PCNSE Exam Questions
860 real PCNSE exam questions with expert-verified answers and explanations. Page 9 of 18.
- Question #413Deploy and Configure
Refer to the image. An administrator is tasked with correcting an NTP service configuration for firewalls that cannot use the Global template NTP servers. The administrator needs t...
Panorama TemplatesTemplate StacksConfiguration OverridesTemplate Variables - Question #414Configuration Troubleshooting
While troubleshooting an SSL Forward Proxy decryption issue, which PAN-OS CLI command would you use to check the details of the end entity certificate that is signed by the Forward...
SSL DecryptionCLI CommandsTroubleshootingCertificates - Question #415Deploy and Configure
Which action disables Zero Touch Provisioning (ZTP) functionality on a ZTP firewall during the onboarding process?
Zero Touch Provisioning (ZTP)Firewall OnboardingLocal CommitDeployment Procedures - Question #416Core Concepts
In URL filtering, which component matches URL patterns?
URL FilteringData PlaneFirewall ArchitectureSecurity Processing - Question #417Deploy and Configure
In a template, you can configure which two objects? (Choose two.)
Panorama TemplatesConfiguration ObjectsMonitor ProfilesIPsec Tunnels - Question #418Plan
An organization's administrator has the funds available to purchase more firewalls to increase the organization's security posture. The partner SE recommends placing the firewalls...
Firewall DeploymentNetwork SegmentationFirewall PerformanceSecurity Architecture - Question #419Deploy and Configure
An administrator needs to validate that policies that will be deployed will match the appropriate rules in the device-group hierarchy. Which tool can the administrator use to revie...
Policy ValidationPreview ChangesConfiguration ManagementPolicy Deployment - Question #420Core Concepts
What is a key step in implementing WildFire best practices?
WildFireThreat PreventionSubscriptionsBest Practices - Question #421Operate
What happens when an A/P firewall cluster synchronizes IPsec tunnel security associations (SAs)?
HAIPsecSA SynchronizationHA2 Link - Question #422Deploy and Configure
A security engineer needs to mitigate packet floods that occur on a set of servers behind the internet facing interface of the firewall. Which Security Profile should be applied to...
DoS ProtectionPacket FloodsSecurity ProfilesThreat Prevention - Question #423Core Concepts
What are three reasons why an installed session can be identified with the "application incomplete" tag? (Choose three.)
App-IDSession stateApplication incompleteTCP session - Question #424Operate
Which three statements correctly describe Session 380280? (Choose three.)
App-IDSSL DecryptionSession LoggingApplication Shift - Question #425Configuration Troubleshooting
An administrator's device-group commit push is failing due to a new URL category. How should the administrator correct this issue?
Panorama managementContent UpdatesURL FilteringCommit Troubleshooting - Question #426Deploy and Configure
A security engineer needs firewall management access on a trusted interface. Which three settings are required on an SSL/TLS Service Profile to provide secure Web Ul authentication...
SSL/TLS ProfileManagement InterfaceWeb UI SecurityTLS Versioning - Question #427Deploy and Configure
Which type of interface does a firewall use to forward decrypted traffic to a security chain for inspection?
Firewall interfacesDecryption forwardingSecurity chain integrationLayer 3 routing - Question #429Operate
Which benefit do policy rule UUIDs provide?
Policy Rule UUIDsAudit TrailSecurity Policies - Question #430Deploy and Configure
What are two valid deployment options for Decryption Broker? (Choose two)
Decryption BrokerDeployment OptionsSecurity ChainSSL Decryption - Question #431Operate
An administrator needs to evaluate a recent policy change that was committed and pushed to a firewall device group. How should the administrator identify the configuration changes?
Configuration LogsPanorama ManagementChange VerificationMonitoring - Question #432Deploy and Configure
Which two statements are true about DoS Protection and Zone Protection Profiles? (Choose two).
DoS ProtectionZone Protection ProfilesSecurity PolicyFirewall Zones - Question #433Deploy and Configure
Which two statements are true for the DNS Security service? (Choose two.)
DNS SecurityCloud ServicesThreat PreventionService Activation - Question #434Deploy and Configure
An engineer is creating a security policy based on Dynamic User Groups (DUG) What benefit does this provide?
Dynamic User Groups (DUG)Security PolicyUser-IDAutomation - Question #435Deploy and Configure
What happens, by default, when the GlobalProtect app fails to establish an IPSec tunnel to the GlobalProtect gateway?
GlobalProtectTunnelingIPSecProtocol Fallback - Question #436Deploy and Configure
A standalone firewall with local objects and policies needs to be migrated into Panorama. What procedure should you use so Panorama is fully managing the firewall?
Panorama ManagementFirewall MigrationConfiguration ImportCentralized Management - Question #437Deploy and Configure
You are auditing the work of a co-worker and need to verify that they have matched the Palo Alto Networks Best Practices for Anti-Spyware Profiles. For Which three severity levels...
Anti-Spyware ProfilePacket CaptureBest PracticesThreat Prevention - Question #438Operate
In a security-first network, what is the recommended threshold value for apps and threats to be dynamically updated?
Content UpdatesApp-ID UpdatesThreat Prevention UpdatesBest Practices - Question #439Operate
Refer to the exhibit. Using the above screenshot of the ACC, what is the best method to set a global filter, narrow down Blocked User Activity, and locate the user(s) that could be...
ACC (Application Command Center)FilteringBotnet detectionUser monitoring - Question #440Deploy and Configure
To support a new compliance requirement, your company requires positive username attribution of every IP address used by wireless devices. You must collect IP address-to-username m...
User-IDsyslog integrationIdentity mappingCompliance requirements - Question #441Configuration Troubleshooting
An administrator has configured PAN-OS SD-WAN and has received a request to find out the reason for a session failover for a session that has already ended. Where would you find th...
SD-WANLoggingTroubleshootingSession Management - Question #442Operate
What are two best practices for incorporating new and modified App-IDs? (Choose two.)
App-IDSecurity PolicyBest PracticesContent Updates - Question #443Deploy and Configure
What type of address object would be useful for internal devices where the addressing structure assigns meaning to certain bits in the address, as illustrated in the diagram?
IP AddressingWildcard MaskAddress ObjectsNetwork Configuration - Question #444Operate
Which statement is true regarding a Best Practice Assessment?
Best Practice Assessment (BPA)Configuration assessmentSecurity best practicesOperational tools - Question #445Operate
An administrator is using Panorama and multiple Palo Alto Networks NGFWs. After upgrading all devices to the latest PAN-OS software, the administrator enables log forwarding from t...
Log ForwardingHistorical Log ExportCLI OperationsPanorama Integration - Question #446Deploy and Configure
The manager of the network security team has asked you to help configure the company's Security Profiles according to Palo Alto Networks best practice. As part of that effort, the...
Vulnerability ProtectionSecurity ProfilesBest PracticesPacket Capture - Question #447Deploy and Configure
When deploying PAN-OS SD-WAN, which routing protocol can you use to build a routing overlay?
PAN-OS SD-WANRouting ProtocolsOSPFSD-WAN Overlay - Question #448Deploy and Configure
A network-security engineer attempted to configure a bootstrap package on Microsoft Azure, but the virtual machine provisioning process failed. In reviewing the bootstrap package,...
VM-Series DeploymentBootstrap PackageAzure IntegrationContent Updates - Question #449Deploy and Configure
A superuser is tasked with creating administrator accounts for three contractors. For compliance purposes, all three contractors will be working with different device-groups in the...
Role-Based Access ControlPanorama Administrator RolesDevice Group AdministrationTemplate Administration - Question #450Operate
Based on the graphic, which statement accurately describes the output shown in the Server Monitoring panel?
User-IDMonitoringDomain ControllerAgent Connectivity - Question #451Deploy and Configure
An engineer was tasked to simplify configuration of multiple firewalls with a specific set of configurations shared across all devices. Which two advantages would be gained by usin...
TemplatesPanoramaConfiguration StandardizationTemplate Stacks - Question #452Deploy and Configure
Refer to the diagram. An administrator needs to create an address object that will be useable by the NYC, MA, CA and WA device groups. Where will the object need to be created with...
PanoramaDevice GroupsObject InheritanceAddress Objects - Question #453Deploy and Configure
You need to allow users to access the office-suite applications of their choice. How should you configure the firewall to allow access to any office-suite application?
App-IDApplication FiltersSecurity PolicyFirewall Configuration - Question #454Deploy and Configure
A network administrator wants to deploy GlobalProtect with pre-logon for Windows 10 endpoints and follow Palo Alto Networks best practices. To install the certificate and key for a...
GlobalProtectPre-logonMachine CertificatesCertificate Management - Question #456Deploy and Configure
To ensure that a Security policy has the highest priority, how should an administrator configure a Security policy in the device group hierarchy?
Security PolicyPolicy PriorityPanorama Device GroupsRule Order - Question #457Deploy and Configure
Which GlobalProtect gateway setting is required to enable split-tunneling by access route, destination domain, and application?
GlobalProtectSplit-tunnelingGateway settingsTunnel mode - Question #458Deploy and Configure
Which two firewall components enable you to configure SYN flood protection thresholds? (Choose two)
SYN flood protectionDoS protectionZone Protection ProfileDoS Protection Profile - Question #459Deploy and Configure
An administrator is attempting to create policies tor deployment of a device group and template stack. When creating the policies, the zone drop down list does not include the requ...
PanoramaDevice GroupsTemplatesPolicy Configuration - Question #460Deploy and Configure
A user's traffic traversing a Palo Alto Networks NGFW sometimes can reach How can the firewall be configured automatically disable the PBF rule if the next hop goes down?
Policy-Based Forwarding (PBF)Path MonitoringFailoverHigh Availability - Question #461Plan
An engineer is in the planning stages of deploying User-ID in a diverse directory services environment. Which server OS platforms can be used for server monitoring with User-ID?
User-IDServer MonitoringDirectory ServicesPlatform Support - Question #462Plan
Your company has to Active Directory domain controllers spread across multiple WAN links. All users authenticate to Active Directory Each link has substantial network bandwidth to...
User-ID AgentsBest PracticesFirewall PerformanceManagement Plane - Question #463Deploy and Configure
A customer is replacing their legacy remote access VPN solution. The current solution is in place to secure only internet egress for the connected clients. Prisma Access has been s...
Prisma AccessMobile UsersSecurity PolicyInternet Egress - Question #464Deploy and Configure
What best describes the HA Promotion Hold Time?
High AvailabilityHA ConfigurationFailoverPromotion Hold Time