PCNSE paloaltonetworks.com Practice test mockup questions

PCNSE (Palo Alto) Mock-up Test – 3 (Free) (23questions)

Please enter your email:

1. Which two features can be used to tag a username so that it is included in a dynamic user group? (Choose two.)

 
 
 
 

2. Which processing order will be enabled when a Panorama administrator selects the setting “Objects defined in ancestors will take higher precedence?”

 
 
 
 

3. Which option describes the operation of the automatic commit recovery feature?

 
 
 
 

4. Which two subscriptions are available when configuring Panorama to push dynamic updates to connected devices? (Choose two.)

 
 
 
 

5. Which will be the egress interface if the traffic’s ingress interface is ethernet1/7 sourcing from 192.168.111. and to the destination 10.46.41.113?

 
 
 
 

6. An administrator Just submitted a newly found piece of spyware for WildFire analysis. The spyware passively monitors behavior without the user’s knowledge.

What is the expected verdict from WildFire?

 
 
 
 

7. In the following image from Panorama, why are some values shown in red?

 
 
 
 

8. SD-WAN is designed to support which two network topology types? (Choose two.)

 
 
 
 

9. Which is not a valid reason for receiving a decrypt-cert-validation error?

 
 
 
 

10. Which two are valid ACC Global Protect Activity tab widgets? (Choose two.)

 
 
 
 

11. Which three items are important considerations during SD-WAN configuration planning? (Choose three.)

 
 
 
 

12. Which two features does PAN-OS® software use to identify applications? (Choose two.)

 
 
 
 

13. Which three options are supported in HA Lite? (Choose three

 
 
 
 
 

14. Which Palo Alto Networks VM-Series firewall is valid?

 
 
 
 

15. Which prerequisite must be satisfied before creating an SSH proxy Decryption policy?

 
 
 
 

16. The firewall is not downloading IP addresses from MineMeld. Based on the image, what most likely is wrong?

 
 
 
 

17. Starting with PAN-OS version 9.1, application dependency information is now reported in which two new locations? (Choose two.)

 
 
 
 

18. A web server is hosted in the DMZ and the server is configured to listen for incoming connections on TCP port 434. A Security policies rules allowing access from the Trust zone to the DMZ zone needs to be configured to allow web-browsing access. The web server hosts its contents over HTTP(S). Traffic from Trust to DMZ is being decrypted with a Forward Proxy rule.

Which combination of service and application, and order of Security policy rules, needs to be configured to allow cleartext web-browsing traffic to this server on tcp/443?

 
 
 
 

19. Which three split tunnel methods are supported by a GlobalProtect Gateway? (Choose three.)

 

 

 

 

 

 

 
 
 
 
 
 

20. The certificate information displayed in the following image is for which type of certificate?

 
 
 
 

Question 1 of 20