Palo Alto Networks PCNSE Practice Test - Questions Answers, Page 35

List of questions
Question 341

An administrator has been tasked with configuring decryption policies,
Which decryption best practice should they consider?
Question 342

An engineer needs to configure a standardized template for all Panorama-managed firewalls. These settings will be configured on a template named 'Global' and will be included in all template stacks.
Which three settings can be configured in this template? (Choose three.)
Question 343

An engineer is monitoring an active/active high availability (HA) firewall pair.
Which HA firewall state describes the firewall that is currently processing traffic?
Question 344

When you import the configuration of an HA pair into Panorama, how do you prevent the import from affecting ongoing traffic?
Question 345

An engineer is troubleshooting a traffic-routing issue.
What is the correct packet-flow sequence?
Question 346

A consultant advises a client on designing an explicit Web Proxy deployment on PAN-OS 11 0 The client currently uses RADIUS authentication in their environment
Which two pieces of information should the consultant provide regarding Web Proxy authentication? (Choose two.)
Question 347

A root cause analysis investigation into a recent security incident reveals that several decryption rules have been disabled. The security team wants to generate email alerts when decryption rules are changed.
How should email log forwarding be configured to achieve this goal?
Question 348

A firewall administrator is configuring an IPSec tunnel between Site A and Site B. The Site A firewall uses a DHCP assigned address on the outside interface of the firewall, and the Site B firewall uses a static IP address assigned to the outside interface of the firewall. However, the use of dynamic peering is not working.
Refer to the two sets of configuration settings provided. Which two changes will allow the configurations to work? (Choose two.)
Site A configuration:
Question 349

A firewall administrator configures the HIP profiles on the edge firewall where GlobalProtect is enabled, and adds the profiles to security rules. The administrator wants to redistribute the HIP reports to the data center firewalls to apply the same access restrictions using HIP profiles. However, the administrator can only see the HIP match logs on the edge firewall but not on the data center firewall
What are two reasons why the administrator is not seeing HIP match logs on the data center firewall? (Choose two.)
Question 350

Why are external zones required to be configured on a Palo Alto Networks NGFW in an environment with multiple virtual systems?
Question