cortex Data Lake (Panorama).

asked 23/09/2024
Billy Mitchell
32 questions

Question 138

Report Export Collapse

An administrator has configured a pair of firewalls using high availability in Active/Passive mode. Link and Path Monitoring Is enabled with the Failure Condition set to "any." There is one link group configured containing member interfaces ethernet1/1 and ethernet1/2 with a Group Failure Condition set to "all." Which HA state will the Active firewall go into if ethernet1/1 link goes down due to a failure?

Non-functional
Non-functional
Passive
Passive
Active-Secondary
Active-Secondary
Active
Active
Suggested answer: D
Explanation:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClG7CAK

asked 23/09/2024
Ali Diaz
34 questions

Question 139

Report Export Collapse

An engineer is pushing configuration from Panorama lo a managed firewall.

What happens when the pushed Panorama configuration has Address Object names that duplicate the Address Objects already configured on the firewall?

The firewall rejects the pushed configuration, and the commit fails.
The firewall rejects the pushed configuration, and the commit fails.
The firewall renames the duplicate local objects with "-1" at the end signifying they are clones; it will update the references to the objects accordingly and fully commit the pushed configuration.
The firewall renames the duplicate local objects with "-1" at the end signifying they are clones; it will update the references to the objects accordingly and fully commit the pushed configuration.
The firewall fully commits all of the pushed configuration and overwrites its locally configured objects
The firewall fully commits all of the pushed configuration and overwrites its locally configured objects
The firewall ignores only the pushed objects that have the same name as the locally configured objects, and it will commit the rest of the pushed configuration.
The firewall ignores only the pushed objects that have the same name as the locally configured objects, and it will commit the rest of the pushed configuration.
Suggested answer: A
Explanation:

it fails the commit should the local FW has the same object as the Panorama. on this docs it say"shared" https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/manage- firewalls/transition-a-firewall-to-panorama-management/ plan-the-transition-to-panorama- management

asked 23/09/2024
Serhan Azdiken
40 questions

Question 140

Report Export Collapse

What is a correct statement regarding administrative authentication using external services with a local authorization method?

Prior to PAN-OS 10.2. an administrator used the firewall to manage role assignments, but access domains have not been supported by this method.
Prior to PAN-OS 10.2. an administrator used the firewall to manage role assignments, but access domains have not been supported by this method.
Starting with PAN-OS 10.2. an administrator needs to configure Cloud Identity Engine to use external authentication services for administrative authentication.
Starting with PAN-OS 10.2. an administrator needs to configure Cloud Identity Engine to use external authentication services for administrative authentication.
The administrative accounts you define locally on the firewall serve as references to the accounts defined on an external authentication server.
The administrative accounts you define locally on the firewall serve as references to the accounts defined on an external authentication server.
The administrative accounts you define on an external authentication server serve as references to the accounts defined locally on the firewall.
The administrative accounts you define on an external authentication server serve as references to the accounts defined locally on the firewall.
Suggested answer: C
Explanation:

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/firewall-administration/manage- firewall-administrators/administrative-authentication

asked 23/09/2024
shridhar deshpande
42 questions
Total 499 questions
Go to page: of 50
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Before an administrator of a VM-500 can enable DoS and zone protection, what actions need to be taken?
Phase two of a VPN will not establish a connection. The peer is using a policy-based VPN configuration. What part of the configuration should the engineer verify'?
During the process of developing a decryption strategy and evaluating which websites are required for corporate users to access, several sites have been identified that cannot be decrypted due to technical reasons. In this case, the technical reason is unsupported ciphers. Traffic to these sites will therefore be blocked if decrypted How should the engineer proceed?
If a URL is in multiple custom URL categories with different actions, which action will take priority?
What is a correct statement regarding administrative authentication using external services with a local authorization method?
You are auditing the work of a co-worker and need to verify that they have matched the Palo Alto Networks Best Practices for Anti-Spyware Profiles. For which three severity levels should single-packet captures be enabled to meet the Best Practice standard? (Choose three.)
An administrator configures a site-to-site IPsec VPN tunnel between a PA-850 and an external customer on their policy-based VPN devices. What should an administrator configure to route interesting traffic through the VPN tunnel?
A company requires that a specific set of ciphers be used when remotely managing their Palo Alto Networks appliances. Which profile should be configured in order to achieve this?
When you navigate to Network: > GlobalProtect > Portals > Method section, which three options are available? (Choose three )
When you import the configuration of an HA pair into Panorama, how do you prevent the import from affecting ongoing traffic?