ExamGecko
Login
Home / Palo Alto Networks / PCNSE / List of questions
Ask Question

Palo Alto Networks PCNSE Practice Test - Questions Answers, Page 17

List of questions

Question 161

Report Export Collapse

An administrator has left a firewall to use the default port for all management services. Which three functions are performed by the dataplane?

NTP
NTP
Antivirus
Antivirus
Wildfire updates
Wildfire updates
NAT
NAT
File tracking
File tracking
Suggested answer: A, C, D
asked 23/09/2024
Jose Walter
37 questions

Question 162

Report Export Collapse

Which two events trigger the operation of automatic commit recovery? (Choose two.)

when an aggregate Ethernet interface component fails
when an aggregate Ethernet interface component fails
when Panorama pushes a configuration
when Panorama pushes a configuration
when a firewall HA pair fails over
when a firewall HA pair fails over
when a firewall performs a local commit
when a firewall performs a local commit
Suggested answer: B, D
Explanation:

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-new-features/panoramafeatures/automatic-panorama-connection-recovery.htmlAutomatic commit recovery allows you to configure the firewall to attempt a specified number ofconnectivity tests after:

1- you push a configuration from Panorama or

2- commit a configuration change locally on the firewall.

Additionally, the firewall checks connectivity to Panorama every hour to ensure consistent communication in the event unrelated network configuration changes have disrupted connectivity between the firewall and Panorama or if implications to a pushed committed configuration may have affected connectivity.

asked 23/09/2024
Salvatore Andrisani
45 questions

Question 163

Report Export Collapse

Panorama provides which two SD-WAN functions? (Choose two.)

data plane
data plane
physical network links
physical network links
network monitoring
network monitoring
control plane
control plane
Suggested answer: C, D
Explanation:

https://www.paloaltonetworks.com/resources/guides/sd-wan-architecture-guide

https://docs.paloaltonetworks.com/sd-wan/1-0/sd-wan-admin/sd-wan-overview/about-sdwan.html

(Network Monitoring & Control Plane). Data plane & Physical Interfaces are directly taken care through Firewalls where SD WAN is enabled.

asked 23/09/2024
Ramon Pasay
43 questions

Question 164

Report Export Collapse

A users traffic traversing a Palo Alto networks NGFW sometimes can reach http //www company comAt other times the session times out. At other times the session times out The NGFW has beenconfigured with a PBF rule that the user traffic matches when it goes to http://www.company.comgoes to http://www company comHow can the firewall be configured to automatically disable the PBF rule if the next hop goes down?

Create and add a monitor profile with an action of fail over in the PBF rule in question
Create and add a monitor profile with an action of fail over in the PBF rule in question
Create and add a monitor profile with an action of wait recover in the PBF rule in question
Create and add a monitor profile with an action of wait recover in the PBF rule in question
Configure path monitoring for the next hop gateway on the default route in the virtual router
Configure path monitoring for the next hop gateway on the default route in the virtual router
Enable and configure a link monitoring profile for the external interface of the firewall
Enable and configure a link monitoring profile for the external interface of the firewall
Suggested answer: A
asked 23/09/2024
Sander Verheijen
39 questions

Question 165

Report Export Collapse

The Aggregate Ethernet interface is showing down on a passive PA-7050 firewall of an active/passive HA pair. The HA Passive Link State is set to "Auto" under Device > High Availability > General > Active/Passive Settings. The AE interface is configured with LACP enabled and is up only on the active firewall.

Why is the AE interface showing down on the passive firewall?

It does not perform pre-negotiation LACP unless "Enable in HA Passive State" is selected under the High Availability Options on the LACP tab of the AE Interface.
It does not perform pre-negotiation LACP unless "Enable in HA Passive State" is selected under the High Availability Options on the LACP tab of the AE Interface.
It does not participate in LACP negotiation unless Fast Failover is selected under the Enable LACP selection on the LACP tab of the AE Interface.
It does not participate in LACP negotiation unless Fast Failover is selected under the Enable LACP selection on the LACP tab of the AE Interface.
It participates in LACP negotiation when Fast is selected for Transmission Rate under the Enable LACP selection on the LACP tab of the AE Interface.
It participates in LACP negotiation when Fast is selected for Transmission Rate under the Enable LACP selection on the LACP tab of the AE Interface.
It performs pre-negotiation of LACP when the mode Passive is selected under the Enable LACP selection on the LACP tab of the AE Interface.
It performs pre-negotiation of LACP when the mode Passive is selected under the Enable LACP selection on the LACP tab of the AE Interface.
Suggested answer: A
Explanation:

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/high-availability/set-up- activepassive-ha/configure-activepassive-ha

asked 23/09/2024
Pedro Pereira
43 questions

Question 166

Report Export Collapse

An engineer needs to configure SSL Forward Proxy to decrypt traffic on a PA-5260. The engineer uses a forward trust certificate from the enterprise PKI that expires December 31, 2025. The validity date on the PA-generated certificate is taken from what?

The trusted certificate
The trusted certificate
The server certificate
The server certificate
The untrusted certificate
The untrusted certificate
The root CA
The root CA
Suggested answer: B
Explanation:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm8wCA"The validity date on the Palo Alto Networks firewall generated certificate is taken from the validity date on the real server certificate."

asked 23/09/2024
Mary Andreou
49 questions

Question 167

Report Export Collapse

Refer to the exhibit.

Palo Alto Networks PCNSE image Question 167 54404 09232024001219000000

Based on the screenshots above what is the correct order in which the various rules are deployed to firewalls inside the DATACENTER_DG device group?

shared pre-rulesDATACENTER DG pre rulesrules configured locally on the firewallshared post-rulesDATACENTER_DG post-rulesDATACENTER.DG default rules
shared pre-rulesDATACENTER DG pre rulesrules configured locally on the firewallshared post-rulesDATACENTER_DG post-rulesDATACENTER.DG default rules
shared pre-rulesDATACENTER_DG pre-rulesrules configured locally on the firewallshared post-rulesDATACENTER.DG post-rulesshared default rules
shared pre-rulesDATACENTER_DG pre-rulesrules configured locally on the firewallshared post-rulesDATACENTER.DG post-rulesshared default rules
shared pre-rulesDATACENTER_DG pre-rulesrules configured locally on the firewallDATACENTER_DG post-rulesshared post-rulesshared default rules
shared pre-rulesDATACENTER_DG pre-rulesrules configured locally on the firewallDATACENTER_DG post-rulesshared post-rulesshared default rules
shared pre-rulesDATACENTER_DG pre-rulesrules configured locally on the firewallDATACENTER_DG post-rulesshared post-rulesDATACENTER_DG default rules
shared pre-rulesDATACENTER_DG pre-rulesrules configured locally on the firewallDATACENTER_DG post-rulesshared post-rulesDATACENTER_DG default rules
Suggested answer: A
asked 23/09/2024
Michael Bodine
32 questions

Question 168

Report Export Collapse

How can Panorama help with troubleshooting problems such as high CPU or resource exhaustion on a managed firewall?

Firewalls send SNMP traps to Panorama when resource exhaustion is detected Panorama generates a system log and can send email alerts
Firewalls send SNMP traps to Panorama when resource exhaustion is detected Panorama generates a system log and can send email alerts
Panorama provides visibility into all the system and traffic logs received from firewalls it does not offer any ability to see or monitor resource utilization on managed firewalls
Panorama provides visibility into all the system and traffic logs received from firewalls it does not offer any ability to see or monitor resource utilization on managed firewalls
Panorama monitors all firewalls using SNMP It generates a system log and can send email alerts when resource exhaustion is detected on a managed firewall
Panorama monitors all firewalls using SNMP It generates a system log and can send email alerts when resource exhaustion is detected on a managed firewall
Panorama provides information about system resources of the managed devices in the Managed Devices > Health menu
Panorama provides information about system resources of the managed devices in the Managed Devices > Health menu
Suggested answer: D
Explanation:

Panorama can help with troubleshooting problems such as high CPU or resource exhaustion on a managed firewall by providing information about system resources of the managed devices in the Managed Devices > Health menu. This is explained in the Palo Alto Networks PCNSE Study Guide in Chapter 13: Panorama, under the section "Monitoring Managed Firewalls with Panorama": "The Panorama web interface provides information about the system resources of the managed devices. In the Managed Devices > Health menu, you can view the CPU, memory, and disk usage of each managed device. This information can help you troubleshoot problems such as high CPU or resource exhaustion on a managed firewall."

asked 23/09/2024
Dennis Rodrigues
25 questions

Question 169

Report Export Collapse

Four configuration choices are listed, and each could be used to block access to a specific URL II you configured each choice to block the same URL, then which choice would be evaluated last in the processing order to block access to the URL1?

PAN-DB URL category in URL Filtering profile
PAN-DB URL category in URL Filtering profile
Custom URL category in Security policy rule
Custom URL category in Security policy rule
Custom URL category in URL Filtering profile
Custom URL category in URL Filtering profile
EDL in URL Filtering profile
EDL in URL Filtering profile
Suggested answer: A
Explanation:


asked 23/09/2024
Oky ramadhani
48 questions

Question 170

Report Export Collapse

After configuring HA in Active/Passive mode on a pair of firewalls the administrator gets a failed commit with the following details.

Palo Alto Networks PCNSE image Question 170 54407 09232024001219000000

What are two s for this type of issue? (Choose two)

The peer IP is not included in the permit list on Management Interface Settings
The peer IP is not included in the permit list on Management Interface Settings
The Backup Peer HA1 IP Address was not configured when the commit was issued
The Backup Peer HA1 IP Address was not configured when the commit was issued
Either management or a data-plane interface is used as HA1-backup
Either management or a data-plane interface is used as HA1-backup
One of the firewalls has gone into the suspended state
One of the firewalls has gone into the suspended state
Suggested answer: B, C
Explanation:

Cause The issue is seen when the HA1-backup is configured with either management (MGT) or an in- band interface. The "Backup Peer HA1 IP Address" is not configured : https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?

id=kA14u0000008UmPCAU&lang=e n_US%E2%80%A9

asked 23/09/2024
Sergey Ushakov
38 questions
Total 470 questions
Go to page: of 47
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Before an administrator of a VM-500 can enable DoS and zone protection, what actions need to be taken?
Phase two of a VPN will not establish a connection. The peer is using a policy-based VPN configuration. What part of the configuration should the engineer verify'?
During the process of developing a decryption strategy and evaluating which websites are required for corporate users to access, several sites have been identified that cannot be decrypted due to technical reasons. In this case, the technical reason is unsupported ciphers. Traffic to these sites will therefore be blocked if decrypted How should the engineer proceed?
If a URL is in multiple custom URL categories with different actions, which action will take priority?
What is a correct statement regarding administrative authentication using external services with a local authorization method?
You are auditing the work of a co-worker and need to verify that they have matched the Palo Alto Networks Best Practices for Anti-Spyware Profiles. For which three severity levels should single-packet captures be enabled to meet the Best Practice standard? (Choose three.)
An administrator configures a site-to-site IPsec VPN tunnel between a PA-850 and an external customer on their policy-based VPN devices. What should an administrator configure to route interesting traffic through the VPN tunnel?
A company requires that a specific set of ciphers be used when remotely managing their Palo Alto Networks appliances. Which profile should be configured in order to achieve this?
When you navigate to Network: > GlobalProtect > Portals > Method section, which three options are available? (Choose three )
When you import the configuration of an HA pair into Panorama, how do you prevent the import from affecting ongoing traffic?