Ask Question
Palo Alto Networks PCNSE Practice Test - Questions Answers, Page 12
List of questions
Question 111
During the implementation of SSL Forward Proxy decryption, an administrator imports the company's Enterprise Root CA and Intermediate CA certificates onto the firewall. The company's Root and Intermediate CA certificates are also distributed to trusted devices using Group Policy and GlobalProtect. Additional device certificates and/or Subordinate certificates requiring an Enterprise CA chain of trust are signed by the company's Intermediate CA.
Which method should the administrator use when creating Forward Trust and Forward Untrust certificates on the firewall for use with decryption?
Explanation:
Generate a CA certificate for Forward Trust (step 2) a self-signed CA for Forward Untrust (step 4)https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/decryption/configure-ssl-forward- proxy
Question 112
How would an administrator configure a Bidirectional Forwarding Detection profile for BGP after enabling the Advance Routing Engine run on PAN-OS 10.2?
Explanation:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClivCAC
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-networking-admin/advanced- routing/create-bfd-profiles#idf2ccda44-0678-4df3-ad1d-2ec8f47cec7b then https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-networking-admin/advanced- routing/configure-bgp-on-an-advanced-routing-engine
Question 113
An administrator has configured a pair of firewalls using high availability in Active/Passive mode.
Path Monitoring has been enabled with a Failure Condition of "any." A path group is configured with Failure Condition of "all" and contains a destination IP of 8.8.8.8 and 4.2.2.2 with a Ping Interval of 500ms and a Ping count of 3.
Which scenario will cause the Active firewall to fail over?
Explanation:
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-web-interface-help/device/device-high- availability/ha-link-and-path-monitoring
Question 114
With the default TCP and UDP settings on the firewall, what will be the identified application in the following session?
Explanation:
UDP connection on port 443. This would trigger unknown-udp. Incomplete is used in TCP connections only.https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClibCAC
Question 115
Which profile generates a packet threat type found in threat logs?
Explanation:
"Threat/Content Type (subtype) Subtype of threat log." "packetóPacket-based attack protectiontriggered by a Zone Protection profile." https://docs.paloaltonetworks.com/pan-os/10-2/pan-os- admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/threat-log-fieldshttps://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/monitoring/use-syslog-for- monitoring/syslog-field-descriptions/threat-log-fields packetóPacket-based attack protection triggered by a Zone Protection profile.
Question 116
A client wants to detect the use of weak and manufacturer-default passwords for loT devices. Which option will help the customer?
Explanation:
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/policy/security-profiles
Question 117
A firewall administrator notices that many Host Sweep scan attacks are being allowed through the firewall sourced from the outside zone. What should the firewall administrator do to mitigate this type of attack?
Explanation:
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/zone-protection-and-dos- protection/configure-zone-protection-to-increase-network-security/configure-reconnaissance- protection
Question 118
An engineer needs to permit XML API access to a firewall for automation on a network segment that is routed through a Layer 3 subinterface on a Palo Alto Networks firewall. However, this network segment cannot access the dedicated management interface due to the Security policy.
Without changing the existing access to the management interface, how can the engineer fulfill this request?
Explanation:
An interface management profile defines which services are available on an interface, such as HTTPS, SSH, ping, or SNMP. By enabling HTTPS in an interface management profile on the subinterface, the engineer can allow XML API access to the firewall for automation on the network segment that is routed through the subinterface. Specifying the subinterface as a management interface in Setup > Device > Interfaces is not possible, as only physical interfaces can be designated as management interfaces. Adding the network segment's IP range to the Permitted IP Addresses list will not help, as this list only applies to the dedicated management interface. Configuring a service route for HTTP to use the subinterface will not help, as this will only affect the outbound traffic from the firewall to external services, not the inbound traffic to the firewall for XML API access. Reference: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/ networking/configure- interfaces/configure-interface-management-profiles https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-panorama-api/get-started-with-the-pan-os-xml-api/enable-api-access
Question 119
An engineer needs to see how many existing SSL decryption sessions are traversing a firewall What command should be used?
Explanation:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClhdCAC
Question 120
Which steps should an engineer take to forward system logs to email?
Explanation:
An email profile defines the email server and sender address for sending email notifications from the firewall or Panorama. To forward system logs to email, the engineer needs to create a new email profile under Device > Server Profiles > Email and configure the required settings, such as SMTP server, sender email address, and recipient email address. Then, the engineer needs to navigate to Device > Log Settings > System and select the email profile under Email for each severity level of system logs that need to be forwarded. Enabling log forwarding under the email profile in the Objects tab or in the Device tab is not possible, as log forwarding profiles are configured under Objects > Log Forwarding. Log forwarding profiles are used for forwarding threat, traffic, URL filtering, data filtering, HIP match, configuration, and correlation logs, not system logs. Reference: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/monitoring/configure-email-alerts https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/monitoring/configure-log-forwarding
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
15
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
40
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Practice Tests
Vendor:
Exam Questions:
.png)
Learners
Last Updated
Language
Question