Browse Exams Pricing

ExamsPCNSEQuestions

PCNSE Exam Questions

860 real PCNSE exam questions with expert-verified answers and explanations. Page 6 of 18.

Question #255Deploy and Configure
Which prerequisite must be satisfied before creating an SSH proxy Decryption policy?
SSH Proxy DecryptionDecryption PolicyPolicy Creation PrerequisitesPalo Alto Networks Security Features
Question #256Deploy and Configure
Which virtual router feature determines if a specific destination IP address is reachable?
Virtual RouterPath MonitoringReachabilityNetwork Monitoring
Question #258Configuration Troubleshooting
An administrator has configured a QoS policy rule and a QoS Profile that limits the maximum allowable bandwidth for the YouTube application. However, YouTube is consuming more than...
QoSInterface ConfigurationTroubleshooting
Question #259Operate
Which log file can be used to identify SSL decryption failures?
SSL DecryptionLoggingTraffic LogsTroubleshooting
Question #260Deploy and Configure
A customer wants to set up a site-to-site VPN using tunnel interfaces? Which two formats are correct for naming tunnel interfaces? (Choose two.)
VPNTunnel InterfaceNaming ConventionInterface Configuration
Question #261Core Concepts
Based on the following image, what is the correct path of root, intermediate, and end-user certificate?
Certificate ChainPKIDigital CertificatesSSL/TLS
Question #262Deploy and Configure
An administrator wants a new Palo Alto Networks NGFW to obtain automatic application updates daily, so it is configured to use a scheduler for the application database. Unfortunate...
Service RoutesContent UpdatesManagement InterfaceDataplane
Question #263Deploy and Configure
A company wants to install a PA-3060 firewall between two core switches on a VLAN trunk link. They need to assign each VLAN to its own zone and assign untagged (native) traffic to...
V-WireVLAN SubinterfacesSecurity ZonesTransparent Deployment
Question #264Deploy and Configure
An engineer needs to redistribute User-ID mappings from multiple data centers. Which data flow best describes redistribution of user mappings?
User-IDUser-ID redistributionDistributed User-IDFirewall communication
Question #265Operate
Where can an administrator see both the management plane and data plane CPU utilization in the WebUI?
MonitoringCPU UtilizationWebUISystem Resources
Question #266Deploy and Configure
Which four NGFW multi-factor authentication factors are supported by PAN-OS? (Choose four.)
Multi-Factor Authentication (MFA)Authentication FactorsPAN-OS FeaturesIdentity Management
Question #267Core Concepts
Which two features does PAN-OS® software use to identify applications? (Choose two.)
App-IDApplication IdentificationTraffic ClassificationLayer 7 Inspection
Question #268Plan
An administrator wants to upgrade an NGFW from PAN-OS® 7.1.2 to PAN-OS® 8.0.2. The firewall is not a part of an HA pair. What needs to be updated first?
PAN-OS upgradeUpgrade procedureApplications and ThreatsPrerequisites
Question #269Operate
When backing up and saving configuration files, what is achieved using only the firewall and is not available in Panorama?
Configuration ManagementBackup and RestoreFirewall OperationsPanorama
Question #270Deploy and Configure
Which two settings can be configured only locally on the firewall and not pushed from a Panorama template stack? (Choose two.)
Panorama ManagementLocal ConfigurationHigh Availability (HA)Master Key
Question #271Operate
An administrator just submitted a newly found piece of spyware for WildFire analysis. The spyware monitors behavior without the user's knowledge. What is the expected verdict from...
WildFireThreat ClassificationGraywareSpyware
Question #272Configuration Troubleshooting
When configuring the firewall for packet capture, what are the valid stage types?
Packet CaptureTroubleshootingFirewall ConfigurationDiagnostic Tools
Question #273Operate
Which operation will impact performance of the management plane?
Management PlanePerformance ImpactReportingPlane Separation
Question #274Deploy and Configure
Which User-ID method maps IP addresses to usernames for users connecting through a web proxy that has already authenticated the user?
User-IDWeb Proxy IntegrationSyslogIP-to-Username Mapping
Question #275Core Concepts
The firewall determines if a packet is the first packet of a new session or if a packet is part of an existing session using which kind of match?
Firewall sessionsPacket processing6-tupleSession identification
Question #276Deploy and Configure
Which GlobalProtect Client connect method requires the distribution and use of machine certificates?
GlobalProtectPre-logonMachine CertificatesVPN Client Authentication
Question #277Core Concepts
Which feature can provide NGFWs with User-ID mapping information?
User-IDGlobalProtectIdentity MappingNGFW Features
Question #278Deploy and Configure
Which Panorama administrator types require the configuration of at least one access domain? (Choose two.)
Panorama AdministrationAccess ControlAdministrator RolesAccess Domains
Question #279Deploy and Configure
Which option enables a Palo Alto Networks NGFW administrator to schedule Application and Threat updates while applying only new content IDs to traffic?
Content UpdatesApp-IDNGFW ConfigurationThreat Prevention
Question #280Core Concepts
Which is the maximum number of samples that can be submitted to WildFire per day, based on a WildFire subscription?
WildFireSubscription limitsSample submission
Question #281Deploy and Configure
In which two types of deployment is active/active HA configuration supported? (Choose two.)
HAActive/ActiveDeployment ModesPalo Alto Networks Firewall
Question #282Core Concepts
For which two reasons would a firewall discard a packet as part of the packet flow sequence? (Choose two.)
Packet FlowPacket Discard ReasonsSecurity PolicyFirewall Operations
Question #283Operate
Which logs enable a firewall administrator to determine whether a session was decrypted?
DecryptionLoggingSSL/TLS InspectionFirewall Administration
Question #284Configuration Troubleshooting
An administrator needs to upgrade an NGFW to the most current version of PAN-OS?software. The following is occurring: - Firewall has internet connectivity through e 1/1. - Default...
PAN-OS UpdatesDNS ConfigurationNetwork TroubleshootingFirewall Management
Question #285Deploy and Configure
A client has a sensitive application server in their data center and is particularly concerned about session flooding because of denial-of-service attacks. How can the Palo Alto Ne...
DoS ProtectionSession FloodingSecurity ProfilesNGFW Configuration
Question #286Operate
An administrator deploys PA-500 NGFWs as an active/passive high availability pair. The devices are not participating in dynamic routing, and preemption is disabled. What must be ve...
PAN-OS UpgradeHigh AvailabilityContent UpdatesUpgrade Pre-requisites
Question #287Deploy and Configure
A firewall administrator has been asked to configure a Palo Alto Networks NGFW to prevent against compromised hosts trying to phone-home or beacon out to external command-and- cont...
Anti-SpywareSecurity ProfilesBotnet PreventionCommand and Control
Question #288Plan
What should an administrator consider when planning to revert Panorama to a pre-PAN-OS 8.1 version?
PanoramaPAN-OS DowngradeConfiguration VariablesCompatibility
Question #289Deploy and Configure
Which two methods can be configured to validate the revocation status of a certificate? (Choose two.)
Certificate RevocationPKICRLOCSP
Question #290Deploy and Configure
Which administrative authentication method supports authorization by an external service?
AuthenticationAuthorizationRADIUSAdministrative Access
Question #291Core Concepts
Which three file types can be forwarded to WildFire for analysis as a part of the basic WildFire service? (Choose three.)
WildFireSupported File TypesMalware AnalysisThreat Prevention
Question #292Deploy and Configure
An administrator has been asked to configure active/active HA for a pair of Palo Alto Networks NGFWs. The firewall use Layer 3 interfaces to send traffic to a single gateway IP for...
High Availability (HA)Active/Active HAFloating IPGratuitous ARP
Question #293Deploy and Configure
Which version of GlobalProtect supports split tunneling based on destination domain, client process, and HTTP/HTTPS video streaming application?
GlobalProtectSplit TunnelingPAN-OS VersionsFeature Availability
Question #294Deploy and Configure
How does Panorama prompt VMWare NSX to quarantine an infected VM?
Panorama IntegrationVMware NSXSecurity AutomationHTTP API
Question #296Deploy and Configure
Which two actions would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL Forward Proxy? (Choose two.)
SSL Decryption PolicyCertificate ValidationUntrusted Issuers BlockingDecryption Profile Settings
Question #297Deploy and Configure
An administrator is defining protection settings on the Palo Alto Networks NGFW to guard against resource exhaustion. When platform utilization is considered, which steps must the...
Packet Buffer ProtectionResource ExhaustionNGFW ProtectionPlatform Protection
Question #298Core Concepts
What is the purpose of the firewall decryption broker?
SSL DecryptionDecryption BrokerTraffic InspectionSecurity Chaining
Question #299Deploy and Configure
SAML SLO is supported for which two firewall features? (Choose two.)
SAMLSingle Logout (SLO)GlobalProtectAuthentication
Question #300Operate
What are the two behavior differences between Highlight Unused Rules and the Rule Usage Hit counter when a firewall is rebooted? (Choose two.)
Rule Usage MonitoringSecurity Policy ManagementFirewall OperationsSystem Reboot Behavior
Question #301Configuration Troubleshooting
Which is not a valid reason for receiving a decrypt-cert-validation error?
Certificate ValidationSSL DecryptionError TroubleshootingPKI
Question #302Operate
In the following image from Panorama, why are some values shown in red?
Panorama MonitoringLogging RatesAnomaly DetectionDevice Health
Question #303Configuration Troubleshooting
The firewall is not downloading IP addresses from MineMeld. Based, on the image, what most likely is wrong?
External Dynamic Lists (EDL)MineMeldCertificatesSSL/TLS Trust
Question #304Configuration Troubleshooting
Based on the image, what caused the commit warning?
SSL DecryptionCertificatesCommit WarningsForward Proxy
Question #305Deploy and Configure
Which three methods are supported for split tunneling in the GlobalProtect Gateway? (Choose three.)
GlobalProtectSplit TunnelingGateway ConfigurationRemote Access VPN
Question #306Operate
Starting with PAN-OS version 9.1, GlobalProtect logging information is now recorded in which firewall log?
GlobalProtectLoggingPAN-OS 9.1 FeaturesFirewall Logs

PreviousPage 6 of 18Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.