Palo Alto Networks PCNSE Practice Test - Questions Answers, Page 49

Which statement explains the difference between using the PAN-OS integrated User-ID agent and the standalone User-ID agent when using Active Directory for user-to-IP mapping?

Which sessions does Packet Buffer Protection apply to when used on ingress zones to protect against single-session DoS attacks?

A customer wants to enhance the protection provided by their Palo Alto Networks NGFW deployment to cover public-facing company-owned domains from misconfigurations that point records to third-party sources. Which two actions should the network administrator perform to achieve this goal? (Choose two)

As a best practice, which URL category should you target first for SSL decryption?

Users are intermittently being cut off from local resources whenever they connect to GlobalProtect. After researching, it is determined that this is caused by an incorrect setting on one of the NGFWs. Which action will resolve this issue?

Which tool can gather information about the application patterns when defining a signature for a custom application?

During a routine security audit, the risk and compliance team notices a series of WildFire logs that contain a 'malicious' verdict and the action 'allow.' Upon further inspection, the team confirms that these same threats are automatically blocked by the firewalls the following day. How can the existing configuration be adjusted to ensure that new threats are blocked within minutes instead of having to wait until the following day?

Which translated port number should be used when configuring a NAT rule for a transparent proxy?

Which action can be taken to immediately remediate the issue of application traffic with a valid use case triggering the decryption log message, 'Received fatal alert UnknownCA from client'?