ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSE

Palo Alto Networks PCNSE Practice Test - Questions Answers, Page 4

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

If a URL is in multiple custom URL categories with different actions, which action will take priority?
When you navigate to Network: > GlobalProtect > Portals > Method section, which three options are available? (Choose three )
A network security engineer is attempting to peer a virtual router on a PAN-OS firewall with an external router using the BGP protocol. The peer relationship is not establishing. What command could the engineer run to see the current state of the BGP state between the two devices?
Based on the screenshots above, and with no configuration inside the Template Stack itself, what access will the device permit on its Management port?
A firewall administrator has been tasked with ensuring that all firewalls forward System logs to Panorama. In which section is this configured?
Which type of policy in Palo Alto Networks firewalls can use Device-ID as a match condition?
DRAG DROP An engineer is troubleshooting traffic routing through the virtual router. The firewall uses multiple routing protocols, and the engineer is trying to determine routing priority Match the default Administrative Distances for each routing protocol.
An administrator analyzes the following portion of a VPN system log and notices the following issue "Received local id 10 10 1 4/24 type IPv4 address protocol 0 port 0, received remote id 10.1.10.4/24 type IPv4 address protocol 0 port 0." What is the cause of the issue?
Following a review of firewall logs for traffic generated by malicious activity, how can an administrator confirm that WildFire has identified a virus?
An engineer is reviewing policies after a PAN-OS upgrade What are the two differences between Highlight Unused Rules and the Rule Usage Hit counters immediately after a reboot?

Question 31

Report
Export
Collapse

An engineer is in the planning stages of deploying User-ID in a diverse directory services environment.

Which server OS platforms can be used for server monitoring with User-ID?

A.
Microsoft Terminal Server, Red Hat Linux, and Microsoft Active Directory
A.
Microsoft Terminal Server, Red Hat Linux, and Microsoft Active Directory
Answers
B.
Microsoft Active Directory, Red Hat Linux, and Microsoft Exchange
B.
Microsoft Active Directory, Red Hat Linux, and Microsoft Exchange
Answers
C.
Microsoft Exchange, Microsoft Active Directory, and Novell eDirectory
C.
Microsoft Exchange, Microsoft Active Directory, and Novell eDirectory
Answers
D.
Novell eDirectory, Microsoft Terminal Server, and Microsoft Active Directory
D.
Novell eDirectory, Microsoft Terminal Server, and Microsoft Active Directory
Answers
Suggested answer: C

Explanation:

https://docs.paloaltonetworks.com/compatibility-matrix/user-id-agent/which-servers-can-the-user-id-agent-monitor

Question 32

Report
Export
Collapse

What are three reasons for excluding a site from SSL decryption? (Choose three.)

A.
the website is not present in English
A.
the website is not present in English
Answers
B.
unsupported ciphers
B.
unsupported ciphers
Answers
C.
certificate pinning
C.
certificate pinning
Answers
D.
unsupported browser version
D.
unsupported browser version
Answers
E.
mutual authentication
E.
mutual authentication
Answers
Suggested answer: B, C, E

Explanation:

Reasons that sites break decryption technically include pinned certificates, client authentication, incomplete certificate chains, and unsupported ciphers. https://docs.paloaltonetworks.com/panos/ 10-1/pan-os-admin/decryption/decryption-exclusions/exclude-a-server-from-decryption.html

Question 33

Report
Export
Collapse

A user at an internal system queries the DNS server for their web server with a private IP of 10 250 241 131 in the. The DNS server returns an address of the web server's public address, 200.1.1.10.

In order to reach the web server, which security rule and U-Turn NAT rule must be configured on the firewall?

A.
A.
Answers
B.
B.
Answers
C.
C.
Answers
D.
D.
Answers
Suggested answer: A

Question 34

Report
Export
Collapse

An administrator device-group commit push is tailing due to a new URL category How should the administrator correct this issue?

A.
verify that the URL seed Tile has been downloaded and activated on the firewall
A.
verify that the URL seed Tile has been downloaded and activated on the firewall
Answers
B.
change the new category action to alert" and push the configuration again
B.
change the new category action to alert" and push the configuration again
Answers
C.
update the Firewall Apps and Threat version to match the version of Panorama
C.
update the Firewall Apps and Threat version to match the version of Panorama
Answers
D.
ensure that the firewall can communicate with the URL cloud
D.
ensure that the firewall can communicate with the URL cloud
Answers
Suggested answer: C

Explanation:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNqw

Question 35

Report
Export
Collapse

SAML SLO is supported for which two firewall features? (Choose two.)

A.
GlobalProtect Portal
A.
GlobalProtect Portal
Answers
B.
CaptivePortal
B.
CaptivePortal
Answers
C.
WebUI
C.
WebUI
Answers
D.
CLI
D.
CLI
Answers
Suggested answer: A, B

Explanation:

SSO is available to administrators who access the web interface and to end users who access applications through GlobalProtect or Captive Portal. SLO is available to administrators and GlobalProtect end users, but not to Captive Portal end users.

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/authentication/authentication-types/saml

https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-web-interface-help/device/device-server-profiles-saml-identity-provider

Question 36

Report
Export
Collapse

The manager of the network security team has asked you to help configure the company's Security Profiles according to Palo Alto Networks best practice As part of that effort, the manager has assigned you the Vulnerability Protection profile for the internet gateway firewall.

Which action and packet-capture setting for items of high severity and critical severity best matches Palo Alto Networks best practice?

A.
action 'reset-both' and packet capture 'extended-capture'
A.
action 'reset-both' and packet capture 'extended-capture'
Answers
B.
action 'default' and packet capture 'single-packet'
B.
action 'default' and packet capture 'single-packet'
Answers
C.
action 'reset-both' and packet capture 'single-packet'
C.
action 'reset-both' and packet capture 'single-packet'
Answers
D.
action 'reset-server' and packet capture 'disable'
D.
action 'reset-server' and packet capture 'disable'
Answers
Suggested answer: C

Question 37

Report
Export
Collapse

The following objects and policies are defined in a device group hierarchy

A.
A.
Answers
B.
B.
Answers
C.
Address Objects-Shared Address 1-Branch Address2 Policies-Shared Polic1 l-Branch Policy1
C.
Address Objects-Shared Address 1-Branch Address2 Policies-Shared Polic1 l-Branch Policy1
Answers
D.
Address Objects -Shared Addressl -Shared Address2 -Branch Addressl Policies -Shared Policyl -Shared Policy2 -Branch Policy1
D.
Address Objects -Shared Addressl -Shared Address2 -Branch Addressl Policies -Shared Policyl -Shared Policy2 -Branch Policy1
Answers
Suggested answer: A

Question 38

Report
Export
Collapse

An administrator is attempting to create policies tor deployment of a device group and template stack. When creating the policies, the zone drop down list does not include the required zone.

What must the administrator do to correct this issue?

A.
Specify the target device as the master device in the device group
A.
Specify the target device as the master device in the device group
Answers
B.
Enable "Share Unused Address and Service Objects with Devices" in Panorama settings
B.
Enable "Share Unused Address and Service Objects with Devices" in Panorama settings
Answers
C.
Add the template as a reference template in the device group
C.
Add the template as a reference template in the device group
Answers
D.
Add a firewall to both the device group and the template
D.
Add a firewall to both the device group and the template
Answers
Suggested answer: C

Explanation:

Short According to the Palo Alto Networks documentation, "To use a template stack for a device group, you must add the template stack as a reference template in the device group. This enables you to use zones and interfaces defined in the template stack when creating policies for the device group." Reference: https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/manage-firewalls/manage-templates-and-template-stacks

Question 39

Report
Export
Collapse

An existing NGFW customer requires direct interne! access offload locally at each site and iPSec connectivity to all branches over public internet. One requirement is mat no new SD-WAN hardware be introduced to the environment.

What is the best solution for the customer?

A.
Configure a remote network on PAN-OS
A.
Configure a remote network on PAN-OS
Answers
B.
Upgrade to a PAN-OS SD-WAN subscription
B.
Upgrade to a PAN-OS SD-WAN subscription
Answers
C.
Deploy Prisma SD-WAN with Prisma Access
C.
Deploy Prisma SD-WAN with Prisma Access
Answers
D.
Configure policy-based forwarding
D.
Configure policy-based forwarding
Answers
Suggested answer: B

Explanation:

According to the Palo Alto Networks documentation, "The PAN-OS software now includes a native SD-WAN subscription to provide intelligent and dynamic path selection on top of the industry- leading security that PAN-OS software already delivers. Key features of the SD-WAN implementation include centralized configuration management, automatic VPN topology creation, traffic distribution, monitoring, and troubleshooting." Reference: https:// docs.paloaltonetworks.com/sd-wan

Question 40

Report
Export
Collapse

Which GlobalProtect component must be configured to enable Clientless VPN?

A.
GlobalProtect satellite
A.
GlobalProtect satellite
Answers
B.
GlobalProtect app
B.
GlobalProtect app
Answers
C.
GlobalProtect portal
C.
GlobalProtect portal
Answers
D.
GlobalProtect gateway
D.
GlobalProtect gateway
Answers
Suggested answer: C

Explanation:

Creating the GlobalProtect portal is as simple as letting it know if you have accessed it already. A new gateway for accessing the GlobalProtect portal will appear. Client authentication can be used with an existing one.

https://www.nstec.com/how-to-configure-clientless-vpn-in-palo-alto/#5

Total 426 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms