PCNSE Exam Questions

Given the following snippet of a WildFire submission log, did the end-user get access to the requested information and why or why not?

The decision to upgrade to PAN-OS 10.2 has been approved. The engineer begins the process by upgrading the Panorama servers, but gets an error when trying to install. When performi...

How can Panorama help with troubleshooting problems such as high CPU or resource exhaustion on a managed firewall?

An administrator is configuring SSL decryption and needs to ensure that all certificates for both SSL Inbound inspection and SSL Forward Proxy are installed properly on the firewal...

An administrator would like to determine which action the firewall will take for a specific CVE. Given the screenshot below, where should the administrator navigate to view this in...

An administrator has configured OSPF with Advanced Routing enabled on a Palo Alto Networks firewall running PAN-OS 10.2. After OSPF was configured the administrator noticed that OS...

In an HA failover scenario what happens with sessions decrypted by a SSL Forward Proxy Decryption policy?

An administrator just enabled HA Heartbeat Backup on two devices. However, the status on the firewall's dashboard is showing as down. What could an administrator do to troubleshoot...

An engineer troubleshoots an issue that causes packet drops. Which command should the engineer run in the CLI to see if packet buffer protection is enabled and activated?

An engineer configures SSL decryption in order to have more visibility to the internal users' traffic when it is egressing the firewall. Which three types of interfaces support SSL...

If an administrator wants to apply QoS to traffic based on source, what must be specified in a QoS policy rule?

An engineer reviews high availability (HA) settings to understand a recent HA failover event. Review the screenshot below. Which timer determines how long the passive firewall will...

A firewall engineer creates a destination static NAT rule to allow traffic from the internet to a webserver hosted behind the edge firewall. The pre-NAT IP address of the server is...

A consultant deploys a PAN-OS 11.0 VM-Series firewall with the Web Proxy feature in Transparent Proxy mode. Which three elements must be in place before a transparent web proxy can...

Which source is the most reliable for collecting User-ID user mapping?

Which type of zone will allow different virtual systems to communicate with each other?

An organization is interested in migrating from their existing web proxy architecture to the Web Proxy feature of their PAN-OS 11.0 firewalls. Currently, HTTP and SSL requests cont...

An engineer discovers the management interface is not routable to the User-ID agent. What configuration is needed to allow the firewall to communicate to the User-ID agent?

An engineer receives reports from users that applications are not working and that websites are only partially loading in an asymmetric environment. After investigating, the engine...

Where is Palo Alto Networks Device Telemetry data stored on a firewall with a device certificate installed?

An engineer is tasked with configuring a Zone Protection profile on the untrust zone. Which three settings can be configured on a Zone Protection profile? (Choose three.)

An administrator Just enabled HA Heartbeat Backup on two devices. However, the status on tie firewall's dashboard is showing as down High Availability. What could an administrator...

A network security administrator has been tasked with deploying User-ID in their organization. What are three valid methods of collecting User-ID information in a network? (Choose...

What steps should a user take to increase the NAT oversubscription rate from the default platform setting?

An engineer is configuring a template in Panorama which will contain settings that need to be applied to all firewalls in production. Which three parts of a template an engineer ca...

A firewall engineer creates a new App-ID report under Monitor > Reports > Application Reports > New Application to monitor new applications on the network and better assess any Sec...

An engineer troubleshoots a Panorama-managed firewall that is unable to reach the DNS servers configured via a global template. As a troubleshooting step, the engineer needs to con...

A network engineer troubleshoots a VPN Phase 2 mismatch and decides that PFS (Perfect Forward Secrecy) needs to be enabled. What action should the engineer take?

After importing a pre-configured firewall configuration to Panorama, what step is required to ensure a commit/push is successful without duplicating local configurations?

Review the information below. A firewall engineer creates a U-NAT rule to allow users in the trust zone access to a server in the same zone by using an external, public NAT IP for...

An engineer is tasked with configuring SSL forward proxy for traffic going to external sites. Which of the following statements is consistent with SSL decryption best practices?

Which two key exchange algorithms consume the most resources when decrypting SSL traffic? (Choose two.)

Which log type will help the engineer verify whether packet buffer protection was activated?

An engineer troubleshoots a high availability (HA) link that is unreliable. Where can the engineer view what time the interface went down?

An engineer must configure the Decryption Broker feature. To which router must the engineer assign the decryption forwarding interfaces that are used in Decryption Broker security...

An administrator connects four new remote offices to the corporate data center. The administrator decides to use the Large Scale VPN (LSVPN) feature on the Palo Alto Networks next-...

A customer wants to set up a site-to-site VPN using tunnel interfaces. What format is the correct naming convention for tunnel interfaces?

An engineer notices that the tunnel monitoring has been failing for a day and the VPN should have failed over to a backup path. What part of the network profile configuration shoul...

Which three multi-factor authentication methods can be used to authenticate access to the firewall? (Choose three.)

Which two profiles should be configured when sharing tags from threat logs with a remote User- ID agent? (Choose two.)

What is the PAN-OS NPTv6 feature based on RFC 6296 used for?

An administrator has been tasked with deploying SSL Forward Proxy. Which two types of certificates are used to decrypt the traffic? (Choose two.)

An engineer is deploying multiple firewalls with common configuration in Panorama. What are two benefits of using nested device groups? (Choose two.)

A network security administrator wants to inspect HTTPS traffic from users as it egresses through a firewall to the Internet/Untrust zone from trusted network zones. The security a...

After implementing a new NGFW, a firewall engineer sees a VoIP traffic issue going through the firewall. After troubleshooting, the engineer finds that the firewall performs NAT on...

After importing a pre-configured firewall configuration to Panorama, what step is required to ensure a commit/push is successful without duplicating local configurations?

Which new PAN-OS 11.0 feature supports IPv6 traffic?

If a URL is in multiple custom URL categories with different actions, which action will take priority?

An engineer is reviewing the following high availability (HA) settings to understand a recent HA failover event. Which timer determines the frequency between packets sent to verify...

Which three items must be configured to implement application override? (Choose three.)