PCNSE paloaltonetworks.com Practice test mockup questions

PCNSE (Palo Alto) Mock-up Test – 6 (Paid) (45questions)

Please enter your email:

1. Which feature can provide NGFWs with User-ID mapping information?

 
 
 
 

2. What will be the egress interface if the traffic’s ingress interface is ethernet1/6 sourcing from 192.168.111.3 and to the destination 10.46.41.113 during the time shown in the image?

 
 
 
 

3. A client has a sensitive application server in their data center and is particularly concerned about session flooding because of denial-of-service attacks.

How can the Palo Alto Networks NGFW be configured to specifically protect this server against session floods originating from a single IP address?

 
 
 
 

4. Which option enables a Palo Alto Networks NGDW administrator to schedule 1pplication and Threat updates while applying only new content-IDs to traffic?

 
 
 
 

5. A  global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck near the User-ID agent server.

Which solution in PAN-OS® software would help in this case?

 
 
 
 

6. An administrator is defining protection settings on the Palo Alto Networks NGFW to guard against resource exhaustion. When platform utilization is considered, which steps must the administrator take to configure and apply packet buffer protection?

 
 
 
 

7. Which three user authentication services can be modified to provide the Palo Alto Networks NGfW with both usernames and role names? (Choose three.)

 
 
 
 
 
 

8. When backing up and saving configuration files, what is achieved using only the firewall and is not available in Panorama?

 
 
 
 

9. In which two types of deployment is active/active HA configuration supported? (Choose two.)

 
 
 
 

10. Which log file can be used to identify SSL decryption failures?

 
 
 
 

11. Which two benefits come from assigning a Decryption Profile to a 1ecryption policy rule with a “No Decrypt” action? (Choose two.)

 
 
 
 
 

12. The administrator has enabled BGP on a virtual router on the Palo Alto Networks NGFW, but new routes do not seem to be populating the virtual router.

 

Which two options would help the administrator troubleshoot this issue? (Choose two.)

 
 
 
 

13. An administrator has a requirement to export decrypted traffic from the Palo Alto Networks NGFW to a third- party, deep-level packet inspection appliance.

 

Which interface type and license feature are necessary to meet the requirement?

 
 
 
 

14. Which logs enable a firewall administrator to determine whether a session was decrypted?

 
 
 
 

15. If an administrator does not possess a website’s certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to inspect traffic when users browse to HTTP(S) websites?

 
 
 
 

16. A client has a sensitive application server in their data center and is particularly concerned about resource exhaustion because of distributed denial-of-service attacks.

How can the Palo Alto Networks NGFW be configured to specifically protect this server against resource exhaustion originating from multiple IP addresses (DDoS attack)?

 
 
 
 

17. Which Zone Pair and Rule Type will allow a successful connection for a user on the Internet zone to a web server hosted on the DMZ zone? The web server is reachable using a 1estination NAT policy in the Palo Alto Networks firewall.

 
 
 
 

18. An administrator has created an SSL Decryption policy rule that decrypts SSL sessions on any port.

Which log entry can the administrator use to verify that sessions are being decrypted?

 
 
 
 

19. The firewall determines if a packet is the first packet of a new session or if a packet is part of an existing session using which kind of match?

 
 
 
 

20. A firewall administrator has been asked to configure a Palo Alto Networks NGFW to prevent against compromised hosts trying to phone-home or beacon out to external command-and-control (C2) servers.

Which Security Profile type will prevent these behaviors?

 
 
 
 

21. SAML SLO is supported for which two firewall features? (Choose two.)

 
 
 
 

22. Which feature must you configure to prevent users from accidentally submitting their corporate credentials to a phishing website?

 
 
 
 

23. A  client is concerned about resource exhaustion because of denial-of-service attacks against their DNS servers.

Which option will protect the individual servers?

 
 
 
 

24. A company wants to install a NGFW firewall between two core switches on a VLAN trunk link. They need to assign each VLAN to its own zone and to assign untagged (native) traffic to its own zone.

Which option differentiates multiple VLANs into separate zones?

 
 
 
 

25. Where can an administrator see both the management plane and data plane CPU utilization in the WebUI?

 
 
 
 

26. Which event will happen if an administrator uses an Application Override Policy?

 
 
 
 

27. Which three authentication factors does PAN-OS® software support for MFA? (Choose three.)

 
 
 
 
 

28. Based on the following image, what is the correct path of root, intermediate, and end-user certificate?

 
 
 
 

29. Which three file types can be forwarded to Wild1ire for analysis as a part of the basic Wild1ire service? (Choose three.)

 
 
 
 
 
 

30. During the packet flow process, which two processes are performed in application identification? (Choose two.)

 
 
 
 

31. Which CLI command enables an administrator to check the CPU utilization of the dataplane?

 
 
 
 

32. An administrator accidentally closed the commit window/screen before the commit was finished. Which two options could the administrator use to verify the progress or success of that commit task? (Choose two.)

 
 
 
 

33. Which feature can be configured on VM-Series firewalls?

 
 
 
 

34. The firewall identifies a popular application as an unknown-tcp.

Which two options are available to identify the application? (Choose two.)

 
 
 
 

35. An administrator has users accessing network resources through Citrix Xen1pp 7.x.

 

Which User-ID mapping solution will map multiple users who are using Citrix to connect to the network and access resources?

 
 
 
 

36. An administrator creates a custom application containing Layer 1 signatures. The latest application and threat dynamic update is downloaded to the same NGFW. The update contains an application that matches the same traffic signatures as the custom application.

Which application should be used to identify traffic traversing the NGFW?

 
 
 
 

37. Which version of GlobalProtect supports split tunneling based on destination domain, client process, and

HTTP/HTTPS video streaming application?

 
 
 
 

38. In a virtual router, which object contains all potential routes?

 
 
 
 

39. Which two methods can be configured to validate the revocation status of a certificate? (Choose two.)

 
 
 
 
 

40.

 
 
 
 

41. Which CLI command can be used to export the tcpdump capture?

 
 
 
 

42. Which menu item enables a firewall administrator to see details about traffic that is currently active through the NGFW?

 
 
 
 

43. Which operation will impact the performance of the management plane?

 
 
 
 

44. Which feature prevents the submission of corporate login information into website forms?

 
 
 
 

45. Which three firewall states are valid? (Choose three.)

 
 
 
 
 

Question 1 of 45