PCNSE Exam Questions
860 real PCNSE exam questions with expert-verified answers and explanations. Page 15 of 18.
- Question #716Deploy and Configure
An engineer is configuring a firewall with three interfaces: - MGT connects to a switch with internet access. - Ethernet1/1 connects to an edge router. - Ethernet1/2 connects to a...
Service Route ConfigurationDynamic UpdatesDataplane InterfacesManagement Interface - Question #717Plan
An organization conducts research on the benefits of leveraging the Web Proxy feature of PAN- OS 11.0. What are two benefits of using an explicit proxy method versus a transparent...
Web ProxyExplicit ProxyTransparent ProxyUser Identification - Question #718Deploy and Configure
Which three external authentication services can the firewall use to authenticate admins into the Palo Alto Networks NGFW without creating administrator account on the local firewa...
Admin AuthenticationExternal ServicesNGFW Configuration - Question #719Operate
With the default TCP and UDP settings on the firewall, what will be the identified application in the following session?
App-IDSession IdentificationFirewall BasicsApp-ID States - Question #720Deploy and Configure
To ensure that a Security policy has the highest priority, how should an administrator configure a Security policy in the device group hierarchy?
Security PolicyDevice Group HierarchyPolicy PriorityShared Device Group - Question #721Operate
Based on the graphic, which statement accurately describes the output shown in the Server Monitoring panel?
User-IDDomain Controller IntegrationMonitoringConnectivity - Question #722Deploy and Configure
What can be used as an Action when creating a Policy-Based Forwarding (PBF) policy?
Policy-Based ForwardingPBF ActionsPalo Alto Networks Firewall - Question #723Core Concepts
An engineer manages a high availability network and requires fast failover of the routing protocols. The engineer decides to implement BFD. Which three dynamic routing protocols su...
BFDDynamic Routing ProtocolsHigh AvailabilityFast Failover - Question #724Configuration Troubleshooting
A company has recently migrated their branch office's PA-220s to a centralized Panorama. This Panorama manages a number of PA-7000 Series and PA-5200 Series devices. All device gro...
Panorama Commit OptimizationConfiguration ScalingShared ObjectsDevice Group Management - Question #725Configuration Troubleshooting
An administrator is troubleshooting why video traffic is not being properly classified. If this traffic does not match any QoS classes, what default class is assigned?
QoSTraffic ClassificationDefault Class - Question #726Deploy and Configure
An administrator notices that an interface configuration has been overridden locally on a firewall. They require all configuration to be managed from Panorama and overrides are not...
Panorama managementConfiguration overrideTemplate pushForce template values - Question #727Deploy and Configure
Where can a service route be configured for a specific destination IP?
Service RoutesManagement PlaneGUI NavigationConfiguration - Question #728Configuration Troubleshooting
Phase two of a VPN will not establish a connection. The peer is using a policy-based VPN configuration. What part of the configuration should the engineer verify?
VPNIPsecPhase 2Proxy-ID - Question #729Deploy and Configure
Information Security is enforcing group-based policies by using security-event monitoring on Windows User-ID agents for IP-to-User mapping in the network. During the rollout, Infor...
User-IDSyslogIP-to-User MappingIdentity Management - Question #730Operate
An administrator troubleshoots an issue that causes packet drops. Which log type will help the engineer verify whether packet buffer protection was activated?
Packet Buffer ProtectionLog TypesTroubleshootingDoS Protection - Question #731Plan
A company wants to implement threat prevention to take action without redesigning the network routing. What are two best practice deployment modes for the firewall? (Choose two.)
Firewall Deployment ModesVirtual WireLayer 2 ModeNetwork Integration - Question #732Operate
Which operation will impact the performance of the management plane?
Management PlaneData PlaneFirewall ArchitectureReporting - Question #733Deploy and Configure
Which type of policy in Palo Alto Networks firewalls can use Device-ID as a match condition?
Palo Alto NetworksDevice-IDQoSPolicy matching - Question #734Core Concepts
Why would a traffic log list an application as "not-applicable"?
Traffic LogsApp-IDPolicy EnforcementLog Interpretation - Question #735Deploy and Configure
What must be configured to apply tags automatically based on User-ID logs?
User-IDAutomatic TaggingLog ParsingDynamic Address Groups - Question #736Deploy and Configure
A firewall engineer creates a NAT rule to translate IP address 1.1.1.10 to 192.168.1.10. The engineer also plans to enable DNS rewrite so that the firewall rewrites the IPv4 addres...
NATDNS RewritePalo Alto FirewallConfiguration - Question #737Operate
An engineer is monitoring an active/active high availability (HA) firewall pair. Which HA firewall state describes the firewall that is experiencing a failure of a monitored path?
HA FirewallFirewall StatesPath MonitoringActive/Active - Question #738Deploy and Configure
An organization wants to begin decrypting guest and BYOD traffic. Which NGFW feature can be used to identify guests and BYOD users, instruct them how to download and install the CA...
Authentication PortalSSL DecryptionBYODGuest Network - Question #739Operate
In the New App Viewer under Policy Optimizer, what does the compare option for a specific rule allow an administrator to compare?
Policy OptimizerApp-IDSecurity PoliciesTraffic Visibility - Question #740Operate
Given the following snippet of a WildFire submission log, did the end user successfully download a file?
WildFireThreat PreventionLog InterpretationFirewall Actions - Question #741Plan
Which two factors should be considered when sizing a decryption firewall deployment? (Choose two.)
Decryption sizingFirewall performanceSSL/TLSEncryption algorithms - Question #742Configuration Troubleshooting
After switching to a different WAN connection, users have reported that various websites will not load, and timeouts are occurring. The web servers work fine from other locations....
MTUMSSTCPTroubleshooting - Question #743Deploy and Configure
An engineer configures a new template stack for a firewall that needs to be deployed. The template stack should consist of four templates arranged according to the diagram. Which t...
Panorama TemplatesTemplate StacksValue PrecedenceConfiguration Management - Question #744Deploy and Configure
An administrator configures two VPN tunnels to provide for failover and uninterrupted VPN service. What should an administrator configure to enable automatic failover to the backup...
VPN failoverTunnel monitorIPsec VPNHigh availability - Question #745Deploy and Configure
An administrator configures a site-to-site IPsec VPN tunnel between a PA-850 and an external customer on their policy-based VPN devices. What should an administrator configure to r...
IPsec VPNSite-to-site VPNProxy IDsTraffic routing - Question #746Operate
A firewall engineer creates a new App-ID report under Monitor > Reports > Application Reports > New Applications to monitor new applications on the network and better assess any Se...
App-IDReportingContent UpdatesFirewall Operations - Question #747Operate
An engineer is monitoring an active/active high availability (HA) firewall pair. Which HA firewall state describes the firewall that is currently processing traffic?
High AvailabilityHA StatesActive/ActiveFirewall Monitoring - Question #748Plan
A consultant advises a client on designing an explicit Web Proxy deployment on PAN-OS 11.0. The client currently uses RADIUS authentication in their environment. Which two pieces o...
Web Proxy AuthenticationExplicit ProxyAuthentication ProtocolsPAN-OS 11.0 - Question #749Deploy and Configure
A customer wants to deploy User-ID on a Palo Alto Networks NGFW with multiple vsys. One of the vsys will support a GlobalProtect portal and gateway. The customer uses Windows Activ...
User-IDGlobalProtectMulti-vsysUser-ID Redistribution - Question #750Deploy and Configure
A security engineer wants to upgrade the company's deployed firewalls from PAN-OS 10.1 to 11.0.x to take advantage of the newTLSv1.3 support for management access. What is the reco...
PAN-OS upgradeUpgrade pathMaintenance releaseBest practices - Question #751Deploy and Configure
Which two actions must an engineer take to configure SSL Forward Proxy decryption? (Choose two.)
SSL DecryptionForward ProxyCertificatesDecryption Rules - Question #752Operate
A firewall engineer supports a mission-critical network that has zero tolerance for application downtime. A best-practice action taken by the engineer is to configure an Applicatio...
Dynamic UpdatesApp-IDSecurity PolicyDowntime Prevention - Question #753Deploy and Configure
When a new firewall joins a high availability (HA) cluster, the cluster members will synchronize all existing sessions over which HA port?
High AvailabilitySession SynchronizationHA Port RolesPalo Alto Networks - Question #754Deploy and Configure
What can the Log Forwarding built-in action with tagging be used to accomplish?
Log ForwardingIP TaggingSecurity PoliciesDynamic Address Groups - Question #755Deploy and Configure
An administrator notices interface ethernet1/2 failed on the active firewall in an active I passive firewall high availability(HA) pair. Based on the image below, what - if any - a...
High Availability (HA)Link MonitoringFailover ConditionsInterface Status - Question #756Operate
A firewall administrator wants to be able to see all NAT sessions that are going through a firewall with source NAT. Which CLI command can the administrator use?
CLI CommandsNATSession MonitoringSource NAT - Question #757Deploy and Configure
An engineer needs to configure a standardized template for all Panorama-managed firewalls. These settings will be configured on a template named "Global" and will be included in al...
PanoramaTemplatesGlobal ConfigurationDevice Management - Question #758Operate
All firewalls at a company are currently forwarding logs to Palo Alto Networks log collectors. The company also wants to deploy a syslog server and forward all firewall logs to the...
LoggingPanorama ManagementPerformance MonitoringLog Collectors - Question #759Deploy and Configure
A firewall engineer is configuring quality of service (QoS) policy for the IP address of a specific server in an effort to limit the bandwidth consumed by frequent downloads of lar...
QoSNATTraffic FlowPolicy Configuration - Question #760Configuration Troubleshooting
The decision to upgrade PAN-OS has been approved. The engineer begins the process by upgrading the Panorama servers, but gets an error when attempting the install. When performing...
Panorama upgradeUpgrade troubleshootingOutdated pluginsPAN-OS upgrade - Question #761Operate
Following a review of firewall logs for traffic generated by malicious activity, how can an administrator confirm that WildFire has identified a virus?
WildFireThreat LogsLog AnalysisVirus Detection - Question #762Deploy and Configure
A firewall engineer is managing a Palo Alto Networks NGFW which is not in line of any DHCP traffic. Which interface mode can the engineer use to generate Enhanced Application logs...
Interface ModesIoT SecurityEnhanced Application LogsPassive Monitoring - Question #763Plan
An administrator is considering deploying WildFire globally. What should the administrator consider with regards to the WildFire infrastructure?
WildFire InfrastructureGlobal DeploymentCloud ArchitectureThreat Analysis - Question #764Deploy and Configure
Which log type is supported in the Log Forwarding profile?
Log ForwardingLog TypesPAN-OS Configuration - Question #765Deploy and Configure
A firewall engineer needs to update a company's Panorama-managed firewalls to the latest version of PAN-OS. Strict security requirements are blocking internet access to Panorama an...
PAN-OS UpdatePanorama ManagementOffline UpdatesSoftware Deployment