Palo Alto Networks PCNSE Practice Test - Questions Answers, Page 14

List of questions
Question 131

Cortex XDR notifies an administrator about grayware on the endpoints. There are no entries about grayware in any of the logs of the corresponding firewall. Which setting can the administrator configure on the firewall to log grayware verdicts?
https://docs.paloaltonetworks.com/wildfire/10-2/wildfire-admin/monitor-wildfire-activity/use-the- firewall-to-monitor-malware/configure-wildfire-submissions-log-settings/enable-logging-for-benign- and-grayware-samples
Question 132

You have upgraded your Panorama and Log Collectors lo 10.2 x. Before upgrading your firewalls using Panorama, what do you need do?
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-upgrade/upgrade-pan-os/upgrade-the- firewall-pan-os/upgrade-firewalls-using-panorama
Question 133

A network security engineer has applied a File Blocking profile to a rule with the action of Block. The user of a Linux CLI operating system has opened a ticket. The ticket states that the user is being blocked by the firewall when trying to download a TAR file. The user is getting no error response on the system.
Where is the best place to validate if the firewall is blocking the user's TAR file?
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClZ1CAK
Question 134

A network engineer has discovered that asymmetric routing is causing a Palo Alto Networks firewall to drop traffic. The network architecture cannot be changed to correct this.
Which two actions can be taken on the firewall to allow the dropped traffic permanently? (Choose two.)
Option A is correct because setting "Reject Non-syn-TCP" to No and "Asymmetric Path" to Bypass in the Zone Protection profile disables the TCP checks that can cause the firewall to drop packets due to asymmetric routing. This allows the firewall to accept non-SYN TCP packets without a session match and packets that are out of sequence or out of window.Option D is correct because setting session tcp-reject-non-syn to no in the CLI also disables the TCP checks that can cause the firewall to drop packets due to asymmetric routing. This allows the firewall to accept non-SYN TCP packets without a session match and packets that are out of sequence or out of window.Option B is incorrect because setting session tcp-reject-non-syn to no in the CLI has the same effect as setting "Reject Non-syn-TCP" to No in the Zone Protection profile, so there is no need to do both.Also, setting "Asymmetric Path" to Global in the Zone Protection profile does not disable the TCP checks that can cause the firewall to drop packets due to asymmetric routing. It only allows the firewall to use a global timer for asymmetric path detection instead of a per-session timer.Option C is incorrect because setting "Reject Non-syn-TCP" to Global and "Asymmetric Path" to Global in the Zone Protection profile does not disable the TCP checks that can cause the firewall to drop packets due to asymmetric routing. It only allows the firewall to use a global timer for both non- SYN TCP rejection and asymmetric path detection instead of a per-session timer.Reference: 1 https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClReCAK 2 https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSHCA0
Question 135

Which CLI command is used to determine how much disk space is allocated to logs?
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClgZCAS
Question 136

An engineer has been tasked with reviewing traffic logs to find applications the firewall is unable to identify with App-ID. Why would the application field display as incomplete?
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClibCAC Incomplete in the application field: Incomplete means that either the three-way TCP handshake did not complete OR the three-way TCP handshake did complete but there was no enough data after the handshake to identify the application. In other words that traffic being seen is not really an application. One example is, if a client sends a server a SYN and the Palo Alto Networks device creates a session for that SYN , but the server never sends a SYN ACK back to the client, then that session is incomplete.
Question 137

Which Panorama mode should be used so that all logs are sent to, and only stored in. Cortex Data Lake?
https://docs.paloaltonetworks.com/panorama/10-2/panorama-admin/panorama- overview/panorama-modelsManagement Only mode is the only Panorama mode that allows all logs to be sent to and only stored in Cortex Data Lake. In this mode, Panorama does not store any logs locally and only acts as a management interface for the firewalls and Cortex Data Lake. The other modes either store somelogs locally (Legacy and Log Collector) or do not support Cortex Data Lake (Panorama).
Question 138

An administrator has configured a pair of firewalls using high availability in Active/Passive mode. Link and Path Monitoring Is enabled with the Failure Condition set to "any." There is one link group configured containing member interfaces ethernet1/1 and ethernet1/2 with a Group Failure Condition set to "all." Which HA state will the Active firewall go into if ethernet1/1 link goes down due to a failure?
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClG7CAK
Question 139

An engineer is pushing configuration from Panorama lo a managed firewall.
What happens when the pushed Panorama configuration has Address Object names that duplicate the Address Objects already configured on the firewall?
it fails the commit should the local FW has the same object as the Panorama. on this docs it say"shared" https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/manage- firewalls/transition-a-firewall-to-panorama-management/ plan-the-transition-to-panorama- management
Question 140

What is a correct statement regarding administrative authentication using external services with a local authorization method?
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/firewall-administration/manage- firewall-administrators/administrative-authentication
Question