PCNSE Exam Questions
860 real PCNSE exam questions with expert-verified answers and explanations. Page 4 of 18.
- Question #153Deploy and Configure
An administrator has users accessing network resources through Citrix XenApp 7 x. Which User-ID mapping solution will map multiple users who are using Citrix to connect to the netw...
User-IDTerminal Services AgentCitrix IntegrationUser Mapping - Question #154Deploy and Configure
An administrator creates a custom application containing Layer 7 signatures. The latest application and threat dynamic update is downloaded to the same NGFW. The update contains an...
Custom ApplicationsApp-IDSignature PrecedenceDynamic Updates - Question #155Operate
How can a candidate or running configuration be copied to a host external from Panorama?
Configuration ManagementBackup and RestorePanorama OperationsExport Configuration - Question #156Plan
A company needs to preconfigure firewalls to be sent to remote sites with the least amount of reconfiguration. Once deployed, each firewall must establish secure tunnels back to mu...
VPNGlobalProtectSite-to-Site VPNRemote Site Deployment - Question #157Deploy and Configure
A global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck near the User-ID agent server. Which solution in PAN-OS® software would...
User-IDUser Mapping RedistributionScalabilityNetwork Design - Question #158Configuration Troubleshooting
Which CLI command is used to simulate traffic going through the firewall and determine which Security policy rule, NAT translation, static route, or PBF rule will be triggered by t...
CLI commandsTraffic simulationTroubleshootingPolicy matching - Question #159Core Concepts
If the firewall is configured for credential phishing prevention using the "Domain Credential Filter" method, which login will be detected as credential theft?
Credential Phishing PreventionDomain Credential FilterThreat PreventionSecurity Profiles - Question #160Deploy and Configure
Which Security policy rule will allow an admin to block facebook chat but allow Facebook in general?
Security PolicyApp-IDPolicy OrderApplication Control - Question #161Deploy and Configure
Which feature prevents the submission of corporate login information into website forms?
Credential phishing preventionData loss preventionSecurity featuresPalo Alto Networks features - Question #162Operate
Which three steps will reduce the CPU utilization on the management plane? (Choose three.)
Management Plane PerformanceCPU OptimizationLogging ManagementReporting Configuration - Question #163Deploy and Configure
Which two virtualization platforms officially support the deployment of Palo Alto Networks VM- Series firewalls? (Choose two.)
VM-SeriesVirtualizationDeploymentPlatform compatibility - Question #164Deploy and Configure
To connect the Palo Alto Networks firewall to AutoFocus, which setting must be enabled?
AutoFocus IntegrationGUI NavigationThreat Intelligence - Question #165Deploy and Configure
Which event will happen if an administrator uses an Application Override Policy?
Application OverrideApp-IDPolicy EnforcementTraffic Processing - Question #167Deploy and Configure
Which three options are supported in HA Lite? (Choose three.)
HA LiteHigh AvailabilityActive/PassiveFirewall Configuration - Question #168Operate
A session in the Traffic log is reporting the application as "incomplete." What does "incomplete" mean?
Traffic LoggingSession StatesTCP HandshakeApp-ID - Question #169Configuration Troubleshooting
An administrator is using Panorama and multiple Palo Alto Networks NGFWs. After upgrading all devices to the latest PAN-OS?software, the administrator enables log forwarding from t...
Log ForwardingPanoramaCLI CommandsHistorical Logs - Question #170Deploy and Configure
An administrator pushes a new configuration from Panorama to a pair of firewalls that are configured as an active/passive HA pair. Which NGFW receives the configuration from Panora...
PanoramaHigh Availability (HA)Configuration DeploymentActive/Passive - Question #171Core Concepts
Which three file types can be forwarded to WildFire for analysis as a part of the basic WildFire service? (Choose three.)
WildFireFile typesThreat analysisService capabilities - Question #172Operate
Which three firewall states are valid? (Choose three.)
High Availability (HA)Firewall StatesOperational StatesPalo Alto Networks - Question #173Configuration Troubleshooting
An administrator encountered problems with inbound decryption. Which option should the administrator investigate as part of triage?
SSL DecryptionSecurity PolicyTroubleshooting - Question #174Plan
Which Palo Alto Networks VM-Series firewall is valid?
VM-Series FirewallsProduct ModelsPalo Alto Networks Platforms - Question #175Plan
An administrator needs to implement an NGFW between their DMZ and Core network. EIGRP Routing between the two environments is required. Which interface type would support this busi...
Virtual WireTransparent ModeEIGRP RoutingInterface Configuration - Question #176Configuration Troubleshooting
A network security engineer for a large company has just installed a PA-5060 Firewall to isolate the company's PCI environment from its production network. The company's engineers...
TroubleshootingInterface ConfigurationCLI CommandsNetwork Connectivity - Question #177Configuration Troubleshooting
After Migrating from an ASA firewall to a Palo Alto Networks Firewall, the VPN connection between a remote network and the Palo Alto Networks Firewall is not establishing correctly...
VPNIPSecPFSTroubleshooting - Question #178Operate
and service within the Traffic log?
App-IDTraffic LogsHTTPSPorts - Question #179Deploy and Configure
If a template stack is assigned to a device and the stack includes three templates with overlapping settings, which settings are published to the device when the template stack is...
PanoramaTemplate StacksConfiguration PrecedenceDevice Configuration - Question #180Deploy and Configure
A web server is hosted in the DMZ, and the server is configured to listen for incoming connections only on TCP port 8080. A Security policy rule allowing access from the Trust zone...
Security PolicyApp-IDService ObjectsCustom Ports - Question #181Deploy and Configure
An administrator sees several inbound sessions identified as unknown-tcp in the Traffic logs. The administrator determines that these sessions are form external users accessing the...
App-IDCustom ApplicationsThreat PreventionSecurity Policy - Question #182Core Concepts
During the packet flow process, which two processes are performed in application identification? (Choose two.)
Palo Alto NetworksApp-IDPacket FlowApplication Identification - Question #183Deploy and Configure
An administrator logs in to the Palo Alto Networks NGFW and reports that the WebUI is missing the Policies tab. Which profile is the cause of the missing Policies tab?
Admin RolesRBACWebUI AccessPermissions - Question #184Deploy and Configure
When configuring a GlobalProtect Portal, what is the purpose of specifying an Authentication Profile?
GlobalProtect PortalAuthentication ProfileUser Authentication - Question #185Core Concepts
The certificate information displayed in the following image is for which type of certificate?
CertificatesPKISSL DecryptionSecurity Fundamentals - Question #186Deploy and Configure
An administrator has been asked to configure active/passive HA for a pair of Palo Alto Networks NGFWs. The administrator assigns priority 100 to the active firewall. Which priority...
High Availability (HA)Active/Passive HAHA PriorityNGFW Configuration - Question #187Core Concepts
Which option is part of the content inspection process?
Content InspectionSSL DecryptionSSL Proxy - Question #188Operate
Which three types of software will receive a Grayware verdict from WildFire? (Choose Three)
WildFireGraywarePUPsAdware - Question #189Configuration Troubleshooting
A speed/duplex negotiation mismatch is between the Palo Alto Networks management port and the switch port which it connects. How would an administrator configure the interface to 1...
CLI ConfigurationManagement PortNetwork Interface SettingsSpeed/Duplex - Question #190Core Concepts
In a virtual router, which object contains all potential routes?
Routing ConceptsRIBVirtual RouterNetworking Fundamentals - Question #191Deploy and Configure
Refer to the exhibit. An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the specific server based on the application, wher...
DNATSecurity PolicyZone-Based PolicyApplication Filtering - Question #192Deploy and Configure
A customer has an application that is being identified as unknown-top for one of their custom PostgreSQL database connections. Which two configuration options can be used to correc...
App-IDCustom ApplicationsApplication OverrideTraffic Identification - Question #193Configuration Troubleshooting
Server Message Block (SMB), a common file-sharing application, is slow when passing through a Palo Alto Networks firewall. The Network Security Administrator created an application...
Application OverrideApp-IDLayer 7 InspectionPerformance Tuning - Question #194Configuration Troubleshooting
An administrator has enabled OSPF on a virtual router on the NGFW. OSPF is not adding new routes to the virtual router. Which two options enable the administrator to troubleshoot t...
OSPFRoutingTroubleshootingLogging and Monitoring - Question #195Operate
Which tool provides an administrator the ability to see trends in traffic over periods of time, such as threats detected in the last 30 days?
ACCMonitoringTraffic AnalysisSecurity Reporting - Question #196Configuration Troubleshooting
The administrator has enabled BGP on a virtual router on the Palo Alto Networks NGFW, but new routes do not seem to be populating the virtual router. Which two options would help t...
BGP TroubleshootingVirtual RouterPacket CaptureRuntime Stats - Question #197Deploy and Configure
View the screenshots. A QoS profile and policy rules are configured as shown. Based on this information, which two statements are correct? (Choose two.)
QoS ProfilesBandwidth ManagementApplication ControlPolicy Configuration - Question #198Deploy and Configure
Which feature must you configure to prevent users from accidentally submitting their corporate credentials to a phishing website?
URL FilteringCredential PhishingSecurity Profiles - Question #199Operate
A Palo Alto Networks NGFW just submitted a file to WildFire for analysis. Assume a 5- minute window for analysis. The firewall is configured to check for verdicts every 5 minutes....
WildFireVerdict RetrievalNGFW OperationsSecurity Services - Question #200Deploy and Configure
What are two benefits of nested device groups in Panorama? (Choose two.)
PanoramaDevice GroupsConfiguration InheritancePolicy Management - Question #201Core Concepts
PAN-OS 7.0 introduced an automated correlation engine that analyzes log patterns and generates correlation events visible in the new Application Command Center (ACC). Which license...
PAN-OS LicensingThreat PreventionCorrelation EngineACC - Question #202Deploy and Configure
An administrator needs to upgrade a Palo Alto Networks NGFW to the most current version of PAN-OS® software. The firewall has internet connectivity through an Ethernet interface, b...
Service RoutesPAN-OS UpgradeSystem ServicesNetwork Connectivity - Question #203Deploy and Configure
Which three settings are defined within the Templates object of Panorama? (Choose three.)
Panorama TemplatesConfiguration ObjectsDevice SettingsNetwork Configuration