Browse Exams Pricing

ExamsPCNSEQuestions

PCNSE Exam Questions

860 real PCNSE exam questions with expert-verified answers and explanations. Page 7 of 18.

Question #307Operate
A system administrator runs a port scan using the company tool as part of vulnerability check. The administrator finds that the scan is identified as a threat and is dropped by the...
Zone ProtectionReconnaissance ProtectionExclusionsSecurity Profiles
Question #308Plan
Which three items are import considerations during SD-WAN configuration planning? (Choose three.)
SD-WAN planningNetwork designConfiguration prerequisitesSite architecture
Question #309Deploy and Configure
Which two events trigger the operation of automatic commit recovery? (Choose two.)
Commit RecoveryConfiguration ManagementFirewall Features
Question #310Operate
Panorama provides which two SD-WAN functions? (Choose two.)
SD-WANPanoramaControl PlaneNetwork Monitoring
Question #311Operate
Which two are valid ACC GlobalProtect Activity tab widgets? (Choose two.)
GlobalProtect MonitoringACC WidgetsPalo Alto Networks GUI
Question #312Deploy and Configure
Which two features can be used to tag a username so that it is included in a dynamic user group? (Choose two.)
User-IDDynamic User GroupsAuto-taggingXML API
Question #313Core Concepts
SD-WAN is designed to support which two network topology types? (Choose two.)
SD-WANNetwork TopologiesHub-and-SpokeFull-Mesh
Question #314Operate
Which option describes the operation of the automatic commit recovery feature?
Automatic Commit RecoveryPanoramaConfiguration ManagementConnectivity Issues
Question #315Plan
Which three items are important considerations during SD-WAN configuration planning? (Choose three.)
SD-WAN PlanningNetwork DesignIP AddressingLink Requirements
Question #316Operate
What will be the egress interface if the traffic's ingress interface is ethernet1/6 sourcing from 192.168.111.3 and to the destination 10.46.41.113 during the time shown in the ima...
RoutingPacket ForwardingInterfacesTraffic Flow
Question #317Deploy and Configure
How can an administrator configure the NGFW to automatically quarantine a device using GlobalProtect?
GlobalProtectAuto-quarantineSecurity PoliciesLog Forwarding
Question #318Deploy and Configure
To protect your firewall and network from single source denial of service (DoS) attacks that can overwhelm its packet buffer and cause legitimate traffic to drop, you can configure
DoS ProtectionPacket Buffer ProtectionFirewall Security
Question #319Deploy and Configure
A bootstrap USB flash drive has been prepared using a Windows workstation to load the initial configuration of a Palo Alto Networks firewall that was previously being used in a lab...
BootstrappingInitial ConfigurationUSB DeploymentFirewall Deployment
Question #320Deploy and Configure
An Administrator is configuring Authentication Enforcement and they would like to create an exemption rule to exempt a specific group from authentication. Which authentication enfo...
Authentication EnforcementAuthentication ExemptionAuthentication PolicyPAN-OS Objects
Question #321Deploy and Configure
A bootstrap USB flash drive has been prepared using a Linux workstation to load the initial configuration of a Palo Alto Networks firewall. The USB flash drive was formatted using...
BootstrappingUSB ConfigurationFile System Requirements
Question #322Deploy and Configure
To more easily reuse templates and template stacks, you can create template variables in place of firewall-specific and appliance-specific IP literals in your configurations. Which...
PanoramaTemplate VariablesConfiguration ManagementSyntax
Question #323Deploy and Configure
On the NGFW, how can you generate and block a private key from export and thus harden your security posture and prevent rogue administrators or other bad actors from misusing keys?
Certificate ManagementPrivate Key SecuritySecurity HardeningNGFW Configuration
Question #324Core Concepts
What is the maximum number of samples that can be submitted to WildFire manually per day?
WildFireManual SubmissionDaily LimitSecurity Features
Question #325Core Concepts
What file type upload is supported as part of the basic WildFire service?
WildFireFile AnalysisSupported File TypesMalware Analysis
Question #326Operate
Updates to dynamic user group membership are automatic therefore using dynamic user groups instead of static group objects allows you to:
Dynamic User GroupsPolicy AutomationUser-ID
Question #327Core Concepts
At which stage of the cyber-attack lifecycle would the attacker attach an infected PDF file to an email?
Cyber Attack LifecycleDelivery PhaseMalware DeliveryEmail-based Attacks
Question #328Deploy and Configure
In a Panorama template, which three types of objects are configurable? (Choose three.)
Panorama TemplatesConfiguration ObjectsProfile ManagementCentralized Management
Question #329Operate
Which value in the Application column indicates UDP traffic that did not match an App-ID signature?
App-IDTraffic IdentificationUDPFirewall Logs
Question #330Deploy and Configure
An engineer must configure the Decryption Broker feature. Which Decryption Broker security chain supports bi-directional traffic flow?
Decryption BrokerSecurity ChainsTraffic ForwardingLayer 3 Networking
Question #331Operate
An organization has recently migrated its infrastructure and configuration to NGFWs, for which Panorama manages the devices. The organization is coming from a L2-L4 firewall vendor...
Policy OptimizationApp-IDPanorama ToolsSecurity Policy Management
Question #332
An engineer creates a set of rules in a Device Group (Panorama) to permit traffic to various services for a specific LDAP user group. What needs to be configured to ensure Panorama...
Question #333Operate
An administrator wants to upgrade a firewall HA pair to PAN-OS 10.1. The firewalls are currently running PAN-OS 8.1.17. Which upgrade path maintains synchronization of the HA sessi...
PAN-OS UpgradeHigh AvailabilityUpgrade PathHA Synchronization
Question #334Deploy and Configure
An engineer must configure a new SSL decryption deployment. Which profile or certificate is required before any traffic that matches an SSL decryption rule is decrypted?
SSL DecryptionDecryption ProfileDecryption Policy
Question #335Operate
When you import the configuration of an HA pair into Panorama, how do you prevent the import from affecting ongoing traffic?
PanoramaHigh Availability (HA)Configuration ManagementOperational Best Practices
Question #336Deploy and Configure
Which configuration task is best for reducing load on the management plane?
Management PlaneResource OptimizationReportingSystem Performance
Question #337Deploy and Configure
Which Panorama objects restrict administrative access to specific device-groups?
Panorama AdministrationAccess ControlDevice GroupsAccess Domains
Question #338Configuration Troubleshooting
An administrator has 750 firewalls. The administrator's central-management Panorama instance deploys dynamic updates to the firewalls. The administrator notices that the dynamic up...
PanoramaDynamic UpdatesConfiguration PrecedenceTroubleshooting
Question #339Deploy and Configure
Which rule type controls end user SSL traffic to external websites?
SSL DecryptionForward ProxySecurity PolicyTraffic Inspection
Question #340Core Concepts
Which two statements correctly identify the number of Decryption Broker security chains that are supported on a pair of decryption-forwarding interfaces? (Choose two)
Decryption BrokerSecurity ChainsTransparent BridgePlatform Limits
Question #341Deploy and Configure
An organization is building a Bootstrap Package to deploy Palo Alto Networks VM-Series firewalls into their AWS tenant. Which two statements are correct regarding the bootstrap pac...
VM-SeriesBootstrap PackageAWS DeploymentInitial Configuration
Question #343Deploy and Configure
A network administrator wants to use a certificate for the SSL/TLS Service Profile. Which type of certificate should the administrator use?
SSL/TLSCertificatesService Profiles
Question #344Deploy and Configure
In SSL Forward Proxy decryption, which two certificates can be used for certificate signing? (Choose two.)
SSL DecryptionForward ProxyCertificate ManagementCA Certificates
Question #345Deploy and Configure
Use the image below If the firewall has the displayed link monitoring configuration what will cause a failover?
High Availability (HA)Link MonitoringFailoverInterface Monitoring
Question #346Operate
When overriding a template configuration locally on a firewall, what should you consider?
PanoramaTemplate OverridesConfiguration ManagementDevice Management
Question #348Plan
An engineer is designing a deployment of multi-vsys firewalls. What must be taken into consideration when designing the device group structure?
Multi-vsysPanorama Device GroupsDeployment Design
Question #349Operate
The SSL Forward Proxy decryption policy is configured. The following four certificate authority (CA) certificates are installed on the firewall. An end-user visits the untrusted we...
SSL Forward ProxyDecryption PoliciesCertificate ManagementForward Trust Certificate
Question #350Plan
An engineer is planning an SSL decryption implementation. Which of the following statements is a best practice for SSL decryption?
SSL DecryptionCertificatesForward TrustBest Practices
Question #351Deploy and Configure
When you configure an active/active high availability pair, which two links can you use? (Choose two.)
High AvailabilityActive/Active HAHA linksPalo Alto Networks
Question #352Operate
Which CLI command displays the physical media that are connected to ethernet1/8?
CLI CommandsInterface StatusPhysical MediaNetwork Interfaces
Question #353Core Concepts
In a firewall, which three decryption methods are valid? (Choose three )
Decryption MethodsSSL/TLS InspectionSSH InspectionPalo Alto Firewall Features
Question #354Core Concepts
The UDP-4501 protocol-port is used between which two GlobalProtect components?
GlobalProtectUDP-4501ProtocolComponent Communication
Question #355Deploy and Configure
Users within an enterprise have been given laptops that are joined to the corporate domain. In some cases, IT has also deployed Linux-based OS systems with a graphical desktop. Inf...
User-IDIP-to-User MappingEndpoint AgentLinux Systems
Question #356Deploy and Configure
What are three tasks that cannot be configured from Panorama by using a template stack? (Choose three)
Panorama TemplatesTemplate StacksConfiguration LimitationsOperational Modes
Question #357Plan
A company needs to preconfigure firewalls to be sent to remote sites with the least amount of preconfiguration. Once deployed each firewall must establish secure tunnels back to mu...
GlobalProtect SatelliteSite-to-Site VPNVPN DeploymentScalability
Question #358Deploy and Configure
PBF can address which two scenarios? (Select Two)
Policy-Based Forwarding (PBF)Traffic SteeringLink FailoverApplication Routing

PreviousPage 7 of 18Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.