Browse Exams Pricing

ExamsPCNSEQuestions

PCNSE Exam Questions

860 real PCNSE exam questions with expert-verified answers and explanations. Page 12 of 18.

Question #566Configuration Troubleshooting
A network engineer is troubleshooting a VPN and wants to verify whether the decapsulation/encapsulation counters are increasing. Which CLI command should the engineer run?
VPN TroubleshootingCLI CommandsIPSec Counters
Question #567Configuration Troubleshooting
An engineer is troubleshooting a traffic-routing issue. What is the correct packet-flow sequence?
Packet FlowRoutingPBFSecurity Policy
Question #568Operate
While investigating a SYN flood attack, the firewall administrator discovers that legitimate traffic is also being dropped by the DoS profile. If the DoS profile action is set to R...
DoS ProtectionSYN FloodSYN CookiesSecurity Profiles
Question #569Deploy and Configure
A firewall administrator wants to have visibility on one segment of the company network. The traffic on the segment is routed on the Backbone switch. The administrator is planning...
vWireInterface ModesDeploymentNetwork Integration
Question #570Deploy and Configure
A company is deploying User-ID in their network. The firewall team needs to have the ability to see and choose from a list of usernames and user groups directly inside the Panorama...
User-IDPanoramaPolicy ManagementMaster Device Configuration
Question #571Configuration Troubleshooting
After some firewall configuration changes, an administrator discovers that application identification has started failing. The administrator investigates further and notices that a...
App-IDTroubleshootingTCP QueuesPerformance
Question #572Deploy and Configure
A network administrator configured a site-to-site VPN tunnel where the peer device will act as initiator. None of the peer addresses are known. What can the administrator configure...
Site-to-site VPNDynamic IP VPNVPN Peer Configuration
Question #573Core Concepts
Which feature of PAN-OS SD-WAN allows you to configure a bandwidth-intensive application to go directly to the internet through the branch's ISP link instead of going back to the d...
SD-WANDirect Internet AccessTraffic SteeringWAN Optimization
Question #574Deploy and Configure
A network administrator is trying to prevent domain username and password submissions to phishing sites on some allowed URL categories. Which set of steps does the administrator ne...
URL FilteringCredential Phishing PreventionSecurity ProfilesFirewall Configuration
Question #575Deploy and Configure
Which feature of Panorama allows an administrator to create a single network configuration that can be reused repeatedly for large-scale deployments even if values of configured ob...
PanoramaTemplate VariablesConfiguration ManagementScalability
Question #576Deploy and Configure
A network administrator wants to deploy SSL Inbound Inspection. What two attributes should the required certificate have? (Choose two.)
SSL Inbound InspectionCertificate attributesPrivate keySubject Alternative Name
Question #577Deploy and Configure
Which component enables you to configure firewall resource protection settings?
DoS ProtectionFirewall Resource ProtectionSecurity ProfilesPAN-OS Configuration
Question #578Operate
How can an administrator use the Panorama device-deployment option to update the apps and threat version of an HA pair of managed firewalls?
PanoramaContent UpdatesHigh Availability (HA)Device Deployment
Question #579Operate
A Panorama administrator configures a new zone and uses the zone in a new Security policy. After the administrator commits the configuration to Panorama, which device-group commit...
Panorama ManagementCommit/Push OperationsDevice Groups & TemplatesConfiguration Synchronization
Question #580Deploy and Configure
An engineer needs to configure SSL Forward Proxy to decrypt traffic on a PA-5260. The engineer uses a forward trust certificate from the enterprise PKI that expires December 31, 20...
SSL Forward ProxyCertificate ValiditySSL DecryptionPA-Series Firewalls
Question #581Deploy and Configure
Refer to the exhibit. Based on the screenshots above, what is the correct order in which the various rules are deployed to firewalls inside the DATACENTER_DG device group?
Panorama PolicyRule OrderDevice GroupsPolicy Deployment
Question #582Deploy and Configure
A firewall engineer reviews the PAN-OS GlobalProtect application and sees that it implicitly uses web-browsing and depends on SSL. When creating a new rule, what is needed to allow...
GlobalProtectApp-IDSecurity PolicyApplication Dependencies
Question #583Deploy and Configure
Four configuration choices are listed, and each could be used to block access to a specific URL. If you configured each choice to block the same URL, then which choice would be eva...
URL FilteringProcessing OrderPAN-DBCustom URL Category
Question #584Configuration Troubleshooting
After configuring HA in Active/Passive mode on a pair of firewalls the administrator gets a failed commit with the following details. What are two s for this type of issue? (Choose...
HA ConfigurationCommit FailureHA1-backupInterface Roles
Question #585Deploy and Configure
A company with already deployed Palo Alto firewalls has purchased their first Panorama server. The security team has already configured all firewalls with the Panorama IP address a...
Panorama ManagementFirewall OnboardingConfiguration MigrationInitial Panorama Setup
Question #586Operate
Which log type would provide information about traffic blocked by a Zone Protection profile?
LoggingZone ProtectionThreat PreventionSecurity Features
Question #587Deploy and Configure
An engineer is creating a template and wants to use variables to standardize the configuration across a large number of devices. Which two variable types can be defined? (Choose tw...
TemplatesVariable typesConfiguration managementPanorama
Question #588Deploy and Configure
An engineer is bootstrapping a VM-Series Firewall Other than the /config folder, which three directories are mandatory as part of the bootstrap package directory structure? (Choose...
VM-Series FirewallBootstrapDeploymentDirectory Structure
Question #589Configuration Troubleshooting
Review the screenshot of the Certificates page. An administrator for a small LLC has created a series of certificates as shown, to use for a planned Decryption roll out. The admini...
SSL DecryptionPKICertificate Trust ChainForward Proxy Decryption
Question #590Deploy and Configure
Which statement about High Availability timer settings is true?
High AvailabilityFailoverTimer SettingsHA Configuration
Question #591Deploy and Configure
An engineer needs to collect User-ID mappings from the company's existing proxies. What two methods can be used to pull this data from third party proxies? (Choose two.)
User-IDProxy IntegrationSyslogXFF Headers
Question #592Deploy and Configure
An engineer needs to configure a standardized template for all Panorama-managed firewalls. These settings will be configured on a template named "Global" and will be included in al...
Panorama TemplatesGlobal ConfigurationPolicy StandardizationSystem Settings
Question #593Operate
An engineer has been given approval to upgrade their environment 10 PAN-OS 10.2. The environment consists of both physical and virtual firewalls a virtual Panorama HA pair, and vir...
PAN-OS UpgradeUpgrade ProcedurePanoramaLog Collectors
Question #594Operate
Which benefit do policy rule UUlDs provide?
Policy ManagementUUIDsAuditing
Question #595Deploy and Configure
A network security administrator wants to begin inspecting bulk user HTTPS traffic flows egressing out of the internet edge firewall. Which certificate is the best choice to config...
SSL DecryptionSSL Forward ProxyCertificatesFirewall Configuration
Question #596Deploy and Configure
Which GlobalProtect component must be configured to enable Clientless VPN?
GlobalProtectClientless VPNPortalVPN Configuration
Question #597Deploy and Configure
What is a feature of the PA-440 hardware platform?
PA-440 FeaturesHardware PlatformsZero Touch ProvisioningAutomated Deployments
Question #598Deploy and Configure
A Firewall Engineer is migrating a legacy firewall to a Palo Alto Networks firewall in order to use features like App-ID and SSL decryption. Which order of steps is best to complet...
Firewall migrationApp-ID deploymentSSL decryption deploymentSecurity policy configuration
Question #599Configuration Troubleshooting
A security engineer received multiple reports of an IPSec VPN tunnel going down the night before. The engineer couldn't find any events related to VPN under system logs. What is th...
VPN TroubleshootingIPSec VPNTunnel MonitoringLogging
Question #600Configuration Troubleshooting
A firewall administrator needs to check which egress interface the firewall will use to route the IP 10.2.5.3. Which command should they use?
CLI commandsRoutingFIB lookupDiagnostic tools
Question #601Deploy and Configure
A client is concerned about web shell attacks against their servers. Which profile will protect the individual servers?
Web ShellsThreat PreventionAnti-Spyware ProfileSecurity Profiles
Question #602Deploy and Configure
Which firewall feature do you need to configure to query Palo Alto Networks service updates over a data-plane interface instead of the management interface?
Service RoutesManagement TrafficFirewall ConfigurationData Plane Interfaces
Question #603Deploy and Configure
How is an address object of type IP range correctly defined?
Address ObjectsIP RangePalo Alto ConfigurationNetwork Objects
Question #604Deploy and Configure
An administrator wants to prevent users from unintentionally accessing malicious domains where data can be exfiltrated through established connections to remote systems. From the P...
URL FilteringSecurity ProfilesCommand and ControlThreat Prevention
Question #605Deploy and Configure
In order to fulfill the corporate requirement to back up the configuration of Panorama and the Panorama-managed firewalls securely which protocol should you select when adding a ne...
Configuration BackupSecurity ProtocolsSCPPanorama
Question #606Core Concepts
A network administrator created an intrazone Security policy rule on the firewall. The source zones were set to IT, Finance, and HR. Which two types of traffic will the rule apply...
Security PolicyIntrazoneZone-based FirewallTraffic Flow
Question #607Configuration Troubleshooting
An administrator connected a new fiber cable and transceiver to interface Ethernet1/1 on a Palo Alto Networks firewall. However, the link does not seem to be coming up. If an admin...
CLI CommandsTroubleshootingInterface DiagnosticsHardware Monitoring
Question #608Deploy and Configure
An engineer wants to forward all decrypted traffic on a PA-850 firewall to a forensic tool with a decrypt mirror interface. Which statement is true regarding the configuration of t...
Decryption Port MirroringFirewall LicensingFeature ConfigurationPA-850
Question #609Operate
Which statement is true regarding a heatmap in a BPA report?
BPA ReportHeatmapBest PracticesSecurity Assessment
Question #610Deploy and Configure
An engineer is configuring secure web access (HTTPS) to a Palo Alto Networks firewall for management. Which profile should be configured to ensure that management access via web br...
HTTPS ManagementSSL/TLS Service ProfileCertificates
Question #611Configuration Troubleshooting
In an existing deployment, an administrator with numerous firewalls and Panorama does not see any WildFire logs in Panorama. Each firewall has an active WildFire subscription. On e...
WildFireLog ForwardingPanorama IntegrationThreat Logs
Question #612Deploy and Configure
An administrator wants to configure the Palo Alto Networks Windows User-ID agent to map IP addresses to usernames. The company uses four Microsoft Active Directory servers and two...
User-IDUser-ID AgentActive DirectoryExchange Server
Question #613Deploy and Configure
What is the best definition of the Heartbeat Interval?
High AvailabilityHA HeartbeatHA Peers
Question #614Operate
A QoS profile is configured as shown in the image. The following throughput is realized: - Class 3 traffic 325Mbps - Class 5 traffic 470Mbps - Class 7 traffic: 330Mbps What happens...
QoSPacket DroppingTraffic PrioritizationEgress Policy
Question #615Operate
Which three options does Panorama offer for deploying dynamic updates to its managed devices? (Choose three.)
PanoramaDynamic UpdatesUpdate DeploymentContent Management

PreviousPage 12 of 18Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.