PCNSE Exam Questions
860 real PCNSE exam questions with expert-verified answers and explanations. Page 10 of 18.
- Question #465Deploy and Configure
During the process of developing a decryption strategy and evaluating which websites are required for corporate users to access, several sites have been identified that cannot be d...
SSL DecryptionDecryption ExclusionUnsupported CiphersFirewall Configuration - Question #466Deploy and Configure
When using certificate authentication for firewall administration, which method is used for authorization?
Firewall AdministrationAuthenticationAuthorizationCertificates - Question #467Deploy and Configure
When you navigate to Network > GlobalProtect > Portals > Agent > (config) > App and look in the Connect Method section, which three options are available? (Choose three.)
GlobalProtectAgent ConfigurationConnect MethodPortal Configuration - Question #468Configuration Troubleshooting
An administrator analyzes the following portion of a VPN system log and notices the following issue: `Received local id 10.10.1.4/24 type IPv4 address protocol 0 port 0, received r...
VPN TroubleshootingIPSecProxy-IDLog Analysis - Question #469Deploy and Configure
What is considered the best practice with regards to zone protection?
Zone ProtectionLoggingBest PracticesDoS Protection - Question #470Deploy and Configure
An engineer wants to implement the Palo Alto Networks firewall in VWire mode on the internet gateway and wants to be sure of the functions that are supported on the vwire interface...
VWire ModeFirewall CapabilitiesNATSSL Decryption - Question #471Deploy and Configure
An administrator needs to build Security rules in a Device Group that allow traffic to specific users and groups defined in Active Directory. What must be configured in order to se...
User-IDGroup MappingPanoramaActive Directory - Question #472Plan
Which three use cases are valid reasons for requiring an Active/Active high availability deployment? (Choose three )
High AvailabilityActive/Active HADeploymentRedundancy - Question #473Deploy and Configure
Which protocol is supported by GlobalProtect Clientless VPN?
GlobalProtect Clientless VPNRDPRemote Access - Question #474Deploy and Configure
Cortex XDR notifies an administrator about grayware on the endpoints. There are no entnes about grayware in any of the logs of the corresponding firewall. Which setting can the adm...
WildFire ConfigurationGrayware ReportingLoggingFirewall Management - Question #475Deploy and Configure
What would allow a network security administrator to authenticate and identify a user with a new BYOD-type device that is not joined to the corporate domain?
Authentication PolicyBYODUser-IDUnknown User - Question #476Configuration Troubleshooting
Which statement is correct given the following message from the PanGPA log on the GlobalProtect app? Failed to connect to server at port:4767
GlobalProtect ClientTroubleshootingPanGPAPanGPS - Question #477Deploy and Configure
Which GlobalProtect component must be configured to enable Chentless VPN?
GlobalProtectClientless VPNVPN componentsPortal configuration - Question #478Plan
A network security engineer must implement Quality of Service policies to ensure specific levels of delivery guarantees for various applications in the environment. ]They want to e...
QoSVirtual SystemsFeature CapabilitiesNetwork Performance - Question #479Deploy and Configure
Which statement regarding HA timer settings is true?
High AvailabilityHA ProfilesFailover TimersNetwork Configuration - Question #480Deploy and Configure
What is the best description of the HA4 Keep-Alive Threshold (ms)?
High AvailabilityHA Keep-AliveFirewall ClusteringHA Parameters - Question #481Operate
Where is information about packet buffer protection logged?
Packet Buffer ProtectionLoggingSystem LogTraffic Log - Question #482Deploy and Configure
An administrator needs firewall access on a trusted interface. Which two components are required to configure certificate-based, secure authentication to the web UI? (Choose two.)
Web UI SecurityCertificate-based AuthenticationServer CertificatesCertificate Profiles - Question #483Plan
When planning to configure SSL Froward Proxy on a PA 5260, a user asks how SSL decryption can be implemented using phased approach in alignment with Palo Alto Networks best practic...
SSL DecryptionForward ProxyBest PracticesPhased Deployment - Question #484Deploy and Configure
A prospect is eager to conduct a Security Lifecycle Review (SLR) with the aid of the Palo Alto Networks NGFW. Which interface type is best suited to provide the raw data for an SLR...
NGFW Interface ModesTap ModeSecurity Lifecycle Review (SLR)Passive Network Monitoring - Question #485Deploy and Configure
A user at an internal system queries the DNS server for their web server with a private IP of 10.250.241.131 in the webserver. The DNS server returns an address of the web server's...
NATU-Turn NATSecurity PolicyFirewall Configuration - Question #486Core Concepts
What is the function of a service route?
Service routesExternal servicesFirewall outbound access - Question #487Plan
An administrator allocates bandwidth to a Prisma Access Remote Networks compute location with three remote networks. What is the minimum amount of bandwidth the administrator could...
Prisma AccessRemote NetworksBandwidth SizingMinimum Requirements - Question #488Deploy and Configure
A network security engineer wants to prevent resource-consumption issues on the firewall. Which strategy is consistent with decryption best practices to ensure consistent performan...
Decryption ProfilesPerformance OptimizationPerfect Forward Secrecy (PFS)SSL Decryption - Question #489Deploy and Configure
What can you use with Global Protect to assign user-specific client certificates to each GlobalProtect user?
GlobalProtectClient CertificatesSCEPCertificate Management - Question #490Operate
In the screenshot above which two pieces ot information can be determined from the ACC configuration shown? (Choose two)
ACCMonitoringTraffic VisibilityApplication Filtering - Question #491Deploy and Configure
An administrator needs to assign a specific DNS server to one firewall within a device group. Where would the administrator go to edit a template variable at the device level?
PanoramaTemplatesTemplate VariablesDevice-Level Configuration - Question #492Deploy and Configure
When configuring forward error correction (FEC) for PAN-OS SD-WAN, an administrator would turn on the feature inside which type of SD-WAN profile?
SD-WANForward Error Correction (FEC)PAN-OS ProfilesInterface Configuration - Question #493Deploy and Configure
The administrator for a small company has recently enabled decryption on their Palo Alto Networks firewall using a self-signed root certificate. They have also created a Forward Tr...
SSL DecryptionCertificatesSelf-signed CertificatesClient Trust - Question #494Deploy and Configure
An engineer is configuring Packet Buffer Protection on ingress zones to protect from single- session DoS attacks. Which sessions does Packet Buffer Protection apply to?
Packet Buffer ProtectionDoS PreventionSession HandlingSecurity Features - Question #495Deploy and Configure
A user at an external system with the IP address 65.124.57.5 queries the DNS server at 4.2.2.2 172.16.15.1. In order to reach the web server, which Security rule and NAT rule must...
NATSecurity PolicyFirewall ConfigurationExternal Access - Question #496Deploy and Configure
An administrator is building Security rules within a device group to block traffic to and from malicious locations. How should those rules be configured to ensure that they are eva...
Security PolicyRule Evaluation OrderPanorama Policy ManagementPre-Rules - Question #497Configuration Troubleshooting
A network security engineer is attempting to peer a virtual router on a PAN-OS firewall with an external router using the BGP protocol. The peer relationship is not establishing. W...
BGPTroubleshootingCLI CommandsRouting Protocols - Question #498Configuration Troubleshooting
A network administrator troubleshoots a VPN issue and suspects an IKE Crypto mismatch between peers. Where can the administrator find the corresponding logs after running a test co...
VPN TroubleshootingIKESystem LogsLogging - Question #499Operate
An administrator is using Panorama to manage me and suspects an IKE Crypto mismatch between peers, from the firewalls to Panorama. However, pre-existing logs from the firewalls are...
PanoramaLog ManagementHistorical DataLog Export - Question #500Operate
A firewall administrator is trying to identify active routes learned via BGP in the virtual router runtime stats within the GUI. Where can they find this information?
BGP RoutingGUI NavigationRouting TableRoute Flags - Question #501Deploy and Configure
What is the dependency for users to access services that require authentication?
Security PoliciesAccess ControlAuthentication - Question #502Deploy and Configure
SSL Forward Proxy decryption is configured but the firewall uses Untrusted-CA to sign the website https //www important-website com certificate End-users are receiving me "security...
SSL DecryptionForward ProxyCertificate ManagementCertificate Trust - Question #503Configuration Troubleshooting
A firewall has been assigned to a new template stack that contains both "Global" and "Local" templates in Panorama, and a successful commit and push has been performed. While valid...
Panorama Template StacksTemplate PrecedenceConfiguration TroubleshootingDevice Group and Template Management - Question #504Deploy and Configure
WildFire will submit for analysis blocked files that match which profile settings?
WildFireAnti-Virus ProfileThreat PreventionSecurity Profiles - Question #505Plan
A network administrator plans a Prisma Access deployment with three service connections, each with a BGP peering to a CPE. The administrator needs to minimize the BGP configuration...
Prisma AccessBGPDefault RoutingNetwork Design - Question #506Core Concepts
Which function is handled by the management plane (control plane) of a Palo Alto Networks firewall?
Management PlaneFirewall ArchitectureLogging - Question #507Plan
An organization wishes to roll out decryption but gets some resistance from engineering leadership regarding the guest network. What is a common obstacle for decrypting traffic fro...
SSL DecryptionGuest NetworkCertificate TrustForward Trust - Question #508Deploy and Configure
A firewall has Security policies from three sources: 1. locally created policies 2. shared device group policies as pre-rules 3. the firewall's device group as post-rules How will...
Palo Alto PanoramaSecurity PolicyRule OrderPolicy Inheritance - Question #509Core Concepts
An administrator wants to enable WildFire inline machine learning. Which three file types does WildFire inline ML analyze? (Choose three.)
WildFire Inline MLFile typesThreat analysisMalware detection - Question #511Deploy and Configure
A company requires that a specific set of ciphers be used when remotely managing their Palo Alto Networks appliances. Which profile should be configured in order to achieve this?
SSHManagement accessCipher controlSecurity profiles - Question #512Deploy and Configure
A company is using wireless controllers to authenticate users. Which source should be used for User-ID mappings?
User-IDSyslog IntegrationWireless AuthenticationIdentity Mapping - Question #513Deploy and Configure
An engineer is configuring SSL Inbound Inspection for public access to a company's application. Which certificate(s) need to be installed on the firewall to ensure that inspection...
SSL InspectionInbound DecryptionCertificatesPrivate Key - Question #514Deploy and Configure
A firewall administrator needs to be able to inspect inbound HTTPS traffic on servers hosted in their DMZ to prevent the hosted service from being exploited. Which combination of f...
DecryptionVulnerability ProtectionHTTPS InspectionThreat Prevention - Question #515Operate
Which two statements correctly describe Session 380280? (Choose two.)
SSL DecryptionApp-IDSession ProcessingTraffic Logs