Updated Nov-2021 Test Engine or PDF for the Palo Alto Networks PCNSE test to help you quickly prepare for the Palo Alto Networks exam!
Full PCNSE Practice Test and 363 unique questions with explanations waiting just for you, get it now!
NEW QUESTION 64
How are IPV6 DNS queries configured to user interface ethernet1/3?
- A. Device > Setup > Services
- B. Network > Interface Mgrnt
- C. Network > Virtual Router > DNS Interface
- D. Objects > CustomerObjects > DNS
Answer: A
NEW QUESTION 65
Which PAN-OS policy must you configure to force a user to provide additional credentials before he is allowed to access an internal application that contains highly-sensitive business data?
- A. Decryption policy
- B. Application Override policy
- C. Authentication policy
- D. Security policy
Answer: C
NEW QUESTION 66
Which three fields can be included in a pcap filter? (Choose three)
- A. Egress interface
- B. Ingress interface
- C. Source IP
- D. Rule number
- E. Destination IP
Answer: B,C,E
NEW QUESTION 67
Based on the following image,
what is the correct path of root, intermediate, and end-user certificate?
- A. Symantec > VeriSign > Palo Alto Networks
- B. VeriSign > Palo Alto Networks > Symantec
- C. VeriSign > Symantec > Palo Alto Networks
- D. Palo Alto Networks > Symantec > VeriSign
Answer: A
NEW QUESTION 68
Which feature prevents the submission of corporate login information into website forms?
- A. Data filtering
- B. User-ID
- C. Credential phishing prevention
- D. File blocking
Answer: C
Explanation:
Reference:
"Credential phishing prevention works by scanning username and password submissions to websites and comparing those submissions against valid corporate credentials. You can choose what websites you want to either allow, alert on, or block corporate credential submissions to based on the URL category of the website. Alternatively, you can present a page that warns users against submitting credentials to sites classified in certain URL categories. This gives you the opportunity to educate users against reusing corporate credentials, even on legitimate, non-phishing sites. In the event that corporate credentials are compromised, this feature allows you to identify the user who submitted credentials so that you can remediate."
NEW QUESTION 69
Which two actions are required to make Microsoft Active Directory users appear in a firewall traffic log? (Choose two.)
- A. Run the User-ID Agent using an Active Directory account that has "event log viewer" permissions
- B. Run the User-ID Agent using an Active Directory account that has "domain administrator" permissions
- C. Configure a RADIUS server profile to point to a domain controller
- D. Enable User-ID on the zone object for the source zone
- E. Enable User-ID on the zone object for the destination zone
Answer: A,D
NEW QUESTION 70
An administrator needs to determine why users on the trust zone cannot reach certain websites. The only information available is shown on the following image.
Which configuration change should the administrator make?
A:
B:
C:
D:
E:
- A. Option D
- B. Option A
- C. Option E
- D. Option C
- E. Option B
Answer: E
NEW QUESTION 71
An administrator needs to upgrade an NGFW to the most current version of PAN-OSĀ® software. The following is occurring:
* Firewall has Internet connectivity through e1/1.
* Default security rules and security rules allowing all SSL and web-browsing traffic to and from any zone.
* Service route is configured, sourcing update traffic from e1/1.
* A communication error appears in the System logs when updates are performed.
* Download does not complete.
What must be configured to enable the firewall to download the current version of PAN-OS software?
- A. static route pointing application PaloAlto-updates to the update servers
- B. Security policy rule allowing PaloAlto-updates as the application
- C. scheduler for timed downloads of PAN-OS software
- D. DNS settings for the firewall to use for resolution
Answer: B
NEW QUESTION 72
Refer to exhibit.
An organization has Palo Alto Networks NGFWs that send logs to remote monitoring and security management platforms. The network team has reported excessive traffic on the corporate WAN.
How could the Palo Alto Networks NGFW administrator reduce WAN traffic while maintaining support for all existing monitoring platforms?
- A. Any configuration on an M-500 would address the insufficient bandwidth concerns.
- B. Configure log compression and optimization features on all remote firewalls.
- C. Forward logs from firewalls only to Panorama and have Panorama forward logs to other external services.
- D. Forward logs from external sources to Panorama for correlation, and from Panorama send them to the NGFW.
Answer: B
NEW QUESTION 73
Which three authentication services can an administrator use to authenticate admins into the Palo Alto
Networks NGFW without defining a corresponding admin account on the local firewall? (Choose three.)
- A. Kerberos
- B. PAP
- C. LDAP
- D. RADIUS
- E. TACACS+
- F. SAML
Answer: A,C,F
NEW QUESTION 74
In order to route traffic between layer 3 interfaces on the PAN firewall you need:
- A. Vwire
- B. VLAN
- C. Virtual Router
- D. Security Profile
Answer: C
NEW QUESTION 75
The certificate information displayed in the following image is for which type of certificate?
Exhibit:
- A. Self-Signed Root CA certificate
- B. Forward Trust certificate
- C. Public CA signed certificate
- D. Web Server certificate
Answer: A
NEW QUESTION 76
Refer to the exhibit.
An administrator cannot see any of the Traffic logs from the Palo Alto Networks NGFW on Panorama. The configuration problem seems to be on the firewall side. Where is the best place on the Palo Alto Networks NGFW to check whether the configuration is correct?
A)
B)
C)
D)
- A. Option D
- B. Option B
- C. Option A
- D. Option C
Answer: A
Explanation:
Explanation
https://docs.paloaltonetworks.com/panorama/8-1/panorama-admin/manage-log-collection/configure-log-forward
NEW QUESTION 77
Which CLI command is used to simulate traffic going through the firewall and determine which Security policy rule, NAT translation, static route, or PBF rule will be triggered by the traffic?
- A. test
- B. find
- C. check
- D. sim
Answer: A
Explanation:
Reference:
http://www.shanekillen.com/2014/02/palo-alto-useful-cli-commands.html
NEW QUESTION 78
What happens when en A P firewall cluster synchronies IPsec tunnel secunty associations (SAs)?
- A. Phase 1 and Phase 2 SAs are synchronized over HA2 links
- B. Phase 2 SAs are synchronized over HA2 finks
- C. Phase 1 and Phase 2 SAs are synchronized over HA3 links
- D. Phase 1 SAs are synchronized over HA1 links
Answer: B
NEW QUESTION 79
......
Get Latest PCNSE Dumps Exam Questions: https://drive.google.com/open?id=1vJIq5Q9W9b7bzhznfzJRbBoMzugE0N4s
Full PCNSE Practice Test and 363 unique questions with explanations waiting just for you, get it now: https://www.practicevce.com/Palo-Alto-Networks/PCNSE-practice-exam-dumps.html