PCNSE Exam Questions
860 real PCNSE exam questions with expert-verified answers and explanations. Page 5 of 18.
- Question #204Core Concepts
An administrator has left a firewall to use the default port for all management services. Which three functions are performed by the dataplane? (Choose three.)
Dataplane functionsFirewall architectureSecurity processingTraffic forwarding - Question #205Operate
A Security policy rule is configured with a Vulnerability Protection Profile and an action of `Deny". Which action will this cause configuration on the matched traffic?
Security PolicyVulnerability ProtectionFirewall Rule ActionsPolicy Processing - Question #206Deploy and Configure
If the firewall has the following link monitoring configuration, what will cause a failover?
High AvailabilityLink MonitoringFailover ConditionsHA Configuration - Question #207Deploy and Configure
An administrator has been asked to configure a Palo Alto Networks NGFW to provide protection against worms and trojans. Which Security Profile type will protect against worms and t...
Security ProfilesAntivirus ProfileThreat PreventionWorms and Trojans - Question #209Deploy and Configure
A client is concerned about resource exhaustion because of denial-of-service attacks against their DNS servers. Which option will protect the individual servers?
DoS ProtectionDNS SecuritySecurity ProfilesResource Exhaustion - Question #210Operate
Refer to the exhibit. Which will be the egress interface if the traffic's ingress interface is ethernet 1/7 sourcing from 192.168.111.3 and to the destination 10.46.41.113?
RoutingPacket ForwardingEgress Interface DeterminationNetwork Interfaces - Question #211Deploy and Configure
Which PAN-OS ® policy must you configure to force a user to provide additional credentials before he is allowed to access an internal application that contains highly-sensitive bus...
Authentication policyUser authenticationAccess controlPAN-OS policies - Question #212Configuration Troubleshooting
How would an administrator monitor/capture traffic on the management interface of the Palo Alto Networks NGFW?
Traffic CaptureTroubleshootingManagement Interfacetcpdump - Question #213Core Concepts
If an administrator does not possess a website's certificate, which SSL decryption mode will allow the Palo Alto networks NGFW to inspect when users browse to HTTP(S) websites?
SSL DecryptionSSL Forward ProxyNetwork SecurityNGFW Features - Question #214Operate
Which CLI command enables an administrator to view details about the firewall including uptime, PAN-OS ® version, and serial number?
CLI commandsSystem informationOperational status - Question #215Deploy and Configure
An administrator has configured the Palo Alto Networks NGFW's management interface to connect to the internet through a dedicated path that does not traverse back through the NGFW...
Content UpdatesApplication SignaturesUpdate SchedulingAutomation - Question #216Deploy and Configure
A customer wants to set up a VLAN interface for a Layer 2 Ethernet port. Which two mandatory options are used to configure a VLAN interface? (Choose two.)
VLAN ConfigurationInterface ConfigurationVirtual RouterSecurity Zones - Question #217Deploy and Configure
Which option would an administrator choose to define the certificate and protocol that Panorama and its managed devices use for SSL/TLS services?
SSL/TLS ProfilePanoramaCertificate ManagementProtocol Configuration - Question #218Deploy and Configure
VPN traffic intended for an administrator's Palo Alto Networks NGFW is being maliciously intercepted and retransmitted by the interceptor. When creating a VPN tunnel, which protect...
VPNIPsecReplay ProtectionSecurity Profiles - Question #219Operate
Which item enables a firewall administrator to see details about traffic that is currently active through the NGFW?
Session MonitoringNGFW OperationsTraffic VisibilityFirewall Administration - Question #220Deploy and Configure
An engineer wants to configure aggregate interfaces to increase bandwidth and redundancy between the firewall and switch. Which statement is correct about the configuration of the...
Aggregate InterfacesLink AggregationInterface ConfigurationHardware Compatibility - Question #221Deploy and Configure
An administrator creates an SSL decryption rule decrypting traffic on all ports. The administrator also creates a Security policy rule allowing only the applications DNS, SSL, and...
SSL DecryptionApplication IdentificationDecryption ProfileTraffic Logging - Question #222Deploy and Configure
Refer to the exhibit. Which certificates can be used as a Forwarded Trust certificate?
SSL DecryptionCertificatesPKIForward Trust - Question #223Deploy and Configure
Which method does an administrator use to integrate all non-native MFA platforms in PAN-OS ® software?
MFA integrationRADIUSExternal authenticationPAN-OS configuration - Question #224Configuration Troubleshooting
Which CLI command can be used to export the tcpdump capture?
CLIPacket CaptureFile ExportTroubleshooting Tools - Question #225Deploy and Configure
Which three authentication services can an administrator use to authenticate admins into the Palo Alto Networks NGFW without defining a corresponding admin account on the local fir...
Admin AuthenticationRemote AuthenticationAuthentication ServicesNGFW Management - Question #226Deploy and Configure
Which method will dynamically register tags on the Palo Alto Networks NGFW?
Dynamic TagsXML-APIVM MonitoringUser-ID Agent - Question #227Core Concepts
Which feature can be configured on VM-Series firewalls?
VM-SeriesGlobalProtectRemote Access VPNFirewall Features - Question #228Configuration Troubleshooting
Which two options prevent the firewall from capturing traffic passing through it? (Choose two.)
Packet CaptureTroubleshootingTraffic OffloadFilters - Question #229Core Concepts
What is exchanged through the HA2 link?
High AvailabilityHA linksSession synchronization - Question #230Deploy and Configure
View the GlobalProtect configuration screen capture. What is the purpose of this configuration?
GlobalProtectInternal Host DetectionReverse DNS - Question #231Deploy and Configure
An administrator has been asked to create 100 virtual firewalls in a local, on-premise lab environment (not in "the cloud"). Bootstrapping is the most expedient way to perform this...
BootstrappingVirtual Firewall DeploymentOn-premiseInitial Configuration - Question #232Deploy and Configure
Which two subscriptions are available when configuring panorama to push dynamic updates to connected devices? (Choose two.)
PanoramaDynamic UpdatesSecurity SubscriptionsContent Updates - Question #233Deploy and Configure
Which two benefits come from assigning a Decryption Profile to a Decryption policy rule with a "No Decrypt" action? (Choose two.)
Decryption ProfileNo Decrypt ActionSSL Handshake InspectionCertificate Validation - Question #234Operate
Which CLI command enables an administrator to check the CPU utilization of the dataplane?
CLI CommandsDataplane MonitoringResource Utilization - Question #235Deploy and Configure
If an administrator wants to decrypt SMTP traffic and possesses the server's certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to inspect traffic to the...
SSL DecryptionInbound InspectionNGFW FeaturesTraffic Inspection - Question #236Deploy and Configure
An administrator has been asked to configure a Palo Alto Networks NGFW to provide protection against external hosts attempting to exploit a flaw in an operating system on an intern...
Vulnerability ProtectionSecurity ProfilesThreat PreventionNGFW - Question #237Deploy and Configure
Which three are valid configuration options in a WildFire Analysis Profile? (Choose three.)
WildFireSecurity ProfilesMalware AnalysisThreat Prevention - Question #238Deploy and Configure
Which DoS protection mechanism detects and prevents session exhaustion attacks?
DoS ProtectionResource ProtectionSession Exhaustion - Question #239Deploy and Configure
Which processing order will be enabled when a Panorama administrator selects the setting "Objects defined in ancestors will take higher precedence?"
PanoramaObject PrecedenceDevice GroupsHierarchy - Question #240Deploy and Configure
An administrator has a requirement to export decrypted traffic from the Palo Alto Networks NGFW to a third-party, deep-level packet inspection appliance. Which interface type and l...
Decryption MirroringNGFW InterfacesTraffic ExportLicensing - Question #241Deploy and Configure
An administrator using an enterprise PKI needs to establish a unique chain of trust to ensure mutual authentication between Panorama and the managed firewalls and Log Collectors. H...
Custom CertificatesPKIMutual AuthenticationPanorama Device Management - Question #242Configuration Troubleshooting
The firewall identifies a popular application as an unknown-tcp. Which two options are available to identify the application? (Choose two.)
App-IDCustom ApplicationsApplication IdentificationTroubleshooting - Question #243Operate
An administrator has created an SSL Decryption policy rule that decrypts SSL sessions on any port. Which log entry can the administrator use to verify that sessions are being decry...
SSL DecryptionLogsVerification - Question #244Deploy and Configure
Which two methods can be used to verify firewall connectivity to AutoFocus? (Choose two.)
AutoFocusConnectivity verificationLicensingSecurity services configuration - Question #245Core Concepts
When is the content inspection performed in the packet flow process?
Packet flowContent inspectionApp-IDSecurity processing - Question #246Deploy and Configure
Which User-ID method should be configured to map IP addresses to usernames for users connected through a terminal server?
User-IDPort MappingTerminal ServicesUser-to-IP Mapping - Question #247Deploy and Configure
Refer to the exhibit. A web server in the DMZ is being mapped to a public address through DNAT. Which Security policy rule will allow traffic to flow to the web server?
DNATSecurity Policy RulesFirewall ZonesPolicy Evaluation - Question #248Core Concepts
In High Availability, which information is transferred via the HA data link?
High AvailabilityHA data linkSession synchronization - Question #249Deploy and Configure
Which three authentication factors does PAN-OS@software support for MFA? (Choose three.)
MFAAuthenticationPAN-OS Features - Question #250Deploy and Configure
A client has a sensitive application server in their data center and is particularly concerned about resource exhaustion because of distributed denial-of-service attacks. How can t...
DDoS MitigationDoS Protection ProfileResource ExhaustionSecurity Profiles - Question #251Deploy and Configure
A customer wants to combine multiple Ethernet interfaces into a single virtual interface using link aggregation. Which two formats are correct for naming aggregate interfaces? (Cho...
Link AggregationInterface NamingAggregate EthernetNetwork Interfaces - Question #252Operate
If a DNS sinkhole is configured, any sinkhole actions indicating a potentially infected host are recorded in which log type?
DNS SinkholeLoggingThreat PreventionLog Types - Question #253Deploy and Configure
A web server is hosted in the DMZ and the server is configured to listen for incoming connections on TCP port 443. A Security policies rules allowing access from the Trust zone to...
Security PoliciesApplication Identification (App-ID)SSL DecryptionService Objects - Question #254Deploy and Configure
Which three user authentication services can be modified to provide the Palo Alto Networks NGFW with both usernames and role names? (Choose three.)
Authentication ServicesUser-IDRole MappingExternal Authentication