Ask Question
Palo Alto Networks PCNSE Practice Test - Questions Answers, Page 3
Add to Whishlist
List of questions
Question 21
What are two common reasons to use a "No Decrypt" action to exclude traffic from SSL decryption?
(Choose two.)
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/decryption/decryptionexclusions/palo-alto-networks-predefined-decryption-exclusions.htmlThe firewall provides a predefined SSL Decryption Exclusion list to exclude from decryptioncommonly used sites that break decryption because of technical reasons such as pinned certificatesand mutual authentication.
Question 22
An administrator has a PA-820 firewall with an active Threat Prevention subscription The administrator is considering adding a WildFire subscription.
How does adding the WildFire subscription improve the security posture of the organization1?
Adding a WildFire subscription can improve the security posture of the organization by providing protection against unknown malware in near real-time. With a WildFire subscription, the firewall can forward various file types for WildFire analysis, and can retrieve WildFire signatures for newly- discovered malware as soon as they are generated by the WildFire public cloud or a private cloud appliance. This reduces the exposure window and prevents further infection by the same malware.Reference: https://docs.paloaltonetworks.com/wildfire/9-1/wildfire-admin/wildfire- overview/wildfire-subscription
Question 23
What are two valid deployment options for Decryption Broker? (Choose two)
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/decryption- broker/decryption-broker-concepts
Question 24
An administrator needs to assign a specific DNS server to one firewall within a device group. Where would the administrator go to edit a template variable at the device level?
To edit a template variable at the device level, you need to go to Manage variables under Panorama > templates. This allows you to override the default value of a variable for a specific device or device group. For example, you can assign a specific DNS server to one firewall within a device group by editing the ${dns-primary} variable for that device. Reference: https://docs.paloaltonetworks.com/panorama/10-1/panorama-admin/manage-firewalls/manage- templates/use-template-variables.html
Question 25
A customer wants to set up a VLAN interface for a Layer 2 Ethernet port.
Which two mandatory options are used to configure a VLAN interface? (Choose two.)
Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/web-interfacehelp/network/network-interfaces/pa-7000-series- layer-2-interface#idd2bcaacc-54b9-4ec9-a1dd-8064499f5b9d
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRqCAKVLAN interface is not necessary but in this scenarion we assume it is. Create VLAN object, VLANinterface and VLAN Zone. Attach VLAN interface to VLAN object together with two L2 interfaces thenattach VLAN interface to virtual router. Without VLAN interface you can pass traffic betweeninterfaces on the same network and with VLAN interface you can route traffic to other networks.
Question 26
A network administrator troubleshoots a VPN issue and suspects an IKE Crypto mismatch between peers. Where can the administrator find the corresponding logs after running a test command to initiate the VPN?
According to the Palo Alto Networks documentation, "To view IKE and IPSec Crypto profiles in the logs, filter the System log for eventid equal to vpn (Monitor > Logs > System)." Reference:https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/vpn/set-up-site-to-site-vpn/set-up- ike-crypto-profiles.html
Question 27
An administrator is using Panorama to manage me and suspects an IKE Crypto mismatch between peers, from the firewalls to Panoram a. However, pre-existing logs from the firewalls are not appearing in Panorama.
Which action should be taken to enable the firewalls to send their pre-existing logs to Panorama?
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-cli-quick-start/use-the-cli/use-secure-copy-to-import-and-export-files/export-and-import-a-complete-log-database-logdb
Question 28
A firewall administrator is trying to identify active routes learned via BGP in the virtual router runtime stats within the GUI. Where can they find this information?
Flags
A?BΓ³Active and learned via BGP
A CΓ³Active and a result of an internal interface (connected) - Destination = network
A HΓ³Active and a result of an internal interface (connected) - Destination = Host only
A RΓ³Active and learned via RIP
A SΓ³Active and static
SΓ³Inactive (because this route has a higher metric) and static
O1Γ³OSPF external type-1
O2Γ³OSPF external type-2
OiΓ³OSPF intra-area
OoΓ³OSPF inter-area
Question 29
A bootstrap USB flash drive has been prepared using a Windows workstation to load the initial configuration of a Palo Alto Networks firewall that was previously being used in a lab. The USB flash drive was formatted using file system FAT32 and the initial configuration is stored in a file named initcfg txt. The firewall is currently running PAN-OS 10.0 and using a lab config The contents of init-cfg txi in the USB flash drive are as follows:
The USB flash drive has been inserted in the firewalls' USB port, and the firewall has been restarted using command:> request resort system Upon restart, the firewall fails to begin the bootstrapping process. The failure is caused because
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall-administration/bootstrap-the-firewall/bootstrap-a-firewall-using-a-usb-flash-drive.html#id8378007f-d6e5-4f2d-84a4-5d50b0b3ad7d
Question 30
A network security engineer wants to prevent resource-consumption issues on the firewall.
Which strategy is consistent with decryption best practices to ensure consistent performance?
According to the Palo Alto Networks documentation, "Decryption Profiles define the cipher suite settings the firewall accepts so you can protect against vulnerable, weak protocols and algorithms.You can also use Decryption Profiles to downgrade processor-intensive ciphers to ciphers that areless processor-intensive." Reference: https://docs.paloaltonetworks.com/best-practices/10-2/decryption-best-practices/decryption-best-practices/data-center-decryption-profile.html
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
3
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
20
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Selling illegal goods, money scams etc.
Serious attack on a group.
Harassing an individual (including doxing)
Threatening or glorifying violence or serious harm, including self-harm
Nudity/Sexual content
Sexually explicit or suggestive imagery or writing involving minors
Sexually explicit or suggestive imagery or writing involving non-consenting adults or non-humans
Reusing content without attribution (link and blockquotes)
Not in English or has very bad formatting, grammar, and spelling
Author's credential is offensive, spam, or impersonation
Ex. Illegal content, incomplete question...
Practice Tests
Vendor:
Exam Questions:
Learners
Last Updated
Language
Question