PCNSE paloaltonetworks.com Practice test mockup questions

PCNSE (Palo Alto) Mock-up Test – 4 (Free) (21questions)

Please enter your email:

1. Which CLI command enables an administrator to view details about the firewall including uptime, PAN-OS® version, and serial number?

 
 
 
 

2. An administrator has enabled OSPF on a virtual router on the NGFW. OSPF is not adding new routes to the virtual router.

Which two options enable the administrator to troubleshoot this issue? (Choose two.)

 
 
 
 

3. If the firewall is configured for credential phishing prevention using the “Domain Credential Filter” method, which login will be detected as credential theft?

 
 
 
 

4. Which tool provides an administrator the ability to see trends in traffic over periods of time, such as threats detected in the last 30 days?

 
 
 
 

5. Which protection feature is available only in a Zone Protection Profile?

 
 
 
 

6. An administrator has configured the Palo Alto Networks NGFW’s management interface to connect to the internet through a dedicated path that does not traverse back through the NGFW itself.

Which configuration setting or step will allow the firewall to get automatic application signature updates?

 
 
 
 

7. An administrator wants multiple web servers in the DMZ to receive connections initiated from the
internet.
Traffic destined for 206.15.22.9 port 80/TCP needs to be forwarded to the server at 10.1.1.22

Based on the information shown in the image, which NAT rule will forward web-browsing traffic
correctly?

 
 
 
 

8. Which option is part of the content inspection process?

 
 
 
 

9. An administrator needs to upgrade a Palo Alto Networks NGFW to the most current version of PAN-OS® software. The firewall has internet connectivity through an Ethernet interface, but no internet connectivity from the management interface. The Security policy has the default security rules and a rule that allows all web- browsing traffic from any to any zone.

What must the administrator configure so that the PAN-OS® software can be upgraded?

 
 
 
 

10. How can a candidate or running configuration be copied to a host external from Panorama?

 
 
 
 

11. Which three authentication services can an administrator use to authenticate admins into the Palo Alto Networks NGFW without defining a corresponding admin account on the local firewall? (Choose three.)

 
 
 
 
 
 

12. An administrator creates an SSL decryption rule decrypting traffic on all ports. The administrator also creates a Security policy rule allowing only the applications DNS, SSL, and web-browsing.

The administrator generates three encrypted BitTorrent connections and checks the Traffic logs. There are three entries. The first entry shows traffic dropped as application Unknown. The next two entries show traffic allowed as application SSL.

Which action will stop the second and subsequent encrypted BitTorrent connections from being allowed as SSL?

 
 
 
 

13. Which virtual router feature determines if a specific destination IP address is reachable?

 
 
 
 

14. Which three steps will reduce the CPU utilization on the management plane? (Choose three.)

 
 
 
 
 

15. Which option would an administrator choose to define the certificate and protocol that Panorama and its managed devices use for SSL/TLS services?

 
 
 
 

16. An administrator has been asked to configure a Palo Alto Networks NGFW to provide protection against external hosts attempting to exploit a flaw in an operating system on an internal system.

Which Security Profile type will prevent this attack

 
 
 
 

17. When is the content inspection performed in the packet flow process?

 
 
 
 

18. An administrator sees several inbound sessions identified as unknown-tcp in the Traffic logs. The administrator determines that these sessions are form external users accessing the company’s proprietary accounting application. The administrator wants to reliably identify this traffic as their accounting application and to scan this traffic for threats.

Which option would achieve this result?

 
 
 
 

19. Which Security policy rule will allow an admin to block facebook chat but allow Facebook in general?

 
 
 
 

20. Starting with PAN-OS version 9.1, GlobalProtect logging information is now recorded in which firewall log?

 
 
 
 

Question 1 of 20