Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Palo Alto Networks PCNSE

Palo Alto Networks PCNSE Exam Practice Questions (P. 2)

  • Full Access (619 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #11
Which method will dynamically register tags on the Palo Alto Networks NGFW?
  1. A
    Restful API or the VMware API on the firewall or on the User-ID agent or the ready-only domain controller (RODC)
  2. B
    Restful API or the VMware API on the firewall or on the User-ID agent
  3. C
    XML API or the VMware API on the firewall or on the User-ID agent or the CLI
  4. D
    XML API or the VM Monitoring agent on the NGFW or on the User-ID agent

Correct Answer:
D
Reference:
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/policy/register-ip-addresses-and-tags-dynamically

Question #12
How does an administrator schedule an Applications and Threats dynamic update while delaying installation of the update for a certain amount of time?
  1. A
    Configure the option for ג€Thresholdג€.
  2. B
    Disable automatic updates during weekdays.
  3. C
    Automatically ג€download onlyג€ and then install Applications and Threats later, after the administrator approves the update.
  4. D
    Automatically ג€download and installג€ but with the ג€disable new applicationsג€ option used.

Correct Answer:
A
chatbot-img GPT-4o - Answer
The correct approach to scheduling an Applications and Threats dynamic update while introducing a delay in the installation is by setting up a threshold that dictates how long the system should wait before proceeding with the installation after the update has been downloaded. This allows an administrator to configure an automatic delay, ensuring that updates are not immediately applied, providing a window to address any potential compatibility or security concerns. This setup can be crucial for maintaining stability and security in sensitive or high-stakes environments.

Question #13
To connect the Palo Alto Networks firewall to AutoFocus, which setting must be enabled?
  1. A
    Device>Setup>Services>AutoFocus
  2. B
    Device> Setup>Management >AutoFocus
  3. C
    AutoFocus is enabled by default on the Palo Alto Networks NGFW
  4. D
    Device>Setup>WildFire>AutoFocus
  5. E
    Device>Setup> Management> Logging and Reporting Settings

Correct Answer:
B
Reference:
https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/getting-started/enable-autofocus-threat-intelligence

Question #14
An administrator encountered problems with inbound decryption. Which option should the administrator investigate as part of triage?
  1. A
    Security policy rule allowing SSL to the target server
  2. B
    Firewall connectivity to a CRL
  3. C
    Root certificate imported into the firewall with ג€Trustג€ enabled
  4. D
    Importation of a certificate from an HSM

Correct Answer:
A
Reference:
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/decryption/configure-ssl-inbound-inspection

Question #15
Which two virtualization platforms officially support the deployment of Palo Alto Networks VM-Series firewalls? (Choose two.)
  1. A
    Red Hat Enterprise Virtualization (RHEV)
  2. B
    Kernel Virtualization Module (KVM)
  3. C
    Boot Strap Virtualization Module (BSVM)
  4. D
    Microsoft Hyper-V

Correct Answer:
BD
Reference:
https://www.paloaltonetworks.com/products/secure-the-network/virtualized-next-generation-firewall/vm-series

Question #16
Which User-ID method maps IP addresses to usernames for users connecting through an 802.1x-enabled wireless network device that has no native integration with PAN-OSֲ® software?
  1. A
    XML API
  2. B
    Port Mapping
  3. C
    Client Probing
  4. D
    Server Monitoring

Correct Answer:
D
Reference:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/user-id/map-ip-addresses-to-users

Question #17
Decrypted packets from the website https://www.microsoft.com will appear as which application and service within the Traffic log?
  1. A
    web-browsing and 443
  2. B
    SSL and 80
  3. C
    SSL and 443
  4. D
    web-browsing and 80

Correct Answer:
A
chatbot-img GPT-4o - Answer
The correct answer is indeed A. Initially, traffic to https://www.microsoft.com is identified as SSL due to its encrypted nature on port 443. Once decrypted by the firewall's SSL decryption feature, the application is recognized as web-browsing while still using port 443. This phenomenon is referred to as application shift, where post-decryption, the true nature of the application is revealed without altering the service port. Thus, decrypted packets from the website appear as "web-browsing" and continue to use port 443 in the Traffic log. This detailed explanation aligns perfectly with how Palo Alto Networks products handle encrypted traffic.

Question #18
Which PAN-OSֲ® policy must you configure to force a user to provide additional credentials before he is allowed to access an internal application that contains highly-sensitive business data?
  1. A
    Security policy
  2. B
    Decryption policy
  3. C
    Authentication policy
  4. D
    Application Override policy

Correct Answer:
C
chatbot-img GPT-4o - Answer
To properly control access to sensitive internal applications, configuring an Authentication policy on PAN-OS is essential. This policy mandates users to authenticate themselves whenever they try to access specified services or applications. By setting up rules within this policy, administrators can specify the required authentication method, such as passwords, biometric verification, or multi-factor authentication, effectively safeguarding sensitive data by ensuring that only authorized users gain access.

Question #19
A Security policy rule is configured with a Vulnerability Protection Profile and an action of `Deny`.
Which action will this cause configuration on the matched traffic?
  1. A
    The configuration is invalid. The Profile Settings section will be grayed out when the Action is set to ג€Denyג€.
  2. B
    The configuration will allow the matched session unless a vulnerability signature is detected. The ג€Denyג€ action will supersede the per-severity defined actions defined in the associated Vulnerability Protection Profile.
  3. C
    The configuration is invalid. It will cause the firewall to skip this Security policy rule. A warning will be displayed during a commit.
  4. D
    The configuration is valid. It will cause the firewall to deny the matched sessions. Any configured Security Profiles have no effect if the Security policy rule action is set to ג€Denyג€.

Correct Answer:
D
Reference:
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/policy/security-policy/security-policy-actions

Question #20
A user's traffic traversing a Palo Alto Networks NGFW sometimes can reach http://www.company.com. At other times the session times out. The NGFW has been configured with a PBF rule that the user's traffic matches when it goes to http://www.company.com.
How can the firewall be configured automatically disable the PBF rule if the next hop goes down?
  1. A
    Create and add a Monitor Profile with an action of Wait Recover in the PBF rule in question.
  2. B
    Create and add a Monitor Profile with an action of Fail Over in the PBF rule in question.
  3. C
    Enable and configure a Link Monitoring Profile for the external interface of the firewall.
  4. D
    Configure path monitoring for the next hop gateway on the default route in the virtual router.

Correct Answer:
B
Reference:
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-web-interface-help/network/network-network-profiles-monitor#

Previous Questions Next Questions

All Pages