PCNSE paloaltonetworks.com Practice test mockup questions

PCNSE (Palo Alto) Mock-up Test – 6 (Paid) (45questions)

Please enter your email:

1. Which three file types can be forwarded to Wild1ire for analysis as a part of the basic Wild1ire service? (Choose three.)


2. Which three firewall states are valid? (Choose three.)


3. An administrator has users accessing network resources through Citrix Xen1pp 7.x.


Which User-ID mapping solution will map multiple users who are using Citrix to connect to the network and access resources?


4. What will be the egress interface if the traffic’s ingress interface is ethernet1/6 sourcing from and to the destination during the time shown in the image?


5. An administrator creates a custom application containing Layer 1 signatures. The latest application and threat dynamic update is downloaded to the same NGFW. The update contains an application that matches the same traffic signatures as the custom application.

Which application should be used to identify traffic traversing the NGFW?


6. If an administrator does not possess a website’s certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to inspect traffic when users browse to HTTP(S) websites?


7. A company wants to install a NGFW firewall between two core switches on a VLAN trunk link. They need to assign each VLAN to its own zone and to assign untagged (native) traffic to its own zone.

Which option differentiates multiple VLANs into separate zones?


8. A  client is concerned about resource exhaustion because of denial-of-service attacks against their DNS servers.

Which option will protect the individual servers?


9. Which two benefits come from assigning a Decryption Profile to a 1ecryption policy rule with a “No Decrypt” action? (Choose two.)


10. A client has a sensitive application server in their data center and is particularly concerned about resource exhaustion because of distributed denial-of-service attacks.

How can the Palo Alto Networks NGFW be configured to specifically protect this server against resource exhaustion originating from multiple IP addresses (DDoS attack)?


11. SAML SLO is supported for which two firewall features? (Choose two.)


12. Which feature can be configured on VM-Series firewalls?


13. When backing up and saving configuration files, what is achieved using only the firewall and is not available in Panorama?




15. Which logs enable a firewall administrator to determine whether a session was decrypted?


16. Which Zone Pair and Rule Type will allow a successful connection for a user on the Internet zone to a web server hosted on the DMZ zone? The web server is reachable using a 1estination NAT policy in the Palo Alto Networks firewall.


17. An administrator is defining protection settings on the Palo Alto Networks NGFW to guard against resource exhaustion. When platform utilization is considered, which steps must the administrator take to configure and apply packet buffer protection?


18. Which two methods can be configured to validate the revocation status of a certificate? (Choose two.)


19. The administrator has enabled BGP on a virtual router on the Palo Alto Networks NGFW, but new routes do not seem to be populating the virtual router.


Which two options would help the administrator troubleshoot this issue? (Choose two.)


20. Based on the following image, what is the correct path of root, intermediate, and end-user certificate?


21. An administrator has a requirement to export decrypted traffic from the Palo Alto Networks NGFW to a third- party, deep-level packet inspection appliance.


Which interface type and license feature are necessary to meet the requirement?


22. Which version of GlobalProtect supports split tunneling based on destination domain, client process, and

HTTP/HTTPS video streaming application?


23. In a virtual router, which object contains all potential routes?


24. Which CLI command can be used to export the tcpdump capture?


25. Which option enables a Palo Alto Networks NGDW administrator to schedule 1pplication and Threat updates while applying only new content-IDs to traffic?


26. Which event will happen if an administrator uses an Application Override Policy?


27. A  global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck near the User-ID agent server.

Which solution in PAN-OS® software would help in this case?


28. A client has a sensitive application server in their data center and is particularly concerned about session flooding because of denial-of-service attacks.

How can the Palo Alto Networks NGFW be configured to specifically protect this server against session floods originating from a single IP address?


29. Which operation will impact the performance of the management plane?


30. Where can an administrator see both the management plane and data plane CPU utilization in the WebUI?


31. In which two types of deployment is active/active HA configuration supported? (Choose two.)


32. The firewall identifies a popular application as an unknown-tcp.

Which two options are available to identify the application? (Choose two.)


33. Which three user authentication services can be modified to provide the Palo Alto Networks NGfW with both usernames and role names? (Choose three.)


34. Which feature can provide NGFWs with User-ID mapping information?


35. An administrator has created an SSL Decryption policy rule that decrypts SSL sessions on any port.

Which log entry can the administrator use to verify that sessions are being decrypted?


36. An administrator accidentally closed the commit window/screen before the commit was finished. Which two options could the administrator use to verify the progress or success of that commit task? (Choose two.)


37. Which feature must you configure to prevent users from accidentally submitting their corporate credentials to a phishing website?


38. A firewall administrator has been asked to configure a Palo Alto Networks NGFW to prevent against compromised hosts trying to phone-home or beacon out to external command-and-control (C2) servers.

Which Security Profile type will prevent these behaviors?


39. Which three authentication factors does PAN-OS® software support for MFA? (Choose three.)


40. Which log file can be used to identify SSL decryption failures?


41. The firewall determines if a packet is the first packet of a new session or if a packet is part of an existing session using which kind of match?


42. Which menu item enables a firewall administrator to see details about traffic that is currently active through the NGFW?


43. During the packet flow process, which two processes are performed in application identification? (Choose two.)


44. Which feature prevents the submission of corporate login information into website forms?


45. Which CLI command enables an administrator to check the CPU utilization of the dataplane?


Question 1 of 45