ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSE

Palo Alto Networks PCNSE Practice Test - Questions Answers, Page 42

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

If a URL is in multiple custom URL categories with different actions, which action will take priority?
When you navigate to Network: > GlobalProtect > Portals > Method section, which three options are available? (Choose three )
A network security engineer is attempting to peer a virtual router on a PAN-OS firewall with an external router using the BGP protocol. The peer relationship is not establishing. What command could the engineer run to see the current state of the BGP state between the two devices?
Which type of policy in Palo Alto Networks firewalls can use Device-ID as a match condition?
Based on the screenshots above, and with no configuration inside the Template Stack itself, what access will the device permit on its Management port?
A firewall administrator has been tasked with ensuring that all firewalls forward System logs to Panorama. In which section is this configured?
DRAG DROP An engineer is troubleshooting traffic routing through the virtual router. The firewall uses multiple routing protocols, and the engineer is trying to determine routing priority Match the default Administrative Distances for each routing protocol.
An administrator analyzes the following portion of a VPN system log and notices the following issue "Received local id 10 10 1 4/24 type IPv4 address protocol 0 port 0, received remote id 10.1.10.4/24 type IPv4 address protocol 0 port 0." What is the cause of the issue?
Following a review of firewall logs for traffic generated by malicious activity, how can an administrator confirm that WildFire has identified a virus?
An engineer is reviewing policies after a PAN-OS upgrade What are the two differences between Highlight Unused Rules and the Rule Usage Hit counters immediately after a reboot?

Question 411

Report
Export
Collapse

Which interface type should a firewall administrator configure as an upstream to the ingress trusted interface when configuring transparent web proxy on a Palo Alto Networks firewall?

A.
Tunnel
A.
Tunnel
Answers
B.
Ethernet
B.
Ethernet
Answers
C.
VLAN
C.
VLAN
Answers
D.
Lookback
D.
Lookback
Answers
Suggested answer: C

Question 412

Report
Export
Collapse

Refer to the exhibit.

A security engineer has configured a GlobalProtect portal agent with four gateways Which GlobalProtect Gateway will users connect to based on the chart provided?

A.
South
A.
South
Answers
B.
West
B.
West
Answers
C.
East
C.
East
Answers
D.
Central
D.
Central
Answers
Suggested answer: C

Explanation:

Based on the provided table, the GlobalProtect portal agent configuration includes four gateways with varying priorities and response times. Users will connect to the gateway with the highest priority and, if multiple gateways share the same priority, the one with the lowest response time.

Answer Determination

Prioritize by Priority Level:

East: Highest

South: High

West: Medium

Central: Low

Evaluate Response Times Within Each Priority:

East (Highest): 35 ms

South (High): 30 ms

West (Medium): 50 ms

Central (Low): 20 ms

Given the highest priority is 'East' with a response time of 35 ms, users will connect to the East gateway based on the highest priority.

Question 413

Report
Export
Collapse

A company wants to deploy IPv6 on its network which requires that all company Palo Alto Networks firewalls process IPv6 traffic and to be configured with IPv6 addresses. Which consideration should the engineers take into account when planning to enable IPv6?

A.
Device > Setup Settings Do not enable on each interface
A.
Device > Setup Settings Do not enable on each interface
Answers
B.
Network > Zone Settings Do not enable on each interface
B.
Network > Zone Settings Do not enable on each interface
Answers
C.
Network > Zone Settings Enable on each interface
C.
Network > Zone Settings Enable on each interface
Answers
D.
Device > Setup Settings Enable on each interface
D.
Device > Setup Settings Enable on each interface
Answers
Suggested answer: D

Question 414

Report
Export
Collapse

Which conditions must be met when provisioning a high availability (HA) cluster? (Choose two.)

A.
HA cluster members must share the same zone names.
A.
HA cluster members must share the same zone names.
Answers
B.
Dedicated HA communication interfaces for the cluster must be used over HSCI interfaces
B.
Dedicated HA communication interfaces for the cluster must be used over HSCI interfaces
Answers
C.
Panorama must be used to manage HA cluster members.
C.
Panorama must be used to manage HA cluster members.
Answers
D.
HA cluster members must be the same firewall model and run the same PAN-OS version.
D.
HA cluster members must be the same firewall model and run the same PAN-OS version.
Answers
Suggested answer: B, D

Question 415

Report
Export
Collapse

A firewall engineer is tasked with defining signatures for a custom application. Which two sources can the engineer use to gather information about the application patterns'? (Choose two.)

A.
Traffic logs
A.
Traffic logs
Answers
B.
Data filtering logs
B.
Data filtering logs
Answers
C.
Policy Optimizer
C.
Policy Optimizer
Answers
D.
Wireshark
D.
Wireshark
Answers
Suggested answer: D

Question 416

Report
Export
Collapse

A firewall administrator has confirm reports of a website is not displaying as expected, and wants to ensure that decryption is not causing the issue. Which three methods can the administrator use to determine if decryption is causing the website to fail? (Choose three.)

A.
Disable SSL handshake logging
A.
Disable SSL handshake logging
Answers
B.
Investigate decryption logs of the specific traffic to determine reasons for failure.
B.
Investigate decryption logs of the specific traffic to determine reasons for failure.
Answers
C.
Temporarily disable SSL decryption for all websites to troubleshoot the issue
C.
Temporarily disable SSL decryption for all websites to troubleshoot the issue
Answers
D.
Create a policy-based 'No Decrypt' rule in the decryption policy to include specific traffic from decryption.
D.
Create a policy-based 'No Decrypt' rule in the decryption policy to include specific traffic from decryption.
Answers
E.
Move the policy with action decrypt to the top of the decryption policy rulebase.
E.
Move the policy with action decrypt to the top of the decryption policy rulebase.
Answers
Suggested answer: B, C, D

Question 417

Report
Export
Collapse

An internal audit team has requested additional information to be included inside traffic logs forwarded from Palo Alto Networks firewalls to an interal syslog server. Where can the firewall engineer define the data to be added into each forwarded log?

A.
Data Patterns within Objects > Custom Objects
A.
Data Patterns within Objects > Custom Objects
Answers
B.
Custom Log Format within Device Server Profiles> Syslog
B.
Custom Log Format within Device Server Profiles> Syslog
Answers
C.
Built-in Actions within Objects > Log Forwarding Profile
C.
Built-in Actions within Objects > Log Forwarding Profile
Answers
D.
Logging and Reporting Settings within Device > Setup > Management
D.
Logging and Reporting Settings within Device > Setup > Management
Answers
Suggested answer: B

Question 418

Report
Export
Collapse

A threat intelligence team has requested more than a dozen Short signatures to be deployed on all perimeter Palo Alto Networks firewalls. How does the firewall engineer fulfill this request with the least time to implement?

A.
Use Expedition to create custom vulnerability signatures, deploy them to Panorama using API and push them to the firewalls.
A.
Use Expedition to create custom vulnerability signatures, deploy them to Panorama using API and push them to the firewalls.
Answers
B.
Create custom vulnerability signatures manually on one firewall export them, and then import them to the rest of the firewalls
B.
Create custom vulnerability signatures manually on one firewall export them, and then import them to the rest of the firewalls
Answers
C.
Use Panorama IPs Signature Converter to create custom vulnerability signatures, and push them to the firewalls.
C.
Use Panorama IPs Signature Converter to create custom vulnerability signatures, and push them to the firewalls.
Answers
D.
Create custom vulnerability signatures manually in Panorama, and push them to the firewalls
D.
Create custom vulnerability signatures manually in Panorama, and push them to the firewalls
Answers
Suggested answer: C

Question 419

Report
Export
Collapse

A firewall administrator is changing a packet capture filter to troubleshoot a specific traffic flow Upon opening the newly created packet capture, the administrator still sees traffic for the previous fitter What can the administrator do to limit the captured traffic to the newly configured filter?

A.
Command line > debug dataplane packet-diag clear filter-marked-session all
A.
Command line > debug dataplane packet-diag clear filter-marked-session all
Answers
B.
In the GLH under Monitor > Packet Capture > Manage Filters under Ingress Interface select an interface
B.
In the GLH under Monitor > Packet Capture > Manage Filters under Ingress Interface select an interface
Answers
C.
Command line> debug dataplane packet-diag clear filter all
C.
Command line> debug dataplane packet-diag clear filter all
Answers
D.
In the GUI under Monitor > Packet Capture > Manage Filters under the Non-IP field, select 'exclude'
D.
In the GUI under Monitor > Packet Capture > Manage Filters under the Non-IP field, select 'exclude'
Answers
Suggested answer: C

Question 420

Report
Export
Collapse

An administrator is informed that the engineer who previously managed all the VPNs has left the company. According to company policies the administrator must update all the IPSec VPNs with new pre-shared keys Where are the pre-shared keys located on the firewall?

A.
Network/lPSec Tunnels
A.
Network/lPSec Tunnels
Answers
B.
Network/Network Profiles/IKE Gateways
B.
Network/Network Profiles/IKE Gateways
Answers
C.
Network/Network ProfilesTlPSec Crypto
C.
Network/Network ProfilesTlPSec Crypto
Answers
D.
Network/Network Profiles/IKE Crypto
D.
Network/Network Profiles/IKE Crypto
Answers
Suggested answer: B
Total 426 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms