Browse Exams Pricing

ExamsPCNSEQuestions

PCNSE Exam Questions

860 real PCNSE exam questions with expert-verified answers and explanations. Page 13 of 18.

Question #616Configuration Troubleshooting
A network security engineer configured IP multicast in the virtual router to support a new application. Users in different network segments are reporting that they are unable to ac...
Multicast RoutingPIMNetwork ProtocolsInterface Configuration
Question #617Deploy and Configure
Given the Sample Log Forwarding Profile shown, which two statements are true? (Choose two.)
Log Forwarding ProfileSyslogPanoramaRFC 1918
Question #618Deploy and Configure
Based on the screenshots above, and with no configuration inside the Template Stack itself, what access will the device permit on its Management port?
Management InterfacePanorama TemplatesManagement ProfileNetwork Services
Question #619Configuration Troubleshooting
An engineer is attempting to resolve an issue with slow traffic. Which PAN-OS feature can be used to prioritize certain network traffic?
Quality of ServiceTraffic PrioritizationPAN-OS Features
Question #620Operate
An auditor is evaluating the configuration of Panorama and notices a discrepancy between the Panorama template and the local firewall configuration. When overriding the firewall co...
Panorama TemplatesConfiguration OverridesSynchronization Status
Question #621Configuration Troubleshooting
An engineer troubleshooting a VPN issue needs to manually initiate a VPN tunnel from the CLI. Which CLI command can the engineer use?
VPN TroubleshootingCLI CommandsIPSec VPNIKE
Question #622Plan
An engineer decides to use Panorama to upgrade devices to PAN-OS 10.2. Which three platforms support PAN-OS 10.2? (Choose three.)
PAN-OS UpgradePlatform CompatibilityPalo Alto HardwarePanorama Management
Question #623Operate
As a best practice, logging at session start should be used in which case?
LoggingSession ManagementTroubleshootingFirewall Configuration
Question #624Deploy and Configure
What must be configured to apply tags automatically to User-ID logs?
User-IDLoggingTaggingConfiguration
Question #625Deploy and Configure
The profile is configured to provide granular defense against targeted flood attacks for specific critical systems that are accessed by users from the internet. Which profile is th...
DoS ProtectionSecurity ProfilesThreat PreventionFlood Attacks
Question #626Configuration Troubleshooting
Which states will a pair of firewalls be in if their HA Group ID is mismatched?
High AvailabilityHA Group IDHA StatesConfiguration Troubleshooting
Question #627Configuration Troubleshooting
An engineer troubleshooting a site-to-site VPN finds a Security policy dropping the peer's IKE traffic at the edge firewall. Both VPN peers are behind a NAT, and NAT-T is enabled....
VPN TroubleshootingIKESecurity PolicyNAT-T
Question #628Plan
An engineer is tasked with deploying SSL Forward Proxy decryption for their organization. What should they review with their leadership before implementation?
SSL DecryptionLegal ComplianceAcceptable Usage PolicyDeployment Planning
Question #629Deploy and Configure
A network security engineer needs to enable Zone Protection in an environment that makes use of Cisco TrustSec Layer 2 protections. What should the engineer configure within a Zone...
Zone Protection ProfilesCisco TrustSecSGT ProtectionLayer 2 Security
Question #630Deploy and Configure
How should an administrator enable the Advance Routing Engine on a Palo Alto Networks firewall?
Advanced Routing EngineFirewall ConfigurationManagement SettingsRouting Features
Question #631Deploy and Configure
An administrator wants to enable Palo Alto Networks cloud services for Device Telemetry and IoT. Which type of certificate must be installed?
Device TelemetryIoT SecurityCloud ServicesCertificates
Question #632Operate
Which Palo Alto Networks tool provides configuration heat map displays for security controls?
Palo Alto Networks toolsBest Practice AssessmentConfiguration assessmentSecurity posture
Question #633Deploy and Configure
A company has configured a URL Filtering profile with override action on their firewall. Which two profiles are needed to complete the configuration? (Choose two.)
URL FilteringResponse PagesSSL/TLS ServiceInterface Management
Question #634Deploy and Configure
Which three authentication types can be used to authenticate users? (Choose three.)
Authentication TypesIdentity ManagementMulti-Factor AuthenticationSingle Sign-On
Question #635Deploy and Configure
A network administrator wants to deploy SSL Forward Proxy decryption. What two attributes should a forward trust certificate have? (Choose two.)
SSL DecryptionForward ProxyCertificatesPrivate Key
Question #636Plan
An administrator is assisting a security engineering team with a decryption rollout for inbound and forward proxy traffic. Incorrect firewall sizing is preventing the team from dec...
SSL DecryptionTraffic PrioritizationThreat PreventionSecurity Best Practices
Question #637Deploy and Configure
What is the best description of the Cluster Synchronization Timeout (min)?
High Availability (HA)Cluster SynchronizationFirewall ConfigurationNetwork Redundancy
Question #638Deploy and Configure
Which two policy components are required to block traffic in real time using a dynamic user group (DUG)? (Choose two.)
Dynamic User Groups (DUG)Security PolicyPolicy EnforcementReal-time Blocking
Question #639Deploy and Configure
An administrator is receiving complaints about application performance degradation. After checking the ACC, the administrator observes that there is an excessive amount of SSL traf...
QoSApplication OverridePerformance TuningSSL Inspection
Question #640Deploy and Configure
An administrator creates a custom application containing Layer 7 signatures. The latest application and threat dynamic update is downloaded to the same firewall. The update contain...
Custom ApplicationsApp-IDApplication PrecedenceDynamic Updates
Question #641Configuration Troubleshooting
Users have reported an issue when they are trying to access a server on your network. The requests aren't taking the expected route. You discover that there are two different stati...
RoutingStatic RoutesAdministrative DistanceRoute Priority
Question #642Operate
A company has configured GlobalProtect to allow their users to work from home. A decrease in performance for remote workers has been reported during peak-use hours. Which two steps...
GlobalProtect performanceNetwork optimizationTraffic filteringSecurity policy
Question #643Operate
Where can an administrator see both the management-plane and data-plane CPU utilization in the WebUI?
System monitoringCPU utilizationWebUISystem Resources widget
Question #644Deploy and Configure
An administrator wants to perform HIP checks on the endpoints to ensure their security posture. Which license is required on all Palo Alto Networks next-generation firewalls that w...
GlobalProtectHIPLicensingEndpoint Security
Question #645Deploy and Configure
A network security administrator wants to configure SSL inbound inspection. Which three components are necessary for inspecting the HTTPS traffic as it enters the firewall? (Choose...
SSL Inbound DecryptionDecryption ProfilesDecryption PoliciesSecurity Certificates
Question #646Deploy and Configure
You have been asked to implement GlobalProtect for your organization. You have decided on https://gp.mycompany.com for your Portal, and have received the certificate and key. Where...
GlobalProtectCertificate ManagementFirewall UI NavigationImport Certificate
Question #647Plan
An engineer has been asked to limit which routes are shared by running two different areas within an OSPF implementation. However, the devices share a common link for communication...
OSPFv3Routing ProtocolsMulti-instance OSPFNetwork Design
Question #648Deploy and Configure
An administrator is configuring a Panorama device group. Which two objects are configurable? (Choose two.)
Panorama configurationDevice groupsShared objectsURL Filtering profiles
Question #649Deploy and Configure
An administrator wants to use LDAP, TACACS+, and Kerberos as external authentication services for authenticating users. What should the administrator be aware of regarding the auth...
External AuthenticationAuthentication Profile SequenceFirewall Authentication LogicAuthentication Protocols
Question #650Configuration Troubleshooting
An administrator has two pairs of firewalls within the same subnet. Both pairs of firewalls have been configured to use High Availability mode with Active/Passive. The ARP tables f...
High AvailabilityMAC Address ConflictHA Configuration
Question #651Core Concepts
The same route appears in the routing table three times using three different protocols. Which mechanism determines how the firewall chooses which route to use?
RoutingAdministrative distanceRoute selectionRouting protocols
Question #652Configuration Troubleshooting
An engineer has discovered that certain real-time traffic is being treated as best effort due to it exceeding defined bandwidth. Which QoS setting should the engineer adjust?
QoSBandwidth ManagementTraffic PrioritizationPalo Alto QoS
Question #653Deploy and Configure
A Security policy rule is configured with a Vulnerability Protection Profile and an action of "Deny". Which action will this configuration cause on the matched traffic?
Security PolicyVulnerability Protection ProfilePolicy ActionTraffic Flow
Question #654Deploy and Configure
Which feature detects the submission of corporate login information into website forms?
Credential PhishingThreat PreventionSecurity ProfilesPhishing
Question #655Core Concepts
Which three firewall multi-factor authentication factors are supported by PAN-OS? (Choose three.)
Multi-Factor AuthenticationPAN-OS AuthenticationAuthentication Factors
Question #656Operate
An administrator needs to identify which NAT policy is being used for internet traffic. From the GUI of the firewall, how can the administrator identify which NAT policy is in use...
NAT PolicyFirewall MonitoringSession BrowserGUI Navigation
Question #657Deploy and Configure
Which three external services perform both authentication and authorization for administration of firewalls? (Choose three.)
External AuthenticationExternal AuthorizationFirewall AdministrationAAA Protocols
Question #658Deploy and Configure
A firewall administrator has been tasked with ensuring that all firewalls forward System logs to Panorama. In which section is this configured?
Log ForwardingSystem LogsPanorama IntegrationDevice Configuration
Question #659Deploy and Configure
A customer would like to support Apple Bonjour in their environment for ease of configuration. Which type of interface in needed on their PA-3200 Series firewall to enable Bonjour...
Bonjour ReflectorInterface TypesLayer 3 InterfacesNetwork Segmentation
Question #660Deploy and Configure
An engineer is bootstrapping a VM-Series Firewall. Other than the /config folder, which three directories are mandatory as part of the bootstrap package directory structure? (Choos...
VM-SeriesBootstrappingDeploymentDirectory Structure
Question #661Deploy and Configure
A company requires the firewall to block expired certificates issued by internet-hosted websites. The company plans to implement decryption in the future, but it does not perform S...
Decryption ProfileCertificate ValidationSSL/TLS HandshakeSecurity Policy
Question #662Plan
A company is looking to increase redundancy in their network. Which interface type could help accomplish this?
Interface TypesRedundancyLink AggregationNetwork Design
Question #663Deploy and Configure
An auditor has requested that roles and responsibilities be split inside the security team. Group A will manage templates, and Group B will manage device groups inside Panorama. Wh...
PanoramaTemplatesDevice GroupsSecurity Rules
Question #664Deploy and Configure
An engineer is deploying VoIP and needs to ensure that voice traffic is treated with the highest priority on the network. Which QoS priority should be assigned to such an applicati...
QoSVoIPTraffic PrioritizationReal-time Applications
Question #665Deploy and Configure
A network security administrator wants to enable Packet-Based Attack Protection in a Zone Protection profile. What are two valid ways to enable Packet-Based Attack Protection? (Cho...
Zone ProtectionPacket-Based Attack ProtectionSecurity Profile ConfigurationThreat Prevention

PreviousPage 13 of 18Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.