26 September, 2021

The Refresh Guide To PCNSE Training Materials

High value of PCNSE exam topics materials and questions pool for Paloalto-Networks certification for candidates, Real Success Guaranteed with Updated PCNSE pdf dumps vce Materials. 100% PASS Palo Alto Networks Certified Security Engineer (PCNSE)PAN-OS 8.0 exam Today!

Paloalto-Networks PCNSE Free Dumps Questions Online, Read and Test Now.

Page: 1 / 21

Total 255 questions Full Exam Access

Question 1

What are two benefits of nested device groups in Panorama? (Choose two.)

Reuse of the existing Security policy rules and objects

Requires configuring both function and location for every device

All device groups inherit settings form the Shared group

Overwrites local firewall configuration

Question 2

Which two subscriptions are available when configuring panorama to push dynamic updates to connected devices? (Choose two.)

Content-ID

User-ID

Applications and Threats

Antivirus

Question 3

Which Palo Alto Networks VM-Series firewall is valid?

VM-25

VM-800

VM-50

VM-400

Question 4

An administrator has been asked to configure a Palo Alto Networks NGFW to provide protection against external hosts attempting to exploit a flaw in an operating system on an internal system. Which Security Profile type will prevent this attack?

Vulnerability Protection

Anti-Spyware

URL Filtering

Antivirus

Question 5

A global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck near the User-ID agent server. Which solution in PAN-OS® software would help in this case?

Application override

Redistribution of user mappings

Virtual Wire mode

Content inspection

Question 6

Refer to the exhibit.
PCNSE dumps exhibit

An administrator is using DNAT to map two servers to a single public IP address. Traffic will be
steered to the specific server based on the application, where Host A (10.1.1.100) received HTTP traffic and host B(10.1.1.101) receives SSH traffic.
Which two security policy rules will accomplish this configuration? (Choose two)

Untrust (Any) to Untrust (10.1.1.1) Ssh-Allow

Untrust (Any) to DMZ (1.1.1.100) Ssh-Allow

Untrust (Any) to DMZ (1.1.1.100) Web-browsing -Allow

Untrust (Any) to Untrust (10.1.1.1) Web-browsing -Allow

Question 7

A company has a pair of Palo Alto Networks firewalls configured as an Acitve/Passive High Availability (HA) pair.
What allows the firewall administrator to determine the last date a failover event occurred?

From the CLI issue use the show System log

Apply the filter subtype eq ha to the System log

Apply the filter subtype eq ha to the configuration log

Check the status of the High Availability widget on the Dashboard of the GUI

Question 8

Which three authentication factors does PAN-OS® software support for MFA (Choose three.)

Push

Pull

Okta Adaptive

Voice E.SMS

Question 9

An administrator creates an SSL decryption rule decrypting traffic on all ports. The administrator also creates a Security policy rule allowing only the applications DNS, SSL, and web-browsing.
The administrator generates three encrypted BitTorrent connections and checks the Traffic logs. There are three entries. The first entry shows traffic dropped as application Unknown. The next two entries show traffic allowed as application SSL.
Which action will stop the second and subsequent encrypted BitTorrent connections from being allowed as SSL?

Create a decryption rule matching the encrypted BitTorrent traffic with action “No-Decrypt,” and place the rule at the top of the Decryption policy.

Create a Security policy rule that matches application “encrypted BitTorrent” and place the rule at the top of the Security policy.

Disable the exclude cache option for the firewall.

Create a Decryption Profile to block traffic using unsupported cyphers, and attach the profile to the decryption rule.

Question 10

Which item enables a firewall administrator to see details about traffic that is currently active through the NGFW?

ACC

System Logs

App Scope

Session Browser

Question 11

An administrator using an enterprise PKI needs to establish a unique chain of trust to ensure mutual authentication between Panorama and the managed firewalls and Log Collectors.
How would the administrator establish the chain of trust?

Use custom certificates

Enable LDAP or RADIUS integration

Set up multi-factor authentication

Configure strong password authentication

Question 12

Which prerequisite must be satisfied before creating an SSH proxy Decryption policy?

Both SSH keys and SSL certificates must be generated.

No prerequisites are required.

SSH keys must be manually generated.

SSL certificates must be generated.

Question 13

Given the following table.
PCNSE dumps exhibit

Which configuration change on the firewall would cause it to use 10.66.24.88 as the next hop for the 192.168.93.0/30 network?

Configuring the administrative Distance for RIP to be lower than that of OSPF Int.

Configuring the metric for RIP to be higher than that of OSPF Int.

Configuring the administrative Distance for RIP to be higher than that of OSPF Ext.

Configuring the metric for RIP to be lower than that OSPF Ext.

Question 14

Which three firewall states are valid? (Choose three.)

Active

Functional

Pending

Passive

Suspended

Question 15

When configuring the firewall for packet capture, what are the valid stage types?

Receive, management , transmit , and drop

Receive , firewall, send , and non-syn

Receive management , transmit, and non-syn

Receive , firewall, transmit, and drop

Question 16

Which is not a valid reason for receiving a decrypt-cert-validation error?

Unsupported HSM

Unknown certificate status

Client authentication

Untrusted issuer

Question 17

Which CLI command displays the current management plane memory utilization?

> debug management-server show

> show running resource-monitor

> show system info

> show system resources

Question 19

When a malware-infected host attempts to resolve a known command-and-control server, the traffic matches a security policy with DNS sinhole enabled, generating a traffic log.
What will be the destination IP Address in that log entry?

The IP Address of sinkhole.paloaltonetworks.com

The IP Address of the command-and-control server

The IP Address specified in the sinkhole configuration

The IP Address of one of the external DNS servers identified in the anti-spyware database

Question 20

A network security engineer is asked to perform a Return Merchandise Authorization (RMA) on a firewall
Which part of files needs to be imported back into the replacement firewall that is using Panorama?

Device state and license files

Configuration and serial number files

Configuration and statistics files

Configuration and Large Scale VPN (LSVPN) setups file

Question 21

A web server is hosted in the DMZ, and the server is configured to listen for incoming connections only on TCP port 8080. A Security policy rule allowing access from the Trust zone to the DMZ zone need to be configured to enable we browsing access to the server.
Which application and service need to be configured to allow only cleartext web-browsing traffic to thins server on tcp/8080.

application: web-browsing; service: application-default

application: web-browsing; service: service-https

application: ssl; service: any

application: web-browsing; service: (custom with destination TCP port 8080)

Question 22

Which authentication source requires the installation of Palo Alto Networks software, other than PAN-OS 7x, to obtain a username-to-IP-address mapping?

Microsoft Active Directory

Microsoft Terminal Services

Aerohive Wireless Access Point

Palo Alto Networks Captive Portal

Question 23

An administrator is configuring an IPSec VPN to a Cisco ASA at the administrator's home and experiencing issues completing the connection. the following is the output from the command:
PCNSE dumps exhibit

What could be the cause of this problem?

The dead peer detection settings do not match between the Palo Alto Networks Firewall and the ASA.

The Proxy IDs on the Palo Alto Networks Firewall do not match the setting on the ASA.

The public IP addresses do not match for both the Palo Alto Networks Firewall and the ASA.

The shared secrets do not match between the Palo Alto Networks Firewall and the ASA.

Question 24

What can missing SSL packets when performing a packet capture on dataplane interfaces?

The packets are hardware offloaded to the offloaded processor on the dataplane

The missing packets are offloaded to the management plane CPU

The packets are not captured because they are encrypted

There is a hardware problem with offloading FPGA on the management plane

Question 25

A network security engineer needs to configure a virtual router using IPv6 addresses. Which two routing options support these addresses? (Choose two)

BGP not sure

OSPFv3

RIP

Static Route

Page: 1 / 21

Total 255 questions Full Exam Access