PCNSE paloaltonetworks.com Practice test mockup questions

PCNSE (Palo Alto) Mock-up Test – 6 (Paid) (45questions)

Please enter your email:

1. Which version of GlobalProtect supports split tunneling based on destination domain, client process, and

HTTP/HTTPS video streaming application?


2. SAML SLO is supported for which two firewall features? (Choose two.)


3. When backing up and saving configuration files, what is achieved using only the firewall and is not available in Panorama?


4. Which CLI command enables an administrator to check the CPU utilization of the dataplane?


5. Which Zone Pair and Rule Type will allow a successful connection for a user on the Internet zone to a web server hosted on the DMZ zone? The web server is reachable using a 1estination NAT policy in the Palo Alto Networks firewall.


6. Which two benefits come from assigning a Decryption Profile to a 1ecryption policy rule with a “No Decrypt” action? (Choose two.)


7. Which three file types can be forwarded to Wild1ire for analysis as a part of the basic Wild1ire service? (Choose three.)


8. Which log file can be used to identify SSL decryption failures?


9. An administrator is defining protection settings on the Palo Alto Networks NGFW to guard against resource exhaustion. When platform utilization is considered, which steps must the administrator take to configure and apply packet buffer protection?


10. If an administrator does not possess a website’s certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to inspect traffic when users browse to HTTP(S) websites?


11. Where can an administrator see both the management plane and data plane CPU utilization in the WebUI?


12. An administrator has users accessing network resources through Citrix Xen1pp 7.x.


Which User-ID mapping solution will map multiple users who are using Citrix to connect to the network and access resources?


13. The administrator has enabled BGP on a virtual router on the Palo Alto Networks NGFW, but new routes do not seem to be populating the virtual router.


Which two options would help the administrator troubleshoot this issue? (Choose two.)


14. An administrator has a requirement to export decrypted traffic from the Palo Alto Networks NGFW to a third- party, deep-level packet inspection appliance.


Which interface type and license feature are necessary to meet the requirement?


15. Based on the following image, what is the correct path of root, intermediate, and end-user certificate?


16. Which option enables a Palo Alto Networks NGDW administrator to schedule 1pplication and Threat updates while applying only new content-IDs to traffic?




18. A client has a sensitive application server in their data center and is particularly concerned about session flooding because of denial-of-service attacks.

How can the Palo Alto Networks NGFW be configured to specifically protect this server against session floods originating from a single IP address?


19. Which three user authentication services can be modified to provide the Palo Alto Networks NGfW with both usernames and role names? (Choose three.)


20. In which two types of deployment is active/active HA configuration supported? (Choose two.)


21. Which CLI command can be used to export the tcpdump capture?


22. Which feature can be configured on VM-Series firewalls?


23. What will be the egress interface if the traffic’s ingress interface is ethernet1/6 sourcing from and to the destination during the time shown in the image?


24. Which three authentication factors does PAN-OS® software support for MFA? (Choose three.)


25. An administrator has created an SSL Decryption policy rule that decrypts SSL sessions on any port.

Which log entry can the administrator use to verify that sessions are being decrypted?


26. Which operation will impact the performance of the management plane?


27. In a virtual router, which object contains all potential routes?


28. Which three firewall states are valid? (Choose three.)


29. The firewall identifies a popular application as an unknown-tcp.

Which two options are available to identify the application? (Choose two.)


30. Which menu item enables a firewall administrator to see details about traffic that is currently active through the NGFW?


31. A  global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck near the User-ID agent server.

Which solution in PAN-OS® software would help in this case?


32. Which feature can provide NGFWs with User-ID mapping information?


33. The firewall determines if a packet is the first packet of a new session or if a packet is part of an existing session using which kind of match?


34. A  client is concerned about resource exhaustion because of denial-of-service attacks against their DNS servers.

Which option will protect the individual servers?


35. Which two methods can be configured to validate the revocation status of a certificate? (Choose two.)


36. During the packet flow process, which two processes are performed in application identification? (Choose two.)


37. An administrator accidentally closed the commit window/screen before the commit was finished. Which two options could the administrator use to verify the progress or success of that commit task? (Choose two.)


38. An administrator creates a custom application containing Layer 1 signatures. The latest application and threat dynamic update is downloaded to the same NGFW. The update contains an application that matches the same traffic signatures as the custom application.

Which application should be used to identify traffic traversing the NGFW?


39. Which feature prevents the submission of corporate login information into website forms?


40. Which event will happen if an administrator uses an Application Override Policy?


41. Which logs enable a firewall administrator to determine whether a session was decrypted?


42. Which feature must you configure to prevent users from accidentally submitting their corporate credentials to a phishing website?


43. A firewall administrator has been asked to configure a Palo Alto Networks NGFW to prevent against compromised hosts trying to phone-home or beacon out to external command-and-control (C2) servers.

Which Security Profile type will prevent these behaviors?


44. A client has a sensitive application server in their data center and is particularly concerned about resource exhaustion because of distributed denial-of-service attacks.

How can the Palo Alto Networks NGFW be configured to specifically protect this server against resource exhaustion originating from multiple IP addresses (DDoS attack)?


45. A company wants to install a NGFW firewall between two core switches on a VLAN trunk link. They need to assign each VLAN to its own zone and to assign untagged (native) traffic to its own zone.

Which option differentiates multiple VLANs into separate zones?


Question 1 of 45