ExamGecko
Login
Home / Palo Alto Networks / PCNSE / List of questions
Ask Question

Palo Alto Networks PCNSE Practice Test - Questions Answers, Page 18

List of questions

Question 171

Report Export Collapse

A company with already deployed Palo Alto firewalls has purchased their first Panorama server. The security team has already configured all firewalls with the Panorama IP address and added all the firewall serial numbers in Panoram a.

What are the next steps to migrate configuration from the firewalls to Panorama?

Use API calls to retrieve the configuration directly from the managed devices
Use API calls to retrieve the configuration directly from the managed devices
Export Named Configuration Snapshot on each firewall followed by Import Named Configuration Snapshot in Panorama
Export Named Configuration Snapshot on each firewall followed by Import Named Configuration Snapshot in Panorama
import Device Configuration to Panorama followed by Export or Push Device Config Bundle
import Device Configuration to Panorama followed by Export or Push Device Config Bundle
Use the Firewall Migration plugin to retrieve the configuration directly from the managed devices
Use the Firewall Migration plugin to retrieve the configuration directly from the managed devices
Suggested answer: C
Explanation:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CloRCAS

asked 23/09/2024
George Sanchez
42 questions

Question 172

Report Export Collapse

Which log type would provide information about traffic blocked by a Zone Protection profile?

Data Filtering
Data Filtering
IP-Tag
IP-Tag
Traffic
Traffic
Threat
Threat
Suggested answer: D
Explanation:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clm9CACZone Protection profile is a set of security policies that you can apply to an interface or zone to protect it from reconnaissance, flooding, brute force, and other types of attacks.The log type that would provide information about traffic blocked by a Zone Protection profileis Threat4. This log type records events such as packet-based attacks, spyware, viruses, vulnerability exploits, and URL filtering.

asked 23/09/2024
Sergio Pena Ochoa
42 questions

Question 173

Report Export Collapse

An engineer is creating a template and wants to use variables to standardize the configuration across a large number of devices Which Mo variable types can be defined? (Choose two.)

Path group
Path group
Zone
Zone
IP netmask
IP netmask
FQDN
FQDN
Suggested answer: C, D
Explanation:

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-web-interface-help/panorama-web- interface/panorama-templates/panorama-templates-template-variable

asked 23/09/2024
David Rossi
34 questions

Question 174

Report Export Collapse

An engineer is bootstrapping a VM-Series Firewall Other than the 'config folder, which three directories are mandatory as part of the bootstrap package directory structure? (Choose three.)

/software
/software
/opt
/opt
/license
/license
/content
/content
/plugins
/plugins
Suggested answer: A, C, D
Explanation:

https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/bootstrap-the-vm-series- firewall/prepare-the-bootstrap-package

asked 23/09/2024
Tyler Raymond
44 questions

Question 175

Report Export Collapse

Review the screenshot of the Certificates page.

Palo Alto Networks PCNSE image Question 175 54412 09232024001219000000

An administrator tor a small LLC has created a series of certificates as shown, to use tor a planned Decryption roll out The administrator has also installed the sell-signed root certificate <n all client systems When testing, they noticed that every time a user visited an SSL site they received unsecured website warnings What is the cause of the unsecured website warnings.

The forward trust certificate has not been signed by the set-singed root CA certificate
The forward trust certificate has not been signed by the set-singed root CA certificate
The self-signed CA certificate has the same CN as the forward trust and untrust certificates
The self-signed CA certificate has the same CN as the forward trust and untrust certificates
The forward untrust certificate has not been signed by the self-singed root CA certificate
The forward untrust certificate has not been signed by the self-singed root CA certificate
The forward trust certificate has not been installed in client systems
The forward trust certificate has not been installed in client systems
Suggested answer: A
Explanation:

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/decryption/configure-ssl-forward- proxy

asked 23/09/2024
Dustin Roberts
49 questions

Question 176

Report Export Collapse

Which statement about High Availability timer settings is true?

Use the Moderate timer for typical failover timer settings.
Use the Moderate timer for typical failover timer settings.
Use the Critical timer for taster failover timer settings.
Use the Critical timer for taster failover timer settings.
Use the Recommended timer for faster failover timer settings.
Use the Recommended timer for faster failover timer settings.
Use the Aggressive timer for taster failover timer settings
Use the Aggressive timer for taster failover timer settings
Suggested answer: B
Explanation:


asked 23/09/2024
EDMARCIO S BRITO
29 questions

Question 177

Report Export Collapse

What are two best practices for incorporating new and modified App-IDs? (Choose two)

Configure a security policy rule to allow new App-lDs that might have network-wide impact
Configure a security policy rule to allow new App-lDs that might have network-wide impact
Study the release notes and install new App-IDs if they are determined to have low impact
Study the release notes and install new App-IDs if they are determined to have low impact
Perform a Best Practice Assessment to evaluate the impact or the new or modified App-IDs
Perform a Best Practice Assessment to evaluate the impact or the new or modified App-IDs
Run the latest PAN-OS version in a supported release tree to have the best performance for the new App-IDs
Run the latest PAN-OS version in a supported release tree to have the best performance for the new App-IDs
Suggested answer: A, B
Explanation:

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-upgrade/software-and-content- updates/best-practices-for-app-and-threat-content-updates/best-practices-security- first#id184AH00F06E

asked 23/09/2024
Fthcx Fgghn
40 questions

Question 178

Report Export Collapse

Which three firewall multi-factor authentication factors are supported by PAN-OS? (Choose three)

SSH key
SSH key
User logon
User logon
Short message service
Short message service
One-Time Password
One-Time Password
Push
Push
Suggested answer: B, D, E
Explanation:

According to Palo Alto Networks documentation123, multi-factor authentication (MFA) is a methodof verifying a user's identity using two or more factors, such as something they know, something they have, or something they are.The firewall supports MFA for administrative access, GlobalProtect VPN access, and Captive Portal access. The firewall can integrate with external MFA providers such as RSA SecurID, Duo Security, or Okta Verify.The three firewall MFA factors that are supported by PAN-OS are: User logon: This is something the user knows, such as a username and password.One-Time Password: This is something the user has, such as a code generated by an app or sent by email or

SMS.Push: This is something the user is, such as a biometric verification or a device approval.

asked 23/09/2024
Martin Simmons
40 questions

Question 179

Report Export Collapse

An engineer has been given approval to upgrade their environment 10 PAN-OS 10 2 The environment consists of both physical and virtual firewalls a virtual Panorama HA pair, and virtual log collectors What is the recommended order when upgrading to PAN-OS 10.2?

Upgrade Panorama, upgrade the log collectors, upgrade the firewalls
Upgrade Panorama, upgrade the log collectors, upgrade the firewalls
Upgrade the firewalls upgrade log collectors, upgrade Panorama
Upgrade the firewalls upgrade log collectors, upgrade Panorama
Upgrade the firewalls upgrade Panorama, upgrade the log collectors
Upgrade the firewalls upgrade Panorama, upgrade the log collectors
Upgrade the log collectors, upgrade the firewalls, upgrade Panorama
Upgrade the log collectors, upgrade the firewalls, upgrade Panorama
Suggested answer: A
Explanation:

Make sure Panorama is running the same or a later PAN-OS version than you are upgrading to. You must upgrade Panorama and its Log Collectors to 10.2 before upgrading the managed firewalls to this version. In addition, when upgrading Log Collectors to 10.2, you must upgrade all Log Collectors at the same time due to changes in the logging infrastructure. https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-upgrade/upgrade-pan-os/upgrade-the-firewall-pan-os/upgrade-firewalls-using- panorama

asked 23/09/2024
mohammed zakir
42 questions

Question 180

Report Export Collapse

Which benefit do policy rule UUlDs provide?

An audit trail across a policy's lifespan
An audit trail across a policy's lifespan
Functionality for scheduling policy actions
Functionality for scheduling policy actions
The use of user IP mapping and groups in policies
The use of user IP mapping and groups in policies
Cloning of policies between device-groups
Cloning of policies between device-groups
Suggested answer: A
Explanation:

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/policy/enumeration-of-rules-within- a-rulebase To keep track of rules within a rulebase, you can refer to the rule number, which changes depending on the order of a rule in the rulebase. The rule number determines the order in which the firewall applies the rule. The universally unique identifier (UUID) for a rule never changes even if you modify the rule, such as when you change the rule name. The UUID allows you to track the rule across rule bases even after you deleted the rule.

asked 23/09/2024
Brian Bell
47 questions
Total 470 questions
Go to page: of 47
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Before an administrator of a VM-500 can enable DoS and zone protection, what actions need to be taken?
Phase two of a VPN will not establish a connection. The peer is using a policy-based VPN configuration. What part of the configuration should the engineer verify'?
During the process of developing a decryption strategy and evaluating which websites are required for corporate users to access, several sites have been identified that cannot be decrypted due to technical reasons. In this case, the technical reason is unsupported ciphers. Traffic to these sites will therefore be blocked if decrypted How should the engineer proceed?
If a URL is in multiple custom URL categories with different actions, which action will take priority?
What is a correct statement regarding administrative authentication using external services with a local authorization method?
You are auditing the work of a co-worker and need to verify that they have matched the Palo Alto Networks Best Practices for Anti-Spyware Profiles. For which three severity levels should single-packet captures be enabled to meet the Best Practice standard? (Choose three.)
An administrator configures a site-to-site IPsec VPN tunnel between a PA-850 and an external customer on their policy-based VPN devices. What should an administrator configure to route interesting traffic through the VPN tunnel?
A company requires that a specific set of ciphers be used when remotely managing their Palo Alto Networks appliances. Which profile should be configured in order to achieve this?
When you navigate to Network: &gt; GlobalProtect &gt; Portals &gt; Method section, which three options are available? (Choose three )
When you import the configuration of an HA pair into Panorama, how do you prevent the import from affecting ongoing traffic?