ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSE

Palo Alto Networks PCNSE Practice Test - Questions Answers, Page 31

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

If a URL is in multiple custom URL categories with different actions, which action will take priority?
When you navigate to Network: > GlobalProtect > Portals > Method section, which three options are available? (Choose three )
A network security engineer is attempting to peer a virtual router on a PAN-OS firewall with an external router using the BGP protocol. The peer relationship is not establishing. What command could the engineer run to see the current state of the BGP state between the two devices?
Which type of policy in Palo Alto Networks firewalls can use Device-ID as a match condition?
Based on the screenshots above, and with no configuration inside the Template Stack itself, what access will the device permit on its Management port?
A firewall administrator has been tasked with ensuring that all firewalls forward System logs to Panorama. In which section is this configured?
DRAG DROP An engineer is troubleshooting traffic routing through the virtual router. The firewall uses multiple routing protocols, and the engineer is trying to determine routing priority Match the default Administrative Distances for each routing protocol.
An administrator analyzes the following portion of a VPN system log and notices the following issue "Received local id 10 10 1 4/24 type IPv4 address protocol 0 port 0, received remote id 10.1.10.4/24 type IPv4 address protocol 0 port 0." What is the cause of the issue?
Following a review of firewall logs for traffic generated by malicious activity, how can an administrator confirm that WildFire has identified a virus?
An engineer is reviewing policies after a PAN-OS upgrade What are the two differences between Highlight Unused Rules and the Rule Usage Hit counters immediately after a reboot?

Question 301

Report
Export
Collapse

Why would a traffic log list an application as "not-applicable"?

A.
The firewall denied the traffic before the application match could be performed.
A.
The firewall denied the traffic before the application match could be performed.
Answers
B.
The TCP connection terminated without identifying any application data
B.
The TCP connection terminated without identifying any application data
Answers
C.
There was not enough application data after the TCP connection was established
C.
There was not enough application data after the TCP connection was established
Answers
D.
The application is not a known Palo Alto Networks App-ID.
D.
The application is not a known Palo Alto Networks App-ID.
Answers
Suggested answer: A

Explanation:

According to the documentation, not-applicable means that the Palo Alto device has received data that will be discarded because the port or service that the traffic is coming in on is not allowed, or there is no rule or policy allowing that port or service. This occurs because the traffic was dropped or denied before the application match could be performed. Reference: 1 Not-applicable in Traffic Logs Palo Alto Networks 2 Not-Applicable, Incomplete, Insufficient Data in the Application Field - Palo Alto Networks

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClspCAC

Question 302

Report
Export
Collapse

A network administrator configured a site-to-site VPN tunnel where the peer device will act as initiator None of the peer addresses are known

What can the administrator configure to establish the VPN connection?

A.
Set up certificate authentication.
A.
Set up certificate authentication.
Answers
B.
Use the Dynamic IP address type.
B.
Use the Dynamic IP address type.
Answers
C.
Enable Passive Mode
C.
Enable Passive Mode
Answers
D.
Configure the peer address as an FQDN.
D.
Configure the peer address as an FQDN.
Answers
Suggested answer: B

Explanation:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClIGCA0

Question 303

Report
Export
Collapse

An administrator wants to enable WildFire inline machine learning. Which three file types does WildFire inline ML analyze? (Choose three.)

A.
MS Office
A.
MS Office
Answers
B.
ELF
B.
ELF
Answers
C.
APK
C.
APK
Answers
D.
VBscripts
D.
VBscripts
Answers
E.
Powershell scripts
E.
Powershell scripts
Answers
Suggested answer: A, B, E

Explanation:

"The WildFire inline ML option present in the Antivirus profile enables the firewall dataplane to apply machine learning on PE (portable executable), ELF (executable and linked format) and MS Office files, and PowerShell and shell scripts in real-time." from https://docs.paloaltonetworks.com/pan-os/102/pan-os-admin/threat-prevention/wildfire-inline-ml

Question 304

Report
Export
Collapse

DRAG DROP

Match the terms to their corresponding definitions

Select and Place:

Answer:

Question 304
Correct answer: Question 304

Explanation:


Question 305

Report
Export
Collapse

Which protocol is supported by GlobalProtect Clientless VPN?

A.
FTP
A.
FTP
Answers
B.
RDP
B.
RDP
Answers
C.
SSH
C.
SSH
Answers
D.
HTTPS
D.
HTTPS
Answers
Suggested answer: D

Question 306

Report
Export
Collapse

What are three tasks that cannot be configured from Panorama by using a template stack? (Choose three.)

A.
Change the firewall management IP address
A.
Change the firewall management IP address
Answers
B.
Configure a device block list
B.
Configure a device block list
Answers
C.
Add administrator accounts
C.
Add administrator accounts
Answers
D.
Rename a vsys on a multi-vsys firewall
D.
Rename a vsys on a multi-vsys firewall
Answers
E.
Enable operational modes such as normal mode, multi-vsys mode, or FIPS-CC mode
E.
Enable operational modes such as normal mode, multi-vsys mode, or FIPS-CC mode
Answers
Suggested answer: A, C, E

Explanation:

Change the firewall management IP address C. Add administrator accounts E.Enable operational modes such as normal mode, multi-vsys mode, or FIPS-CC mode Short Explanation of Correct Answer Only: These tasks cannot be configured from Panorama by using a template stack because they are device-specific settings that must be configured locally on each firewall1.A template stack can only configure settings that are common to multiple firewalls2.

Reference:1: https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/panorama-overview/centralized-firewall-configuration-and-update-management/templates-and-template-stacks2: https://docs.paloaltonetworks.com/best-practices/10-1/best-practices-for-managing-firewalls-with-panorama/configuration-management/template-and-template-stack-management

Question 307

Report
Export
Collapse

An engineer must configure a new SSL decryption deployment.

Which profile or certificate is required before any traffic that matches an SSL decryption rule is decrypted?

A.
There must be a certificate with both the Forward Trust option and Forward Untrust option selected.
A.
There must be a certificate with both the Forward Trust option and Forward Untrust option selected.
Answers
B.
A Decryption profile must be attached to the Security policy that the traffic matches.
B.
A Decryption profile must be attached to the Security policy that the traffic matches.
Answers
C.
A Decryption profile must be attached to the Decryption policy that the traffic matches.
C.
A Decryption profile must be attached to the Decryption policy that the traffic matches.
Answers
D.
There must be a certificate with only the Forward Trust option selected.
D.
There must be a certificate with only the Forward Trust option selected.
Answers
Suggested answer: C

Explanation:


Question 308

Report
Export
Collapse

An engineer decides to use Panorama to upgrade devices to PAN-OS 10.2.

Which three platforms support PAN-OS 10.2? (Choose three.)

A.
PA-5000 Series
A.
PA-5000 Series
Answers
B.
PA-500
B.
PA-500
Answers
C.
PA-3400Series
C.
PA-3400Series
Answers
D.
PA-220
D.
PA-220
Answers
E.
PA-800 Series
E.
PA-800 Series
Answers
Suggested answer: C, D, E

Question 309

Report
Export
Collapse

An engineer manages a high availability network and requires fast failover of the routing protocols. The engineer decides to implement BFD.

Which three dynamic routing protocols support BFD? (Choose three.)

A.
OSPF
A.
OSPF
Answers
B.
RIP
B.
RIP
Answers
C.
BGP
C.
BGP
Answers
D.
IGRP
D.
IGRP
Answers
E.
OSPFv3 virtual link
E.
OSPFv3 virtual link
Answers
Suggested answer: A, B, C

Question 310

Report
Export
Collapse

Refer to the exhibit.

Which will be the egress interface if the traffic's ingress interface is ethernet1/7 sourcing from 192.168.111.3 and to the destination 10.46.41.113?

A.
ethernet1/6
A.
ethernet1/6
Answers
B.
ethernet1/3
B.
ethernet1/3
Answers
C.
ethernet1/7
C.
ethernet1/7
Answers
D.
ethernet1/5
D.
ethernet1/5
Answers
Suggested answer: D
Total 426 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms