Palo Alto Networks PCNSE Practice Test - Questions Answers, Page 17
List of questions
Question 161

An administrator has left a firewall to use the default port for all management services. Which three functions are performed by the dataplane?
Question 162

Which two events trigger the operation of automatic commit recovery? (Choose two.)
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-new-features/panoramafeatures/automatic-panorama-connection-recovery.htmlAutomatic commit recovery allows you to configure the firewall to attempt a specified number ofconnectivity tests after:
1- you push a configuration from Panorama or
2- commit a configuration change locally on the firewall.
Additionally, the firewall checks connectivity to Panorama every hour to ensure consistent communication in the event unrelated network configuration changes have disrupted connectivity between the firewall and Panorama or if implications to a pushed committed configuration may have affected connectivity.
Question 163

Panorama provides which two SD-WAN functions? (Choose two.)
https://www.paloaltonetworks.com/resources/guides/sd-wan-architecture-guide
https://docs.paloaltonetworks.com/sd-wan/1-0/sd-wan-admin/sd-wan-overview/about-sdwan.html
(Network Monitoring & Control Plane). Data plane & Physical Interfaces are directly taken care through Firewalls where SD WAN is enabled.
Question 164

A users traffic traversing a Palo Alto networks NGFW sometimes can reach http //www company comAt other times the session times out. At other times the session times out The NGFW has beenconfigured with a PBF rule that the user traffic matches when it goes to http://www.company.comgoes to http://www company comHow can the firewall be configured to automatically disable the PBF rule if the next hop goes down?
Question 165

The Aggregate Ethernet interface is showing down on a passive PA-7050 firewall of an active/passive HA pair. The HA Passive Link State is set to "Auto" under Device > High Availability > General > Active/Passive Settings. The AE interface is configured with LACP enabled and is up only on the active firewall.
Why is the AE interface showing down on the passive firewall?
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/high-availability/set-up- activepassive-ha/configure-activepassive-ha
Question 166

An engineer needs to configure SSL Forward Proxy to decrypt traffic on a PA-5260. The engineer uses a forward trust certificate from the enterprise PKI that expires December 31, 2025. The validity date on the PA-generated certificate is taken from what?
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm8wCA"The validity date on the Palo Alto Networks firewall generated certificate is taken from the validity date on the real server certificate."
Question 167

Refer to the exhibit.
Based on the screenshots above what is the correct order in which the various rules are deployed to firewalls inside the DATACENTER_DG device group?
Question 168

How can Panorama help with troubleshooting problems such as high CPU or resource exhaustion on a managed firewall?
Panorama can help with troubleshooting problems such as high CPU or resource exhaustion on a managed firewall by providing information about system resources of the managed devices in the Managed Devices > Health menu. This is explained in the Palo Alto Networks PCNSE Study Guide in Chapter 13: Panorama, under the section "Monitoring Managed Firewalls with Panorama": "The Panorama web interface provides information about the system resources of the managed devices. In the Managed Devices > Health menu, you can view the CPU, memory, and disk usage of each managed device. This information can help you troubleshoot problems such as high CPU or resource exhaustion on a managed firewall."
Question 169

Four configuration choices are listed, and each could be used to block access to a specific URL II you configured each choice to block the same URL, then which choice would be evaluated last in the processing order to block access to the URL1?
Question 170

After configuring HA in Active/Passive mode on a pair of firewalls the administrator gets a failed commit with the following details.
What are two s for this type of issue? (Choose two)
Cause The issue is seen when the HA1-backup is configured with either management (MGT) or an in- band interface. The "Backup Peer HA1 IP Address" is not configured : https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?
id=kA14u0000008UmPCAU&lang=e n_US%E2%80%A9
Question