Browse Exams Pricing

ExamsPCNSEQuestions

PCNSE Exam Questions

860 real PCNSE exam questions with expert-verified answers and explanations. Page 11 of 18.

Question #516Operate
While analyzing the Traffic log, you see that some entries show "unknown-tcp" in the Application column What best explains these occurrences?
App-IDTraffic LogsApplication ClassificationSession Flow
Question #517Configuration Troubleshooting
A firewall should be advertising the static route 10.2.0.0/24 into OSPF. The configuration on the neighbour is correct, but the route is not in the neighbour's routing table. Which...
OSPF RedistributionStatic RoutesRouting ProtocolsTroubleshooting
Question #518Deploy and Configure
Which statement best describes the Automated Commit Recovery feature?
Automated Commit RecoveryPanorama ManagementConfiguration ManagementFirewall Connectivity
Question #519Deploy and Configure
A firewall administrator wants to avoid overflowing the company syslog server with traffic logs. What should the administrator do to prevent the forwarding of DNS traffic logs to s...
Log Forwarding ProfilesSyslogLogging ConfigurationTraffic Logs
Question #520Deploy and Configure
Review the images. A firewall policy that permits web traffic includes the following: What is the result of traffic that matches the "Alert - Threats" Profile Match List?
Security ProfilesIP TaggingThreat PreventionFirewall Policy
Question #521Deploy and Configure
An administrator needs to optimize traffic to prefer business-critical applications over non-critical applications. QoS natively integrates with which feature to provide service qu...
QoSApp-IDTraffic PrioritizationApplication Control
Question #522Deploy and Configure
During a laptop-replacement project, remote users must be able to establish a GlobalProtect VPN connection to the corporate network before logging in to their new Windows 10 endpoi...
GlobalProtectConnect Before LogonWindows Client ConfigurationEndpoint VPN
Question #523Deploy and Configure
Which three actions can Panorama perform when deploying PAN-OS images to its managed devices? (Choose three.)
PanoramaSoftware DeploymentPAN-OS UpgradeDevice Management
Question #524Deploy and Configure
During the implementation of SSL Forward Proxy decryption, an administrator imports the company's Enterprise Root CA and Intermediate CA certificates onto the firewall. The company...
SSL DecryptionCertificate ManagementPKIForward Trust / Forward Untrust
Question #525Deploy and Configure
How would an administrator configure a Bidirectional Forwarding Detection profile for BGP after enabling the Advance Routing Engine run on PAN-OS 10.2?
BFD ConfigurationBGPAdvanced Routing EnginePAN-OS GUI
Question #526Deploy and Configure
An administrator has configured a pair of firewalls using high availability in Active/Passive mode. Path Monitoring has been enabled with a Failure Condition of "any." A path group...
High Availability (HA)Path MonitoringFailover ConditionsHA Configuration
Question #527Core Concepts
With the default TCP and UDP settings on the firewall, what will be the identified application in the following session?
App-IDApplication IdentificationTraffic ClassificationSession Classification
Question #528Deploy and Configure
Which Security profile generates a packet threat type found in threat logs?
Security ProfilesZone ProtectionThreat LogsPacket-based attacks
Question #529Deploy and Configure
A client wants to detect the use of weak and manufacturer-default passwords for loT devices. Which option will help the customer?
Vulnerability ProtectionIoT SecuritySecurity ProfilesWeak Credentials Detection
Question #530Operate
A firewall administrator notices that many Host Sweep scan attacks are being allowed through the firewall sourced from the outside zone. What should the firewall administrator do t...
Zone ProtectionReconnaissance ProtectionHost SweepThreat Mitigation
Question #531Deploy and Configure
An engineer needs to permit XML API access to a firewall for automation on a network segment that is routed through a Layer 3 subinterface on a Palo Alto Networks firewall. However...
Interface Management ProfileXML APIManagement AccessData Plane Management
Question #532Configuration Troubleshooting
An engineer needs to see how many existing SSL decryption sessions are traversing a firewall What command should be used?
SSL DecryptionCLI CommandsSession MonitoringDataplane Statistics
Question #533Deploy and Configure
Which steps should an engineer take to forward system logs to email?
Log ForwardingEmail ProfilesSystem LogsFirewall Configuration
Question #534Plan
A network security administrator has an environment with multiple forms of authentication. There is a network access control system in place that authenticates and restricts access...
User-IDSyslogAuthentication SourcesDeployment Strategy
Question #535Deploy and Configure
Refer to the diagram. Users at an internal system want to ssh to the SSH server. The server is configured to respond only to the ssh requests coming from IP 172.16.15.1. In order t...
Security PolicySource NATPalo Alto Networks FirewallPacket Flow
Question #536Core Concepts
Which Panorama feature protects logs against data loss if a Panorama server fails?
Panorama Log CollectorsLog RedundancyCollector GroupsData Loss Protection
Question #537Configuration Troubleshooting
An administrator is seeing one of the firewalls in a HA active/passive pair moved to "suspended" state due to Non-functional loop. Which three actions will help the administrator r...
High AvailabilityTroubleshootingLink MonitoringHA Suspended State
Question #538Deploy and Configure
An administrator is attempting to create policies for deployment of a device group and template stack. When creating the policies, the zone drop-down list does not include the requ...
PanoramaTemplates and Device GroupsPolicy ConfigurationZone Management
Question #539Deploy and Configure
What can be used to create dynamic address groups?
Dynamic Address GroupsTagsSecurity Policy
Question #540Operate
A firewall administrator has been tasked with ensuring that all Panorama configuration is committed and pushed to the devices at the end of the day at a certain time. How can they...
PanoramaConfiguration ManagementScheduled TasksCommit and Push
Question #541Deploy and Configure
Which statement accurately describes service routes and virtual systems?
Virtual SystemsService RoutesManagement TrafficRoute Inheritance
Question #542Operate
You have upgraded Panorama to 10.2 and need to upgrade six Log Collectors. When upgrading Log Collectors to 10.2, you must do what?
Log Collector upgradePanorama managementSoftware upgrade procedureConcurrent upgrade
Question #543Operate
Which configuration is backed up using the Scheduled Config Export feature in Panorama?
PanoramaConfiguration BackupScheduled ExportRunning Configuration
Question #544Deploy and Configure
Cortex XDR notifies an administrator about grayware on the endpoints. There are no entries about grayware in any of the logs of the corresponding firewall. Which setting can the ad...
WildFireGraywareLoggingFirewall Configuration
Question #545Operate
You have upgraded your Panorama and Log Collectors lo 10.2 x. Before upgrading your firewalls using Panorama, what do you need do?
Panorama UpgradeFirewall ManagementConfiguration SynchronizationUpgrade Best Practices
Question #546Operate
An administrator creates an application-based security policy rule and commits the change to the firewall. Which two methods should be used to identify the dependent applications f...
Security PolicyApplication DependencyPolicy ManagementFirewall Configuration Verification
Question #547Configuration Troubleshooting
A network engineer has discovered that asymmetric routing is causing a Palo Alto Networks firewall to drop traffic. The network architecture cannot be changed to correct this. Whic...
Asymmetric RoutingSession SettingsZone Protection ProfilesTCP Handling
Question #548Operate
Which CLI command is used to determine how much disk space is allocated to logs?
CLI commandsLoggingDisk managementSystem monitoring
Question #549Operate
An engineer has been tasked with reviewing traffic logs to find applications the firewall is unable to identify with App-ID. Why would the application field display as incomplete?
App-IDTraffic LogsTCP HandshakeSession Establishment
Question #550Deploy and Configure
Which Panorama mode should be used so that all logs are sent to, and only stored in. Cortex Data Lake?
Panorama DeploymentPanorama ModesCortex Data LakeLog Management
Question #551Configuration Troubleshooting
The Aggregate Ethernet interface is showing down on a passive PA-7050 firewall of an active/passive HA pair. The HA Passive Link State is set to "Auto" under Device > High Availabi...
HA ConfigurationLACPInterface StatusPassive Link State
Question #552Operate
An administrator has configured a pair of firewalls using high availability in Active/Passive mode. Link and Path Monitoring is enabled with the Failure Condition set to `any`. The...
High AvailabilityLink MonitoringLink GroupsHA Failover Logic
Question #553Deploy and Configure
An engineer is pushing configuration from Panorama lo a managed firewall. What happens when the pushed Panorama configuration has Address Object names that duplicate the Address Ob...
PanoramaConfiguration ManagementAddress ObjectsCommit Operations
Question #554Deploy and Configure
What is a correct statement regarding administrative authentication using external services with a local authorization method?
Administrative AccessAuthenticationAuthorizationExternal Services
Question #555Configuration Troubleshooting
A network administrator is troubleshooting an issue with Phase 2 of an IPSec VPN tunnel. The administrator determines that the lifetime needs to be changed to match the peer. Where...
IPSec VPNPhase 2IPSec Crypto ProfileVPN Lifetime
Question #556Deploy and Configure
An engineer is tasked with enabling SSL decryption across the environment. What are three valid parameters of an SSL Decryption policy? (Choose three.)
SSL DecryptionDecryption PolicyPolicy ParametersSecurity Policies
Question #557Deploy and Configure
A firewall administrator has been tasked with ensuring that all Panorama-managed firewalls forward traffic logs to Panorama. In which section is this configured?
Panorama LoggingLog ForwardingDevice Group Configuration
Question #558Operate
An administrator discovers that a file blocked by the WildFire inline ML feature on the firewall is a false-positive action. How can the administrator create an exception for this...
WildFireFalse PositivesSecurity ProfilesFile Blocking Exceptions
Question #559Deploy and Configure
Which feature checks Panorama connectivity status after a commit?
PanoramaCommitAutomated Commit RecoveryConnectivity
Question #560Deploy and Configure
An administrator wants to grant read-only access to all firewall settings, except administrator accounts, to a new-hire colleague in the IT department. Which dynamic role does the...
Administrative RolesRole-Based Access Control (RBAC)Access Management
Question #561Deploy and Configure
Refer to the screenshots. Without the ability to use Context Switch, where do admin accounts need to be configured in order to provide admin access to Panorama and to the managed d...
Panorama AdministrationAdmin AccountsConfiguration HierarchyCentralized Management
Question #562Plan
Your company wants greater visibility into their traffic and has asked you to start planning an SSL Decryption project. The company does not have a PKI infrastructure, and multiple...
SSL DecryptionPKICertificate AuthoritiesCertificate Generation
Question #563Core Concepts
Given the screenshot, how did the firewall handle the traffic?
Security PoliciesSecurity ProfilesThreat PreventionTraffic Processing
Question #564Deploy and Configure
A network administrator notices there is a false-positive situation after enabling Security profiles. When the administrator checks the threat prevention logs, the related signatur...
Security ProfilesAnti-SpywareThreat ExceptionsFalse Positive
Question #565Configuration Troubleshooting
A firewall administrator is investigating high packet buffer utilization in the company firewall. After looking at the threat logs and seeing many flood attacks coming from a singl...
Packet Buffer ProtectionZone Protection ProfileDoS ProtectionFirewall Configuration

PreviousPage 11 of 18Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.