PCNSE Exam Questions
860 real PCNSE exam questions with expert-verified answers and explanations. Page 3 of 18.
- Question #102Deploy and Configure
A network design change requires an existing firewall to start accessing Palo Alto Updates from a dataplane interface address instead of the management interface. Which configurati...
Service RoutesNetwork ServicesManagement InterfaceDataplane Interface - Question #103Deploy and Configure
A network security engineer needs to configure a virtual router using IPv6 addresses. Which two routing options support these addresses? (Choose two.)
IPv6 RoutingRouting ProtocolsStatic RoutesOSPFv3 - Question #104Deploy and Configure
A Network Administrator wants to deploy a Large Scale VPN solution. The Network Administrator has chosen a GlobalProtect Satellite solution. This configuration needs to be deployed...
GlobalProtect SatelliteVPN DeploymentPanorama TemplatesIPSec Configuration - Question #105Deploy and Configure
People are having intermittent quality issues during a live meeting via a web application. How can the performance of this application be improved?
QoSNetwork PerformanceQoS ProfileQoS Policy - Question #106Deploy and Configure
When is it necessary to activate a license when provisioning a new Palo Alto Networks firewall?
LicensingSubscriptionsDynamic UpdatesAntivirus - Question #107Deploy and Configure
A file sharing application is being permitted and no one knows what this application is used for. How should this application be blocked?
File BlockingApplication ControlSecurity Policies - Question #108Deploy and Configure
YouTube videos are consuming too much bandwidth on the network, causing delays in mission- critical traffic. The administrator wants to throttle YouTube traffic. The following inte...
QoS Bandwidth ManagementTraffic ThrottlingIngress/Egress QoSFirewall Configuration - Question #109Deploy and Configure
Which field is optional when creating a new Security Police rule?
Security PolicyRule ConfigurationOptional FieldsPAN-OS - Question #110Deploy and Configure
When using the predefined default antivirus profile, the policy will inspect for viruses on the decoders. Match each decoder with its default action. Answer options may be used mor...
Antivirus Profile DefaultsSecurity ProfilesProtocol InspectionDefault Actions - Question #111Deploy and Configure
When a malware-infected host attempts to resolve a known command-and-control server, the traffic matches a security policy with DNS sinkhole enabled, generating a traffic log. What...
DNS SinkholeTraffic LogsMalware ProtectionSecurity Policy - Question #112Deploy and Configure
How can a Palo Alto Networks firewall be configured to send syslog messages in a format compatible with non-standard syslog servers?
SyslogLoggingCustom Log FormatsFirewall Configuration - Question #113Deploy and Configure
What are two prerequisites for configuring a pair of Palo Alto Networks firewalls in an active/passive High Availability (HA) pair? (Choose two.)
High AvailabilityActive/Passive HAHA PrerequisitesLicensing - Question #114Deploy and Configure
Which device Group option is assigned by default in Panorama whenever a new device group is created to manage a Firewall?
PanoramaDevice GroupsDefault SettingsShared Policy - Question #115Core Concepts
When performing the "ping" test shown in this CLI output: What will be the source address in the ICMP packet?
Ping commandICMPSource IP addressNetwork Utilities - Question #116Configuration Troubleshooting
Site-A and Site-B have a site-to-site VPN set up between them. OSPF is configured to dynamically create the routes between the sites. The OSPF configuration in Site-A is configured...
OSPFVPNRouting ProtocolsLink Type - Question #117Deploy and Configure
A network design calls for a "router on a stick" implementation with a PA-5060 performing inter- VLAN routing. All VLAN-tagged traffic will be forwarded to the PA-5060 through a si...
Inter-VLAN RoutingSubinterfacesVLAN TaggingInterface Configuration - Question #118Plan
Which two virtualized environments support Active/Active High Availability (HA) in PAN-OS 7.0? (Choose two.)
High AvailabilityVirtualizationActive/Active HAPAN-OS 7.0 Features - Question #119Deploy and Configure
Which Panorama feature allows for logs generated by Panorama to be forwarded to an external Security Information and Event Management (SIEM) system?
Panorama managementLog forwardingSIEM integrationSystem logs - Question #120Deploy and Configure
In an enterprise deployment, a network security engineer wants to assign rights to a group of administrators without creating local administrator accounts on the firewall. Which au...
Administrator AuthenticationExternal AuthenticationRole-Based Access Control (RBAC)Certificate-based Authentication - Question #121Core Concepts
Which option is an IPv6 routing protocol?
IPv6Routing ProtocolsOSPFv3 - Question #122Deploy and Configure
Which URL Filtering Security Profile action logs the URL Filtering category to the URL Filtering log?
URL FilteringSecurity ProfilesLogging - Question #123Deploy and Configure
Which authentication source requires the installation of Palo Alto Networks software, other than PAN-OS 7x, to obtain username-to-IP-address mapping?
User-IDAuthentication SourcesTerminal Services AgentUsername-to-IP Mapping - Question #124Deploy and Configure
Which two actions are required to make Microsoft Active Directory users appear in a firewall traffic log? (Choose two.)
User-IDActive Directory IntegrationZone ConfigurationUser-ID Agent - Question #125Configuration Troubleshooting
A firewall architect is attempting to install a new Palo Alto Networks NGFW. The company has previously had issues moving all administrative functions onto a data plane interface t...
LicensingUpdatesNetwork ConnectivityTroubleshooting - Question #126Deploy and Configure
An administrator is receiving complaints about application performance degradation. After checking the ACC, the administrator observes that there is an excessive amount of VoIP tra...
QoSTraffic ManagementApplication PerformanceVoIP - Question #127Deploy and Configure
Several offices are connected with VPNs using static IPv4 routes. An administrator has been tasked with implementing OSPF to replace static routing. Which step is required to accom...
OSPFDynamic RoutingVPNInterface Configuration - Question #128Operate
Which CLI command displays the current management plane memory utilization?
CLI CommandsSystem MonitoringManagement PlaneResource Utilization - Question #129Deploy and Configure
A distributed log collection deployment has dedicated Log Collectors. A developer needs a device to send logs to Panorama instead of sending logs to the Collector Group. What shoul...
Log ForwardingPanoramaLog Collector GroupDevice Management - Question #130Deploy and Configure
Site-A and Site-B need to use IKEv2 to establish a VPN connection. Site-A connects directly to the internet using a public IP address. Site-B uses a private IP address behind an IS...
IKEv2VPNNAT TraversalIPsec - Question #131Deploy and Configure
A network security engineer has a requirement to allow an external server to access an internal web server. The internal web server must also initiate connections with the external...
NAT PolicyBi-directional NATSource NATDestination NAT - Question #132Operate
What happens when the traffic log shows an internal host attempting to open a session to a properly configured sinkhole address?
DNS SinkholeThreat PreventionTraffic LogsDNS Security - Question #133Operate
PAS-OS 7.0 introduced an automated correlation engine that analyzes log patterns and generates correlation events visible in the new Application Command Center (ACC). Which license...
LicensingThreat PreventionACCPAN-OS Features - Question #134Deploy and Configure
Starting with PAN-OS version 9.1, application dependency information is now reported in which two new locations? (Choose two.)
PAN-OS 9.1Application DependencySecurity PolicyManagement UI - Question #135Configuration Troubleshooting
A network security engineer for a large company has just installed a PA-5060 Firewall to isolate the company's PCI environment from its production network. The company's network en...
Interface TroubleshootingCLI CommandsNetwork ConnectivityPalo Alto Firewall - Question #136Operate
On March 10, 2016, between 11:00 am and 11:30 am, users reported that web-browsing traffic to the IP address 1.1.1.1 failed. Which filter can be applied to the traffic logs to show...
Log FilteringTraffic Log AnalysisTime-based Queries - Question #137Deploy and Configure
Server Message Block (SMB), a common file-sharing application, is slow when passing through a Palo Alto Networks firewall. The Network Security Administrator created an application...
Application OverrideApp-IDLayer 7 ProcessingPerformance Optimization - Question #138Deploy and Configure
What are three valid options when creating a new security policy? (Choose three.)
Security Policy ActionsPAN-OS ConfigurationFirewall Rules - Question #139Configuration Troubleshooting
The Network Security Administrator discovers that the company's NAT-aware SIP phone system is not working properly through the Palo Alto Networks firewall, even though SIP traffic...
SIPNAT TraversalApplication Layer Gateway (ALG)Troubleshooting - Question #140Core Concepts
Which two statements accurately describe how DoS Protection Profiles and Policies mitigate attacks? (Choose two.)
DoS ProtectionSecurity ProfilesResource ProtectionSession Limits - Question #141Deploy and Configure
Given these tables: an external DNS provider and resolves to 203.1.200.123 in the Untrust-L3 zone. Users in the Trust-L3 zone use the external FQDN to access SVR1. Which NAT rule w...
NATU-turn NATDNATSNAT - Question #142Core Concepts
What are the three Security Policy Rule Type classifications supported in PAN-OS 7.0? (Choose three.)
Security Policy RulesPolicy Rule TypesPAN-OSNetwork Security Policies - Question #143Deploy and Configure
What is the default behavior when a Certificate Profile is configured to use both CRL and OCSP?
Certificate ProfilesOCSPCRLCertificate Validation - Question #144Deploy and Configure
Ethernet1/1 has been configured with the following subinterfaces: The following security policy rule is applied: The Interface Management Profile permits the following: A customer...
Interface Management ProfileSubinterfacesManagement AccessSecurity Zones - Question #145Deploy and Configure
Given the following diagram: A VPN connection has been created to allow traffic from the Trust-L3 zone of Site A to reach the Trust-L3 zone of Site B. Each site is using tunnel.1 i...
Static RoutingVPNVirtual RouterTunnel Interface - Question #146Core Concepts
For which two functions is the management plane responsible? (Choose two.)
Management PlaneFirewall ArchitectureLoggingAdministrative Access - Question #147Plan
Refer to exhibit. An organization has Palo Alto Networks NGFWs that send logs to remote monitoring and security management platforms. The network team has reported excessive traffi...
Log ForwardingPanorama Log CollectorWAN Traffic ReductionLogging Strategy - Question #148Deploy and Configure
Which Captive Portal mode must be configured to support MFA authentication?
Captive PortalMFAAuthentication ModesNetwork Security - Question #149Deploy and Configure
Which protection feature is available only in a Zone Protection Profile?
Zone Protection ProfilesPort Scan ProtectionSecurity FeaturesThreat Prevention - Question #150Deploy and Configure
Which User-ID method maps IP addresses to usernames for users connecting through an 802.1x-enabled wireless network device that has no native integration with PAN-OS ® software?
User-IDXML API802.1x IntegrationNon-native Device Integration - Question #151Deploy and Configure
How does an administrator schedule an Applications and Threats dynamic update while delaying installation of the update for a certain amount of time?
Dynamic UpdatesApplication and Threat UpdatesUpdate SchedulingThreshold Configuration