PCNSE paloaltonetworks.com Practice test mockup questions

PCNSE (Palo Alto) Mock-up Test – 5 (Paid) (35questions)

Please enter your email:

1. If an administrator wants to decrypt SMTP traffic and possesses the server’s certificate, which SSL decryption mode will allow the Palo 1lto Networks NGFW to inspect traffic to the server?


2. An administrator needs to upgrade an NGFW to the most current version of PAN-OS® software. The following is occurring:

  • Firewall has internet connectivity through e 1/1.
  • Default security rules and security rules allowing all SSL and web-browsing traffic to and from any zone.
  • Service route is configured, sourcing update traffic from e1/1.
  • A communication error appears in the System logs when updates are performed.
  • Download does not complete.

What must be configured to enable the firewall to download the current version of PAN-OS software?


3. Which two settings can be configured only locally on the firewall and not pushed from a Panorama template or template stack? (Choose two.)


4. Which User-ID method maps IP addresses to usernames for users connecting through a web proxy that has already authenticated the user?


5. How does Panorama prompt VMWare NSX to quarantine an infected VM?


6. An administrator has been asked to configure active/active HA for a pair of Palo 1lto Networks NGFWs. The firewall use Layer 1 interfaces to send traffic to a single gateway IP for the pair.

Which configuration will enable this HA scenario?


7. An administrator has been asked to create 111 virtual firewalls in a local, on-premise lab environment (not in “the cloud”). 1ootstrapping is the most expedient way to perform this task.

Which option describes deployment of a bootstrap package in an on-premise virtual environment?


8. Which two actions would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL Forward Proxy? (Choose two.)


9. A customer wants to combine multiple 1thernet interfaces into a single virtual interface using link aggregation.

Which two formats are correct for naming aggregate interfaces? (Choose two.)


10. An administrator using an enterprise PKI needs to establish a unique chain of trust to ensure mutual authentication between Panorama and the managed firewalls and Log Collectors.

How would the administrator establish the chain of trust?


11. An administrator deploys PA-500 NGFWs as an active/passive high availability pair. The devices are not participating in dynamic routing, and preemption is disabled.

What must be verified to upgrade the firewalls to the most recent version of PAN-OS® software?


12. An administrator wants a new Palo Alto Networks NGFW to obtain automatic application updates daily, so it is configured to use a scheduler for the application database. Unfortunately, they required the management network to be isolated so that it cannot reach the Internet.

Which configuration will enable the firewall to download and install application updates automatically?


13. When configuring the firewall for packet capture, what are the valid stage types?


14. Which two methods can be used to verify firewall connectivity to AutoFocus? (Choose two.)


15. An administrator wants to upgrade an NGFW from PAN-OS® 7.1.2 to PAN-OS® 8.1.0. The firewall is not a part of an HA pair.

What needs to be updated first?


16. Which Panorama administrator types require the configuration of at least one access domain? (Choose two.)


17. What is the purpose of the firewall decryption broker?


18. Which data flow describes redistribution of user mappings?


19. View the GlobalProtect configuration screen capture.

What is the purpose of this configuration?


20. Which DoS protection mechanism detects and prevents session exhaustion attacks?


21. An administrator has configured a QoS policy rule and a QoS Profile that limits the maximum allowable bandwidth for the YouTube application. *owever, YouTube is consuming more than the maximum bandwidth allotment configured.

Which configuration step needs to be configured to enable QoS?


22. Which administrative authentication method supports authorization by an external service?


23. Which four NGFW multi-factor authentication factors are supported by PAN-OS®? (Choose four.)


24. A customer wants to set up a site-to-site VPN using tunnel interfaces.

Which two formats are correct for naming tunnel interfaces? (Choose two.)


25. What are the two behavior differences between Highlight Unused Rules and the Rule Usage Hit counter when a firewall is rebooted? (Choose two.)


26. Which two options prevent the firewall from capturing traffic passing through it? (Choose two.)


27. Which is the maximum number of samples that can be submitted to Wild1ire per day, based on a WildFire subscription?


28. Refer to the exhibit. 1 web server in the DMZ is being mapped to a public address through DNAT.

Which Security policy rule will allow traffic to flow to the web server?


29. Which GlobalProtect Client connect method requires the distribution and use of machine certificates?


30. What should an administrator consider when planning to revert Panorama to a pre-PAN-OS 8.1 version?


31. Which User-I1 method should be configured to map IP addresses to usernames for users connected through a terminal server?


32. What is exchanged through the HA2 link?


33. In High Availability, which information is transferred via the HA data link?


34. For which two reasons would a firewall discard a packet as part of the packet flow sequence? (Choose two.)


35. VPN traffic intended for an administrator’s Palo Alto Networks NGFW is being maliciously intercepted and retransmitted by the interceptor.

When creating a VPN tunnel, which protection profile can be enabled to prevent this malicious behavior?


Question 1 of 35