PCNSE paloaltonetworks.com Practice test mockup questions

PCNSE (Palo Alto) Mock-up Test – 6 (Paid) (45questions)

Please enter your email:

1. The administrator has enabled BGP on a virtual router on the Palo Alto Networks NGFW, but new routes do not seem to be populating the virtual router.


Which two options would help the administrator troubleshoot this issue? (Choose two.)


2. Which logs enable a firewall administrator to determine whether a session was decrypted?


3. A firewall administrator has been asked to configure a Palo Alto Networks NGFW to prevent against compromised hosts trying to phone-home or beacon out to external command-and-control (C2) servers.

Which Security Profile type will prevent these behaviors?


4. Which version of GlobalProtect supports split tunneling based on destination domain, client process, and

HTTP/HTTPS video streaming application?


5. An administrator has a requirement to export decrypted traffic from the Palo Alto Networks NGFW to a third- party, deep-level packet inspection appliance.


Which interface type and license feature are necessary to meet the requirement?


6. Which menu item enables a firewall administrator to see details about traffic that is currently active through the NGFW?


7. A client has a sensitive application server in their data center and is particularly concerned about resource exhaustion because of distributed denial-of-service attacks.

How can the Palo Alto Networks NGFW be configured to specifically protect this server against resource exhaustion originating from multiple IP addresses (DDoS attack)?


8. In which two types of deployment is active/active HA configuration supported? (Choose two.)


9. If an administrator does not possess a website’s certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to inspect traffic when users browse to HTTP(S) websites?


10. In a virtual router, which object contains all potential routes?


11. Which Zone Pair and Rule Type will allow a successful connection for a user on the Internet zone to a web server hosted on the DMZ zone? The web server is reachable using a 1estination NAT policy in the Palo Alto Networks firewall.


12. An administrator creates a custom application containing Layer 1 signatures. The latest application and threat dynamic update is downloaded to the same NGFW. The update contains an application that matches the same traffic signatures as the custom application.

Which application should be used to identify traffic traversing the NGFW?


13. An administrator has users accessing network resources through Citrix Xen1pp 7.x.


Which User-ID mapping solution will map multiple users who are using Citrix to connect to the network and access resources?


14. Based on the following image, what is the correct path of root, intermediate, and end-user certificate?


15. A  client is concerned about resource exhaustion because of denial-of-service attacks against their DNS servers.

Which option will protect the individual servers?


16. An administrator has created an SSL Decryption policy rule that decrypts SSL sessions on any port.

Which log entry can the administrator use to verify that sessions are being decrypted?


17. A  global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck near the User-ID agent server.

Which solution in PAN-OS® software would help in this case?


18. The firewall identifies a popular application as an unknown-tcp.

Which two options are available to identify the application? (Choose two.)


19. During the packet flow process, which two processes are performed in application identification? (Choose two.)


20. Which two methods can be configured to validate the revocation status of a certificate? (Choose two.)


21. Which two benefits come from assigning a Decryption Profile to a 1ecryption policy rule with a “No Decrypt” action? (Choose two.)


22. Which three firewall states are valid? (Choose three.)


23. Which feature prevents the submission of corporate login information into website forms?


24. What will be the egress interface if the traffic’s ingress interface is ethernet1/6 sourcing from and to the destination during the time shown in the image?


25. Where can an administrator see both the management plane and data plane CPU utilization in the WebUI?


26. The firewall determines if a packet is the first packet of a new session or if a packet is part of an existing session using which kind of match?


27. Which log file can be used to identify SSL decryption failures?


28. Which option enables a Palo Alto Networks NGDW administrator to schedule 1pplication and Threat updates while applying only new content-IDs to traffic?


29. A client has a sensitive application server in their data center and is particularly concerned about session flooding because of denial-of-service attacks.

How can the Palo Alto Networks NGFW be configured to specifically protect this server against session floods originating from a single IP address?


30. Which CLI command enables an administrator to check the CPU utilization of the dataplane?


31. Which feature can provide NGFWs with User-ID mapping information?


32. When backing up and saving configuration files, what is achieved using only the firewall and is not available in Panorama?


33. Which feature must you configure to prevent users from accidentally submitting their corporate credentials to a phishing website?


34. A company wants to install a NGFW firewall between two core switches on a VLAN trunk link. They need to assign each VLAN to its own zone and to assign untagged (native) traffic to its own zone.

Which option differentiates multiple VLANs into separate zones?


35. Which operation will impact the performance of the management plane?


36. Which CLI command can be used to export the tcpdump capture?


37. Which three user authentication services can be modified to provide the Palo Alto Networks NGfW with both usernames and role names? (Choose three.)


38. An administrator accidentally closed the commit window/screen before the commit was finished. Which two options could the administrator use to verify the progress or success of that commit task? (Choose two.)


39. Which event will happen if an administrator uses an Application Override Policy?


40. Which three file types can be forwarded to Wild1ire for analysis as a part of the basic Wild1ire service? (Choose three.)


41. An administrator is defining protection settings on the Palo Alto Networks NGFW to guard against resource exhaustion. When platform utilization is considered, which steps must the administrator take to configure and apply packet buffer protection?


42. Which three authentication factors does PAN-OS® software support for MFA? (Choose three.)


43. Which feature can be configured on VM-Series firewalls?


44. SAML SLO is supported for which two firewall features? (Choose two.)




Question 1 of 45