PCNSE paloaltonetworks.com Practice test mockup questions

PCNSE (Palo Alto) Mock-up Test – 3 (Free) (23questions)

Please enter your email:

1. The firewall is not downloading IP addresses from MineMeld. Based on the image, what most likely is wrong?

 
 
 
 

2. Which will be the egress interface if the traffic’s ingress interface is ethernet1/7 sourcing from 192.168.111. and to the destination 10.46.41.113?

 
 
 
 

3. Which three items are important considerations during SD-WAN configuration planning? (Choose three.)

 
 
 
 

4. In the following image from Panorama, why are some values shown in red?

 
 
 
 

5. Which two subscriptions are available when configuring Panorama to push dynamic updates to connected devices? (Choose two.)

 
 
 
 

6. Which two features does PAN-OS® software use to identify applications? (Choose two.)

 
 
 
 

7. Which option describes the operation of the automatic commit recovery feature?

 
 
 
 

8. SD-WAN is designed to support which two network topology types? (Choose two.)

 
 
 
 

9. Which two are valid ACC Global Protect Activity tab widgets? (Choose two.)

 
 
 
 

10. Which prerequisite must be satisfied before creating an SSH proxy Decryption policy?

 
 
 
 

11. Which two features can be used to tag a username so that it is included in a dynamic user group? (Choose two.)

 
 
 
 

12. Which processing order will be enabled when a Panorama administrator selects the setting “Objects defined in ancestors will take higher precedence?”

 
 
 
 

13. A web server is hosted in the DMZ and the server is configured to listen for incoming connections on TCP port 434. A Security policies rules allowing access from the Trust zone to the DMZ zone needs to be configured to allow web-browsing access. The web server hosts its contents over HTTP(S). Traffic from Trust to DMZ is being decrypted with a Forward Proxy rule.

Which combination of service and application, and order of Security policy rules, needs to be configured to allow cleartext web-browsing traffic to this server on tcp/443?

 
 
 
 

14. Which is not a valid reason for receiving a decrypt-cert-validation error?

 
 
 
 

15. An administrator Just submitted a newly found piece of spyware for WildFire analysis. The spyware passively monitors behavior without the user’s knowledge.

What is the expected verdict from WildFire?

 
 
 
 

16. Which three split tunnel methods are supported by a GlobalProtect Gateway? (Choose three.)

 

 

 

 

 

 

 
 
 
 
 
 

17. Which three options are supported in HA Lite? (Choose three

 
 
 
 
 

18. The certificate information displayed in the following image is for which type of certificate?

 
 
 
 

19. Starting with PAN-OS version 9.1, application dependency information is now reported in which two new locations? (Choose two.)

 
 
 
 

20. Which Palo Alto Networks VM-Series firewall is valid?

 
 
 
 

Question 1 of 20