Browse Exams Pricing

ExamsPCNSEQuestions

PCNSE Exam Questions

860 real PCNSE exam questions with expert-verified answers and explanations. Page 8 of 18.

Question #359Operate
In a security-first network what is the recommended threshold value for content updates to be dynamically updated?
Content UpdatesBest PracticesSecurity PostureDynamic Updates
Question #360Deploy and Configure
A firewall is configured with SSL Forward Proxy decryption and has the following four enterprise certificate authorities (Cas):
SSL DecryptionCertificate AuthoritiesForward Trust
Question #361Deploy and Configure
An administrator plans to deploy 15 firewalls to act as GlobalProtect gateways around the world Panorama will manage the firewalls. The firewalls will provide access to mobile user...
Panorama templatesTemplate stacksVariablesConfiguration deployment
Question #362Operate
A traffic log might list an application as "not-applicable" for which two reasons? (Choose two )
App-IDTraffic LogsSession ProcessingApplication Identification
Question #363Operate
An administrator is considering upgrading the Palo Alto Networks NGFW and central management Panorama version. What is considered best practice for this scenario?
Upgrade Best PracticesPanorama ManagementNGFW UpgradeVersion Compatibility
Question #365Deploy and Configure
When you configure a Layer 3 interface what is one mandatory step?
Layer 3 InterfacesVirtual RoutersNetwork Configuration
Question #366Plan
An administrator has a PA-820 firewall with an active Threat Prevention subscription. The administrator is considering adding a WildFire subscription. How does adding the WildFire...
WildFireThreat PreventionMalware ProtectionSubscription Services
Question #367Plan
Which three statements accurately describe Decryption Mirror? (Choose three.)
Decryption MirrorSSL DecryptionLegal ComplianceSecurity Risks
Question #368Plan
As a best practice, which URL category should you target first for SSL decryption?
SSL DecryptionURL FilteringBest PracticesSecurity Policy
Question #369Deploy and Configure
An administrator wants to enable zone protection. Before doing so, what must the administrator consider?
Zone ProtectionSecurity ZonesFirewall Configuration
Question #370Deploy and Configure
What are two characteristic types that can be defined for a variable? (Choose two)
Dynamic Address GroupsObject AttributesPolicy Elements
Question #371Deploy and Configure
What are three valid qualifiers for a Decryption Policy Rule match? (Choose three )
Decryption PolicySecurity Policy RulesPalo Alto FirewallPolicy Match Conditions
Question #372Operate
Given the following configuration, which route is used for destination 10.10.0.4?
Routing Table LookupLongest Prefix MatchRoute SelectionNetwork Routing
Question #373Deploy and Configure
When an in-band data port is set up to provide access to required services, what is required for an interface that is assigned to service routes?
In-band managementService routesInterface configurationStatic IP address
Question #374Deploy and Configure
What does SSL decryption require to establish a firewall as a trusted third party and to establish trust between a client and server to secure an SSL/TLS connection?
SSL DecryptionCertificatesTrust EstablishmentFirewall Security
Question #375Deploy and Configure
When setting up a security profile which three items can you use? (Choose three )
Security ProfilesWildFireAntivirusURL Filtering
Question #376Deploy and Configure
A variable name must start with which symbol?
Scripting syntaxAutomationCLI scriptingVariables
Question #377Configuration Troubleshooting
An administrator needs to troubleshoot a User-ID deployment. The administrator believes that there is an issue related to LDAP authentication. The administrator wants to create a p...
Packet CaptureCLI CommandsManagement PlaneLDAP Authentication
Question #378Deploy and Configure
What are two common reasons to use a "No Decrypt" action to exclude traffic from SSL decryption? (Choose two.)
SSL DecryptionTraffic ExclusionSecurity PolicyMutual Authentication
Question #379Plan
During SSL decryption which three factors affect resource consumption1? (Choose three )
SSL DecryptionResource ConsumptionTLS PerformanceCryptographic Algorithms
Question #380Configuration Troubleshooting
An internal system is not functioning. The firewall administrator has determined that the incorrect egress interface is being used. After looking at the configuration, the administ...
Static RoutingRoute InstallationPath MonitoringRouting Table
Question #381Operate
Before you upgrade a Palo Alto Networks NGFW what must you do?
NGFW UpgradePre-upgrade ChecksPAN-OS UpdatesCompatibility
Question #382Plan
Which User-ID mapping method should be used in a high-security environment where all IP address-to-user mappings should always be explicitly known?
User-IDGlobalProtectSecurity Best PracticesIP-User Mapping
Question #383Operate
Given the following snippet of a WildFire submission log, did the end-user get access to the requested information and why or why not?
WildFireSecurity Policy ActionsLog InterpretationThreat Verdicts
Question #384Operate
An administrator needs to gather information about the CPU utilization on both the management plane and the data plane. Where does the administrator view the desired data?
GUI NavigationPerformance MonitoringCPU UtilizationDashboard
Question #386Deploy and Configure
An administrator is required to create an application-based Security policy rule to allow Evernote. The Evernote application implicitly uses SSL and web browsing. What is the minim...
Security PolicyApplication-ID (App-ID)Application DependenciesFirewall Configuration
Question #387Deploy and Configure
Your company occupies one floor in a single building. You have two Active Directory domain controllers on a single network. The firewall's management-plane resources are lightly ut...
User-IDActive Directory IntegrationDeployment MethodsUser Mapping
Question #390Plan
Before an administrator of a VM-500 can enable DoS and zone protection, what actions need to be taken?
VM-Series PerformanceResource MonitoringDoS ProtectionZone Protection
Question #391Configuration Troubleshooting
An administrator receives the following error message: "IKE phase-2 negotiation failed when processing Proxy ID. Received local id 192. 168.33.33/24 type IPv4 address protocol 0 po...
VPN TroubleshootingIPSec VPNIKE Phase 2Proxy ID
Question #392Deploy and Configure
The following objects and policies are defined in a device group hierarchy. Dallas-Branch has Dallas-FW as a member of the Dallas-Branch device-group NYC-DC has NYC-FW as a member...
PanoramaDevice GroupsObject SharingAddress Objects
Question #393Plan
An administrator has purchased WildFire subscriptions for 90 firewalls globally. What should the administrator consider with regards to the WildFire infrastructure?
WildFireCloud InfrastructureMalware AnalysisThreat Signatures
Question #394Deploy and Configure
What are three reasons for excluding a site from SSL decryption? (Choose three.)
SSL Decryption ExclusionsCertificate PinningMutual AuthenticationTLS Cipher Support
Question #395Deploy and Configure
When setting up a security profile, which three items can you use? (Choose three.)
Security ProfilesThreat PreventionURL FilteringWildFire
Question #396Deploy and Configure
What are three types of Decryption Policy rules? (Choose three.)
Decryption PolicySSL Forward ProxySSL Inbound InspectionSSH Decryption
Question #397Plan
Which two features require another license on the NGFW? (Choose two.)
LicensingDecryption MirrorDecryption BrokerAdvanced Decryption
Question #398Deploy and Configure
A remote administrator needs access to the firewall on an untrust interface. Which three options would you configure on an Interface Management profile to secure management access?...
Interface Management ProfilesSecure Management AccessRemote AccessSecurity Best Practices
Question #399Deploy and Configure
A customer is replacing its legacy remote-access VPN solution. Prisma Access has been selected as the replacement. During onboarding, the following options and licenses were select...
Prisma AccessCortex Data LakeLog ForwardingSIEM Integration
Question #400Configuration Troubleshooting
A network security engineer has applied a File Blocking profile to a rule with the action of Block. The user of a Linux CLI operating system has opened a ticket. The ticket states...
File BlockingLoggingSecurity ProfilesLog Analysis
Question #401Deploy and Configure
In a device group, which two configuration objects are defined? (Choose two )
PanoramaDevice GroupsConfiguration ObjectsManagement Hierarchy
Question #402Deploy and Configure
An enterprise Information Security team has deployed policies based on AD groups to restrict user access to critical infrastructure systems. However, a recent phishing campaign aga...
MFA IntegrationCaptive PortalAuthentication ProfileAuthentication Policy
Question #403Deploy and Configure
An enterprise has a large Palo Alto Networks footprint that includes onsite firewalls and Prisma Access for mobile users, which is managed by Panorama. The enterprise already uses...
Prisma AccessGroup MappingPanoramaUser-ID
Question #404Operate
What happens to traffic traversing SD-WAN fabric that doesn't match any SD-WAN policies?
SD-WANTraffic ForwardingImplied PoliciesDefault Behavior
Question #405Deploy and Configure
A remote administrator needs firewall access on an untrusted interface. Which two components are required on the firewall to configure certificate-based administrator authenticatio...
Certificate authenticationAdmin accessPKICertificate profiles
Question #406Deploy and Configure
An engineer configures a specific service route in an environment with multiple virtual systems instead of using the inherited global service route configuration. What type of serv...
Service RoutesVirtual SystemsConfiguration
Question #407Deploy and Configure
A company wants to use their Active Directory groups to simplify their Security policy creation from Panorama. Which configuration is necessary to retrieve groups from Panorama?
Active Directory IntegrationPanorama ManagementUser-IDDevice Groups
Question #408Deploy and Configure
How can packet buffer protection be configured?
Packet Buffer ProtectionConfigurationGlobal ConfigurationZone Configuration
Question #409Plan
An existing NGFW customer requires direct internet access offload locally at each site, and IPSec connectivity to all branches over public internet. One requirement is that no new...
SD-WANPalo Alto NGFWBranch ConnectivityLocal Internet Breakout
Question #410Deploy and Configure
A firewall administrator requires an A/P HA pair to fail over more quickly due to critical business application uptime requirements. What is the correct setting?
HA ConfigurationFailover TimersHigh Availability
Question #411Core Concepts
What is the function of a service route?
Service RoutesFirewall ManagementManagement Plane TrafficRouting
Question #412Operate
Which of the following commands would you use to check the total number of the sessions that are currently going through SSL Decryption processing?
SSL DecryptionCLI CommandsSession Monitoring

PreviousPage 8 of 18Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.