ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSE

Palo Alto Networks PCNSE Practice Test - Questions Answers, Page 39

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

If a URL is in multiple custom URL categories with different actions, which action will take priority?
When you navigate to Network: > GlobalProtect > Portals > Method section, which three options are available? (Choose three )
A network security engineer is attempting to peer a virtual router on a PAN-OS firewall with an external router using the BGP protocol. The peer relationship is not establishing. What command could the engineer run to see the current state of the BGP state between the two devices?
Which type of policy in Palo Alto Networks firewalls can use Device-ID as a match condition?
Based on the screenshots above, and with no configuration inside the Template Stack itself, what access will the device permit on its Management port?
A firewall administrator has been tasked with ensuring that all firewalls forward System logs to Panorama. In which section is this configured?
DRAG DROP An engineer is troubleshooting traffic routing through the virtual router. The firewall uses multiple routing protocols, and the engineer is trying to determine routing priority Match the default Administrative Distances for each routing protocol.
An administrator analyzes the following portion of a VPN system log and notices the following issue "Received local id 10 10 1 4/24 type IPv4 address protocol 0 port 0, received remote id 10.1.10.4/24 type IPv4 address protocol 0 port 0." What is the cause of the issue?
Following a review of firewall logs for traffic generated by malicious activity, how can an administrator confirm that WildFire has identified a virus?
An engineer is reviewing policies after a PAN-OS upgrade What are the two differences between Highlight Unused Rules and the Rule Usage Hit counters immediately after a reboot?

Question 381

Report
Export
Collapse

A security team has enabled real-time WildFire signature lookup on all its firewalls. Which additional action will further reduce the likelihood of newly discovered malware being allowed through the firewalls?

A.
increase the frequency of the applications and threats dynamic updates.
A.
increase the frequency of the applications and threats dynamic updates.
Answers
B.
Increase the frequency of the antivirus dynamic updates
B.
Increase the frequency of the antivirus dynamic updates
Answers
C.
Enable the 'Hold Mode' option in Objects > Security Profiles > Antivirus.
C.
Enable the 'Hold Mode' option in Objects > Security Profiles > Antivirus.
Answers
D.
Enable the 'Report Grayware Files' option in Device > Setup > WildFire.
D.
Enable the 'Report Grayware Files' option in Device > Setup > WildFire.
Answers
Suggested answer: B

Question 382

Report
Export
Collapse

A company is expanding its existing log storage and alerting solutions All company Palo Alto Networks firewalls currently forward logs to Panorama. Which two additional log forwarding methods will PAN-OS support? (Choose two)

A.
SSL
A.
SSL
Answers
B.
TLS
B.
TLS
Answers
C.
HTTP
C.
HTTP
Answers
D.
Email
D.
Email
Answers
Suggested answer: C, D

Question 383

Report
Export
Collapse

A firewall administrator manages sets of firewalls which have two unique idle timeout values. Datacenter firewalls needs to be set to 20 minutes and BranchOffice firewalls need to be set to 30 minutes. How can the administrator assign these settings through the use of template stacks?

A.
Create one template stack and place the BranchOffice_Template in higher priority than Datacenter_Template.
A.
Create one template stack and place the BranchOffice_Template in higher priority than Datacenter_Template.
Answers
B.
Create one template stack and place the Datanceter_Template in higher priority than BranchOffice_template.
B.
Create one template stack and place the Datanceter_Template in higher priority than BranchOffice_template.
Answers
C.
Create two separate template stacks one each for Datacenter and BranchOffice, and verify that Datacenter_Template and BranchOffice_template are at the bottom of their stack.
C.
Create two separate template stacks one each for Datacenter and BranchOffice, and verify that Datacenter_Template and BranchOffice_template are at the bottom of their stack.
Answers
D.
Create two separate template stacks one each for Datacenter and BranchOffice, and verify that Datacenter_template are at the top of their stack
D.
Create two separate template stacks one each for Datacenter and BranchOffice, and verify that Datacenter_template are at the top of their stack
Answers
Suggested answer: D

Question 384

Report
Export
Collapse

Exhibit.

Review the screenshots and consider the following information

1. FW-1is assigned to the FW-1_DG device group, and FW-2 is assigned to OFFICE_FW_DC

2. There are no objects configured in REGIONAL_DG and OFFICE_FW_DG device groups

Which IP address will be pushed to the firewalls inside Address Object Server-1?

A.
Server-1 on FW-1 will have IP 4.4.4.4. Server-1 on FW-2 will have IP 1.1.1.1
A.
Server-1 on FW-1 will have IP 4.4.4.4. Server-1 on FW-2 will have IP 1.1.1.1
Answers
B.
Server-1 on FW-1 will have IR 111.1. Server-1 will not be pushed to FW-2.
B.
Server-1 on FW-1 will have IR 111.1. Server-1 will not be pushed to FW-2.
Answers
C.
Server-1 on FW-1 will have IP 2.2.2.2. Server-1 will not be pushed to FW-2.
C.
Server-1 on FW-1 will have IP 2.2.2.2. Server-1 will not be pushed to FW-2.
Answers
D.
Server-1 on FW-1 will have IP 3.3.3.3. Server-1 will not be pushed to FW-2.
D.
Server-1 on FW-1 will have IP 3.3.3.3. Server-1 will not be pushed to FW-2.
Answers
Suggested answer: A

Explanation:

Device Group Hierarchy

Shared

DATACENTER_DG

DC_FW_DG

REGIONAL_DG

OFFICE_FW_DG

FW-1_DG

Analysis

Considerations:

FW-1 is assigned to the FW-1_DG device group.

FW-2 is assigned to the OFFICE_FW_DG device group.

There are no objects configured in REGIONAL_DG and OFFICE_FW_DG device groups.

The address object Server-1 appears in multiple device groups with different IP addresses. The device groups have a hierarchy, which means objects can be inherited from parent groups unless overridden in the child group.

FW-1_DG:

Server-1 has IP 4.4.4.4, which will be pushed to FW-1 because it is in the FW-1_DG device group.

OFFICE_FW_DG (for FW-2):

Since there are no objects in OFFICE_FW_DG and REGIONAL_DG, FW-2 will inherit from Shared.

In the Shared group, Server-1 has IP 1.1.1.1.

Question 385

Report
Export
Collapse

An administrator is configuring a Panorama device group. Which two objects are configurable? (Choose two.)

A.
DNS Proxy
A.
DNS Proxy
Answers
B.
SSL/TLS profiles
B.
SSL/TLS profiles
Answers
C.
address groups
C.
address groups
Answers
D.
URL Filtering profiles
D.
URL Filtering profiles
Answers
Suggested answer: C, D

Question 386

Report
Export
Collapse

Refer to the exhibit.

View the screenshots

A QoS profile and policy rules are configured as shown. Based on this information which two statements are correct?

A.
SMTP has a higher priority but lower bandwidth than Zoom.
A.
SMTP has a higher priority but lower bandwidth than Zoom.
Answers
B.
DNS has a higher priority and more bandwidth than SSH.
B.
DNS has a higher priority and more bandwidth than SSH.
Answers
C.
google-video has a higher priority and more bandwidth than WebEx.
C.
google-video has a higher priority and more bandwidth than WebEx.
Answers
D.
Facetime has a higher priority but lower bandwidth than Zoom.
D.
Facetime has a higher priority but lower bandwidth than Zoom.
Answers
Suggested answer: B, D

Question 387

Report
Export
Collapse

An administrator wants to use LDAP, TACACS+, and Kerberos as external authentication services for authenticating users. What should the administrator be aware of regarding the authentication sequence, based on the Authentication profile in the order Kerberos LDAP, and TACACS+?

A.
The firewall evaluates the profiles in the alphabetical order the Authentication profiles have been named until one profile successfully authenticates the user.
A.
The firewall evaluates the profiles in the alphabetical order the Authentication profiles have been named until one profile successfully authenticates the user.
Answers
B.
The firewall evaluates the profiles in top-to-bottom order until one Authentication profile successfully authenticates the user.
B.
The firewall evaluates the profiles in top-to-bottom order until one Authentication profile successfully authenticates the user.
Answers
C.
The priority assigned to the Authentication profile defines the order of the sequence.
C.
The priority assigned to the Authentication profile defines the order of the sequence.
Answers
D.
If the authentication times cut for the firs: Authentication profile in the authentication sequence, no further authentication attempts will be made.
D.
If the authentication times cut for the firs: Authentication profile in the authentication sequence, no further authentication attempts will be made.
Answers
Suggested answer: B

Question 388

Report
Export
Collapse

A firewall administrator has been tasked with ensuring that all firewalls forward System logs to Panorama. In which section is this configured?

A.
Monitor > Logs > System
A.
Monitor > Logs > System
Answers
B.
Objects > Log Forwarding
B.
Objects > Log Forwarding
Answers
C.
Panorama > Managed Devices
C.
Panorama > Managed Devices
Answers
D.
Device > Log Settings
D.
Device > Log Settings
Answers
Suggested answer: D

Question 389

Report
Export
Collapse

A security engineer needs to mitigate packet floods that occur on a RSF servers behind the internet facing interface of the firewall. Which Security Profile should be applied to a policy to prevent these packet floods?

A.
DoS Protection profile
A.
DoS Protection profile
Answers
B.
Data Filtering profile
B.
Data Filtering profile
Answers
C.
Vulnerability Protection profile
C.
Vulnerability Protection profile
Answers
D.
URL Filtering profile
D.
URL Filtering profile
Answers
Suggested answer: A

Question 390

Report
Export
Collapse

An administrator pushes a new configuration from Panorama to a par of firewalls that are configured as an active/passive HA pair. Which NGFW receives the from Panorama?

A.
The active firewall which then synchronizes to the passive firewall
A.
The active firewall which then synchronizes to the passive firewall
Answers
B.
The passive firewall, which then synchronizes to the active firewall
B.
The passive firewall, which then synchronizes to the active firewall
Answers
C.
Both the active and passive firewalls which then synchronize with each other
C.
Both the active and passive firewalls which then synchronize with each other
Answers
D.
Both the active and passive firewalls independently, with no synchronization afterward
D.
Both the active and passive firewalls independently, with no synchronization afterward
Answers
Suggested answer: D
Total 426 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms