ExamGecko
Home / Palo Alto Networks / PCNSE / List of questions
Ask Question

Palo Alto Networks PCNSE Practice Test - Questions Answers, Page 4

Question list
Search

List of questions

Search

Related questions











Question 31

Report
Export
Collapse

An engineer is in the planning stages of deploying User-ID in a diverse directory services environment.

Which server OS platforms can be used for server monitoring with User-ID?

Microsoft Terminal Server, Red Hat Linux, and Microsoft Active Directory
Microsoft Terminal Server, Red Hat Linux, and Microsoft Active Directory
Microsoft Active Directory, Red Hat Linux, and Microsoft Exchange
Microsoft Active Directory, Red Hat Linux, and Microsoft Exchange
Microsoft Exchange, Microsoft Active Directory, and Novell eDirectory
Microsoft Exchange, Microsoft Active Directory, and Novell eDirectory
Novell eDirectory, Microsoft Terminal Server, and Microsoft Active Directory
Novell eDirectory, Microsoft Terminal Server, and Microsoft Active Directory
Suggested answer: C

Explanation:

https://docs.paloaltonetworks.com/compatibility-matrix/user-id-agent/which-servers-can-the-user-id-agent-monitor

asked 23/09/2024
Zden Bohm Autocont a.s.
27 questions

Question 32

Report
Export
Collapse

What are three reasons for excluding a site from SSL decryption? (Choose three.)

the website is not present in English
the website is not present in English
unsupported ciphers
unsupported ciphers
certificate pinning
certificate pinning
unsupported browser version
unsupported browser version
mutual authentication
mutual authentication
Suggested answer: B, C, E

Explanation:

Reasons that sites break decryption technically include pinned certificates, client authentication, incomplete certificate chains, and unsupported ciphers. https://docs.paloaltonetworks.com/panos/ 10-1/pan-os-admin/decryption/decryption-exclusions/exclude-a-server-from-decryption.html

asked 23/09/2024
femke vroome
47 questions

Question 33

Report
Export
Collapse

A user at an internal system queries the DNS server for their web server with a private IP of 10 250 241 131 in the. The DNS server returns an address of the web server's public address, 200.1.1.10.

In order to reach the web server, which security rule and U-Turn NAT rule must be configured on the firewall?

Palo Alto Networks PCNSE image Question 33 54270 09232024001219000000

Suggested answer: A
asked 23/09/2024
Rowan Cele
46 questions

Question 34

Report
Export
Collapse

An administrator device-group commit push is tailing due to a new URL category How should the administrator correct this issue?

verify that the URL seed Tile has been downloaded and activated on the firewall
verify that the URL seed Tile has been downloaded and activated on the firewall
change the new category action to alert" and push the configuration again
change the new category action to alert" and push the configuration again
update the Firewall Apps and Threat version to match the version of Panorama
update the Firewall Apps and Threat version to match the version of Panorama
ensure that the firewall can communicate with the URL cloud
ensure that the firewall can communicate with the URL cloud
Suggested answer: C

Explanation:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNqw

asked 23/09/2024
Sandesh Somaiah
39 questions

Question 35

Report
Export
Collapse

SAML SLO is supported for which two firewall features? (Choose two.)

GlobalProtect Portal
GlobalProtect Portal
CaptivePortal
CaptivePortal
WebUI
WebUI
CLI
CLI
Suggested answer: A, B

Explanation:

SSO is available to administrators who access the web interface and to end users who access applications through GlobalProtect or Captive Portal. SLO is available to administrators and GlobalProtect end users, but not to Captive Portal end users.

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/authentication/authentication-types/saml

https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-web-interface-help/device/device-server-profiles-saml-identity-provider

asked 23/09/2024
Robert Petty
52 questions

Question 36

Report
Export
Collapse

The manager of the network security team has asked you to help configure the company's Security Profiles according to Palo Alto Networks best practice As part of that effort, the manager has assigned you the Vulnerability Protection profile for the internet gateway firewall.

Which action and packet-capture setting for items of high severity and critical severity best matches Palo Alto Networks best practice?

action 'reset-both' and packet capture 'extended-capture'
action 'reset-both' and packet capture 'extended-capture'
action 'default' and packet capture 'single-packet'
action 'default' and packet capture 'single-packet'
action 'reset-both' and packet capture 'single-packet'
action 'reset-both' and packet capture 'single-packet'
action 'reset-server' and packet capture 'disable'
action 'reset-server' and packet capture 'disable'
Suggested answer: C
asked 23/09/2024
David Gallegos
41 questions

Question 37

Report
Export
Collapse

The following objects and policies are defined in a device group hierarchy

Palo Alto Networks PCNSE image Question 37 54274 09232024001219000000

Address Objects-Shared Address 1-Branch Address2 Policies-Shared Polic1 l-Branch Policy1
Address Objects-Shared Address 1-Branch Address2 Policies-Shared Polic1 l-Branch Policy1
Address Objects -Shared Addressl -Shared Address2 -Branch Addressl Policies -Shared Policyl -Shared Policy2 -Branch Policy1
Address Objects -Shared Addressl -Shared Address2 -Branch Addressl Policies -Shared Policyl -Shared Policy2 -Branch Policy1
Suggested answer: A
asked 23/09/2024
Malik Khabir
34 questions

Question 38

Report
Export
Collapse

An administrator is attempting to create policies tor deployment of a device group and template stack. When creating the policies, the zone drop down list does not include the required zone.

What must the administrator do to correct this issue?

Specify the target device as the master device in the device group
Specify the target device as the master device in the device group
Enable "Share Unused Address and Service Objects with Devices" in Panorama settings
Enable "Share Unused Address and Service Objects with Devices" in Panorama settings
Add the template as a reference template in the device group
Add the template as a reference template in the device group
Add a firewall to both the device group and the template
Add a firewall to both the device group and the template
Suggested answer: C

Explanation:

Short According to the Palo Alto Networks documentation, "To use a template stack for a device group, you must add the template stack as a reference template in the device group. This enables you to use zones and interfaces defined in the template stack when creating policies for the device group." Reference: https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/manage-firewalls/manage-templates-and-template-stacks

asked 23/09/2024
Ralitsa Yankova
50 questions

Question 39

Report
Export
Collapse

An existing NGFW customer requires direct interne! access offload locally at each site and iPSec connectivity to all branches over public internet. One requirement is mat no new SD-WAN hardware be introduced to the environment.

What is the best solution for the customer?

Configure a remote network on PAN-OS
Configure a remote network on PAN-OS
Upgrade to a PAN-OS SD-WAN subscription
Upgrade to a PAN-OS SD-WAN subscription
Deploy Prisma SD-WAN with Prisma Access
Deploy Prisma SD-WAN with Prisma Access
Configure policy-based forwarding
Configure policy-based forwarding
Suggested answer: B

Explanation:

According to the Palo Alto Networks documentation, "The PAN-OS software now includes a native SD-WAN subscription to provide intelligent and dynamic path selection on top of the industry- leading security that PAN-OS software already delivers. Key features of the SD-WAN implementation include centralized configuration management, automatic VPN topology creation, traffic distribution, monitoring, and troubleshooting." Reference: https:// docs.paloaltonetworks.com/sd-wan

asked 23/09/2024
Armands Vestmanis
45 questions

Question 40

Report
Export
Collapse

Which GlobalProtect component must be configured to enable Clientless VPN?

GlobalProtect satellite
GlobalProtect satellite
GlobalProtect app
GlobalProtect app
GlobalProtect portal
GlobalProtect portal
GlobalProtect gateway
GlobalProtect gateway
Suggested answer: C

Explanation:

Creating the GlobalProtect portal is as simple as letting it know if you have accessed it already. A new gateway for accessing the GlobalProtect portal will appear. Client authentication can be used with an existing one.

https://www.nstec.com/how-to-configure-clientless-vpn-in-palo-alto/#5

asked 23/09/2024
Glen Teis
34 questions
Total 470 questions
Go to page: of 47