ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSE

Palo Alto Networks PCNSE Practice Test - Questions Answers, Page 18

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

If a URL is in multiple custom URL categories with different actions, which action will take priority?
When you navigate to Network: > GlobalProtect > Portals > Method section, which three options are available? (Choose three )
A network security engineer is attempting to peer a virtual router on a PAN-OS firewall with an external router using the BGP protocol. The peer relationship is not establishing. What command could the engineer run to see the current state of the BGP state between the two devices?
Which type of policy in Palo Alto Networks firewalls can use Device-ID as a match condition?
Based on the screenshots above, and with no configuration inside the Template Stack itself, what access will the device permit on its Management port?
A firewall administrator has been tasked with ensuring that all firewalls forward System logs to Panorama. In which section is this configured?
DRAG DROP An engineer is troubleshooting traffic routing through the virtual router. The firewall uses multiple routing protocols, and the engineer is trying to determine routing priority Match the default Administrative Distances for each routing protocol.
An administrator analyzes the following portion of a VPN system log and notices the following issue "Received local id 10 10 1 4/24 type IPv4 address protocol 0 port 0, received remote id 10.1.10.4/24 type IPv4 address protocol 0 port 0." What is the cause of the issue?
A network security engineer must implement Quality of Service policies to ensure specific levels of delivery guarantees for various applications in the environment They want to ensure that they know as much as they can about QoS before deploying. Which statement about the QoS feature is correct?
Using multiple templates in a stack to manage many firewalls provides which two advantages? (Choose two.)

Question 171

Report
Export
Collapse

A company with already deployed Palo Alto firewalls has purchased their first Panorama server. The security team has already configured all firewalls with the Panorama IP address and added all the firewall serial numbers in Panoram a.

What are the next steps to migrate configuration from the firewalls to Panorama?

A.
Use API calls to retrieve the configuration directly from the managed devices
A.
Use API calls to retrieve the configuration directly from the managed devices
Answers
B.
Export Named Configuration Snapshot on each firewall followed by Import Named Configuration Snapshot in Panorama
B.
Export Named Configuration Snapshot on each firewall followed by Import Named Configuration Snapshot in Panorama
Answers
C.
import Device Configuration to Panorama followed by Export or Push Device Config Bundle
C.
import Device Configuration to Panorama followed by Export or Push Device Config Bundle
Answers
D.
Use the Firewall Migration plugin to retrieve the configuration directly from the managed devices
D.
Use the Firewall Migration plugin to retrieve the configuration directly from the managed devices
Answers
Suggested answer: C

Explanation:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CloRCAS

Question 172

Report
Export
Collapse

Which log type would provide information about traffic blocked by a Zone Protection profile?

A.
Data Filtering
A.
Data Filtering
Answers
B.
IP-Tag
B.
IP-Tag
Answers
C.
Traffic
C.
Traffic
Answers
D.
Threat
D.
Threat
Answers
Suggested answer: D

Explanation:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clm9CACZone Protection profile is a set of security policies that you can apply to an interface or zone to protect it from reconnaissance, flooding, brute force, and other types of attacks.The log type that would provide information about traffic blocked by a Zone Protection profileis Threat4. This log type records events such as packet-based attacks, spyware, viruses, vulnerability exploits, and URL filtering.

Question 173

Report
Export
Collapse

An engineer is creating a template and wants to use variables to standardize the configuration across a large number of devices Which Mo variable types can be defined? (Choose two.)

A.
Path group
A.
Path group
Answers
B.
Zone
B.
Zone
Answers
C.
IP netmask
C.
IP netmask
Answers
D.
FQDN
D.
FQDN
Answers
Suggested answer: C, D

Explanation:

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-web-interface-help/panorama-web- interface/panorama-templates/panorama-templates-template-variable

Question 174

Report
Export
Collapse

An engineer is bootstrapping a VM-Series Firewall Other than the 'config folder, which three directories are mandatory as part of the bootstrap package directory structure? (Choose three.)

A.
/software
A.
/software
Answers
B.
/opt
B.
/opt
Answers
C.
/license
C.
/license
Answers
D.
/content
D.
/content
Answers
E.
/plugins
E.
/plugins
Answers
Suggested answer: A, C, D

Explanation:

https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/bootstrap-the-vm-series- firewall/prepare-the-bootstrap-package

Question 175

Report
Export
Collapse

Review the screenshot of the Certificates page.

An administrator tor a small LLC has created a series of certificates as shown, to use tor a planned Decryption roll out The administrator has also installed the sell-signed root certificate <n all client systems When testing, they noticed that every time a user visited an SSL site they received unsecured website warnings What is the cause of the unsecured website warnings.

A.
The forward trust certificate has not been signed by the set-singed root CA certificate
A.
The forward trust certificate has not been signed by the set-singed root CA certificate
Answers
B.
The self-signed CA certificate has the same CN as the forward trust and untrust certificates
B.
The self-signed CA certificate has the same CN as the forward trust and untrust certificates
Answers
C.
The forward untrust certificate has not been signed by the self-singed root CA certificate
C.
The forward untrust certificate has not been signed by the self-singed root CA certificate
Answers
D.
The forward trust certificate has not been installed in client systems
D.
The forward trust certificate has not been installed in client systems
Answers
Suggested answer: A

Explanation:

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/decryption/configure-ssl-forward- proxy

Question 176

Report
Export
Collapse

Which statement about High Availability timer settings is true?

A.
Use the Moderate timer for typical failover timer settings.
A.
Use the Moderate timer for typical failover timer settings.
Answers
B.
Use the Critical timer for taster failover timer settings.
B.
Use the Critical timer for taster failover timer settings.
Answers
C.
Use the Recommended timer for faster failover timer settings.
C.
Use the Recommended timer for faster failover timer settings.
Answers
D.
Use the Aggressive timer for taster failover timer settings
D.
Use the Aggressive timer for taster failover timer settings
Answers
Suggested answer: B

Explanation:


Question 177

Report
Export
Collapse

What are two best practices for incorporating new and modified App-IDs? (Choose two)

A.
Configure a security policy rule to allow new App-lDs that might have network-wide impact
A.
Configure a security policy rule to allow new App-lDs that might have network-wide impact
Answers
B.
Study the release notes and install new App-IDs if they are determined to have low impact
B.
Study the release notes and install new App-IDs if they are determined to have low impact
Answers
C.
Perform a Best Practice Assessment to evaluate the impact or the new or modified App-IDs
C.
Perform a Best Practice Assessment to evaluate the impact or the new or modified App-IDs
Answers
D.
Run the latest PAN-OS version in a supported release tree to have the best performance for the new App-IDs
D.
Run the latest PAN-OS version in a supported release tree to have the best performance for the new App-IDs
Answers
Suggested answer: A, B

Explanation:

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-upgrade/software-and-content- updates/best-practices-for-app-and-threat-content-updates/best-practices-security- first#id184AH00F06E

Question 178

Report
Export
Collapse

Which three firewall multi-factor authentication factors are supported by PAN-OS? (Choose three)

A.
SSH key
A.
SSH key
Answers
B.
User logon
B.
User logon
Answers
C.
Short message service
C.
Short message service
Answers
D.
One-Time Password
D.
One-Time Password
Answers
E.
Push
E.
Push
Answers
Suggested answer: B, D, E

Explanation:

According to Palo Alto Networks documentation123, multi-factor authentication (MFA) is a methodof verifying a user's identity using two or more factors, such as something they know, something they have, or something they are.The firewall supports MFA for administrative access, GlobalProtect VPN access, and Captive Portal access. The firewall can integrate with external MFA providers such as RSA SecurID, Duo Security, or Okta Verify.The three firewall MFA factors that are supported by PAN-OS are: User logon: This is something the user knows, such as a username and password.One-Time Password: This is something the user has, such as a code generated by an app or sent by email or

SMS.Push: This is something the user is, such as a biometric verification or a device approval.

Question 179

Report
Export
Collapse

An engineer has been given approval to upgrade their environment 10 PAN-OS 10 2 The environment consists of both physical and virtual firewalls a virtual Panorama HA pair, and virtual log collectors What is the recommended order when upgrading to PAN-OS 10.2?

A.
Upgrade Panorama, upgrade the log collectors, upgrade the firewalls
A.
Upgrade Panorama, upgrade the log collectors, upgrade the firewalls
Answers
B.
Upgrade the firewalls upgrade log collectors, upgrade Panorama
B.
Upgrade the firewalls upgrade log collectors, upgrade Panorama
Answers
C.
Upgrade the firewalls upgrade Panorama, upgrade the log collectors
C.
Upgrade the firewalls upgrade Panorama, upgrade the log collectors
Answers
D.
Upgrade the log collectors, upgrade the firewalls, upgrade Panorama
D.
Upgrade the log collectors, upgrade the firewalls, upgrade Panorama
Answers
Suggested answer: A

Explanation:

Make sure Panorama is running the same or a later PAN-OS version than you are upgrading to. You must upgrade Panorama and its Log Collectors to 10.2 before upgrading the managed firewalls to this version. In addition, when upgrading Log Collectors to 10.2, you must upgrade all Log Collectors at the same time due to changes in the logging infrastructure. https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-upgrade/upgrade-pan-os/upgrade-the-firewall-pan-os/upgrade-firewalls-using- panorama

Question 180

Report
Export
Collapse

Which benefit do policy rule UUlDs provide?

A.
An audit trail across a policy's lifespan
A.
An audit trail across a policy's lifespan
Answers
B.
Functionality for scheduling policy actions
B.
Functionality for scheduling policy actions
Answers
C.
The use of user IP mapping and groups in policies
C.
The use of user IP mapping and groups in policies
Answers
D.
Cloning of policies between device-groups
D.
Cloning of policies between device-groups
Answers
Suggested answer: A

Explanation:

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/policy/enumeration-of-rules-within- a-rulebase To keep track of rules within a rulebase, you can refer to the rule number, which changes depending on the order of a rule in the rulebase. The rule number determines the order in which the firewall applies the rule. The universally unique identifier (UUID) for a rule never changes even if you modify the rule, such as when you change the rule name. The UUID allows you to track the rule across rule bases even after you deleted the rule.

Total 426 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms