PCNSE paloaltonetworks.com Practice test mockup questions

PCNSE (Palo Alto) Mock-up Test – 6 (Paid) (45questions)

Please enter your email:

1. What will be the egress interface if the traffic’s ingress interface is ethernet1/6 sourcing from 192.168.111.3 and to the destination 10.46.41.113 during the time shown in the image?

 
 
 
 

2. If an administrator does not possess a website’s certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to inspect traffic when users browse to HTTP(S) websites?

 
 
 
 

3. An administrator has a requirement to export decrypted traffic from the Palo Alto Networks NGFW to a third- party, deep-level packet inspection appliance.

 

Which interface type and license feature are necessary to meet the requirement?

 
 
 
 

4. A firewall administrator has been asked to configure a Palo Alto Networks NGFW to prevent against compromised hosts trying to phone-home or beacon out to external command-and-control (C2) servers.

Which Security Profile type will prevent these behaviors?

 
 
 
 

5. The administrator has enabled BGP on a virtual router on the Palo Alto Networks NGFW, but new routes do not seem to be populating the virtual router.

 

Which two options would help the administrator troubleshoot this issue? (Choose two.)

 
 
 
 

6. Which feature prevents the submission of corporate login information into website forms?

 
 
 
 

7. Which logs enable a firewall administrator to determine whether a session was decrypted?

 
 
 
 

8. In a virtual router, which object contains all potential routes?

 
 
 
 

9. A client has a sensitive application server in their data center and is particularly concerned about resource exhaustion because of distributed denial-of-service attacks.

How can the Palo Alto Networks NGFW be configured to specifically protect this server against resource exhaustion originating from multiple IP addresses (DDoS attack)?

 
 
 
 

10. A  client is concerned about resource exhaustion because of denial-of-service attacks against their DNS servers.

Which option will protect the individual servers?

 
 
 
 

11. A client has a sensitive application server in their data center and is particularly concerned about session flooding because of denial-of-service attacks.

How can the Palo Alto Networks NGFW be configured to specifically protect this server against session floods originating from a single IP address?

 
 
 
 

12. The firewall determines if a packet is the first packet of a new session or if a packet is part of an existing session using which kind of match?

 
 
 
 

13. An administrator accidentally closed the commit window/screen before the commit was finished. Which two options could the administrator use to verify the progress or success of that commit task? (Choose two.)

 
 
 
 

14. Which feature must you configure to prevent users from accidentally submitting their corporate credentials to a phishing website?

 
 
 
 

15. An administrator creates a custom application containing Layer 1 signatures. The latest application and threat dynamic update is downloaded to the same NGFW. The update contains an application that matches the same traffic signatures as the custom application.

Which application should be used to identify traffic traversing the NGFW?

 
 
 
 

16. Which Zone Pair and Rule Type will allow a successful connection for a user on the Internet zone to a web server hosted on the DMZ zone? The web server is reachable using a 1estination NAT policy in the Palo Alto Networks firewall.

 
 
 
 

17. Which three authentication factors does PAN-OS® software support for MFA? (Choose three.)

 
 
 
 
 

18. In which two types of deployment is active/active HA configuration supported? (Choose two.)

 
 
 
 

19. Which three firewall states are valid? (Choose three.)

 
 
 
 
 

20. Which three file types can be forwarded to Wild1ire for analysis as a part of the basic Wild1ire service? (Choose three.)

 
 
 
 
 
 

21. Which menu item enables a firewall administrator to see details about traffic that is currently active through the NGFW?

 
 
 
 

22. Which two methods can be configured to validate the revocation status of a certificate? (Choose two.)

 
 
 
 
 

23. During the packet flow process, which two processes are performed in application identification? (Choose two.)

 
 
 
 

24. A  global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck near the User-ID agent server.

Which solution in PAN-OS® software would help in this case?

 
 
 
 

25.

 
 
 
 

26. Which log file can be used to identify SSL decryption failures?

 
 
 
 

27. Where can an administrator see both the management plane and data plane CPU utilization in the WebUI?

 
 
 
 

28. Which feature can be configured on VM-Series firewalls?

 
 
 
 

29. Which option enables a Palo Alto Networks NGDW administrator to schedule 1pplication and Threat updates while applying only new content-IDs to traffic?

 
 
 
 

30. Which feature can provide NGFWs with User-ID mapping information?

 
 
 
 

31. Which CLI command enables an administrator to check the CPU utilization of the dataplane?

 
 
 
 

32. An administrator is defining protection settings on the Palo Alto Networks NGFW to guard against resource exhaustion. When platform utilization is considered, which steps must the administrator take to configure and apply packet buffer protection?

 
 
 
 

33. An administrator has users accessing network resources through Citrix Xen1pp 7.x.

 

Which User-ID mapping solution will map multiple users who are using Citrix to connect to the network and access resources?

 
 
 
 

34. When backing up and saving configuration files, what is achieved using only the firewall and is not available in Panorama?

 
 
 
 

35. An administrator has created an SSL Decryption policy rule that decrypts SSL sessions on any port.

Which log entry can the administrator use to verify that sessions are being decrypted?

 
 
 
 

36. Which CLI command can be used to export the tcpdump capture?

 
 
 
 

37. SAML SLO is supported for which two firewall features? (Choose two.)

 
 
 
 

38. The firewall identifies a popular application as an unknown-tcp.

Which two options are available to identify the application? (Choose two.)

 
 
 
 

39. Which event will happen if an administrator uses an Application Override Policy?

 
 
 
 

40. Which two benefits come from assigning a Decryption Profile to a 1ecryption policy rule with a “No Decrypt” action? (Choose two.)

 
 
 
 
 

41. A company wants to install a NGFW firewall between two core switches on a VLAN trunk link. They need to assign each VLAN to its own zone and to assign untagged (native) traffic to its own zone.

Which option differentiates multiple VLANs into separate zones?

 
 
 
 

42. Which three user authentication services can be modified to provide the Palo Alto Networks NGfW with both usernames and role names? (Choose three.)

 
 
 
 
 
 

43. Which operation will impact the performance of the management plane?

 
 
 
 

44. Based on the following image, what is the correct path of root, intermediate, and end-user certificate?

 
 
 
 

45. Which version of GlobalProtect supports split tunneling based on destination domain, client process, and

HTTP/HTTPS video streaming application?

 
 
 
 

Question 1 of 45