PCNSE paloaltonetworks.com Practice test mockup questions

PCNSE (Palo Alto) Mock-up Test – 1 (Free) (20questions)

Please enter your email:

1. A web server is hosted in the DMZ, and the server is configured to listen for incoming connections only on TCP port 8080. A Security policy rule allowing access from the Trust zone to the DMZ zone need to be configured to enable we browsing access to the server.

Which application and service need to be configured to allow only cleartext web-browsing traffic to thins server on tcp/8080?

 
 
 
 

2. An administrator pushes a new configuration from Panorama to a pair of firewalls that are configured as an active/passive HA pair.

Which NGFW receives the configuration from Panorama?

 
 
 
 

3. In the image, what caused the commit warning?

 
 
 
 

4. To connect the Palo Alto Networks firewall to AutoFocus, which setting must be enabled?

 
 
 
 
 

5. A customer has an application that is being identified as unknown-tep for one of their custom PostgreSQL database connections.

Which two configuration options can be used to correctly categorize their custom database application? (Choose two.)

 
 
 
 

6. An administrator has left a firewall to use the default port for all management services. Which three functions are
performed by the dataplane? (Choose three.)

 
 
 
 
 

7. How would an administrator monitor/capture traffic on the management interface of the Palo Alto Networks NGFW?

 
 
 
 

8. An administrator needs to implement an NGFW between their DMZ and Core network. EIGRP Routing between the two environments is required.

Which interface type would support this business requirement?

 
 
 
 

9. Decrypted packets from the website https://www.microsoft.com will appear as which application and service within the Traffic log?

 
 
 
 

10.

 
 
 
 

11. A company needs to preconfigure firewalls to be sent to remote sites with the least amount of
preconfiguration. Once deployed, each firewall must establish secure tunnels back to multiple regional data centers to include the future regional data centers.

Which VPN configuration would adapt to changes when deployed to the future site?

 
 
 
 

12. An administrator needs to determine why users on the trust zone cannot reach certain websites. The only information available is shown on the following image.

Which configuration change should the administrator make?

 
 
 
 
 

13. A customer wants to set up a VLAN interface for a Layer 2 Ethernet port.
Which two mandatory options are used to configure a VL1N interface? (Choose two.)

 
 
 
 

14. When configuring a GlobalProtect Portal, what is the purpose of specifying an Authentication Profile?

 
 
 
 

15. Which two virtualization platforms officially support the deployment of Palo Alto Networks VM-Series firewalls? (Choose two.)

 
 
 
 

16. Which method will dynamically register tags on the Palo Alto Networks NGFW?

 
 
 
 

17. A Palo Alto Networks NGFW just submitted a file to WildFire for analysis. Assume a 5-minute window for analysis. The firewall is configured to check for verdicts every 5 minutes.

How quickly will the firewall receive back a verdict?

 
 
 
 

18. A session in the Traffic log is reporting the application as “incomplete.”

What does “incomplete” mean?

 
 
 
 

19. A Security policy rule is configured with a Vulnerability Protection Profile and an action of “Deny”.
Which action will this cause configuration on the matched traffic?

 
 
 
 

20. What are two benefits of nested device groups in Panorama? (Choose two.)

 
 
 
 

Question 1 of 20