Palo Alto Networks PCNSE Palo Alto Networks Certified Network Security Engineer Exam Online Training
Palo Alto Networks PCNSE Online Training
The questions for PCNSE were last updated at Apr 24,2024.
- Exam Code: PCNSE
- Exam Name: Palo Alto Networks Certified Network Security Engineer Exam
- Certification Provider: Palo Alto Networks
- Latest update: Apr 24,2024
A bootstrap USB flash drive has been prepared using a Windows workstation to load the initial configuration of a Palo Alto Networks firewall that was previously being used in a lab. The USB flash drive was formatted using file system FAT32 and the initial configuration is stored in a file named init-cfg txt. The firewall is currently running PAN-OS 10.0 and using a lab config.
The contents of init-cfg txt in the USB flash drive are as follows:
The USB flash drive has been inserted in the firewalls’ USB port, and the firewall has been restarted using command:> request resort system Upon restart, the firewall fails to begin the bootstrapping process. The failure is caused because
- A . Firewall must be in factory default state or have all private data deleted for bootstrapping
- B . The hostname is a required parameter, but it is missing in init-cfg txt
- C . The USB must be formatted using the ext3 file system, FAT32 is not supported
- D . PANOS version must be 91.x at a minimum but the firewall is running 10.0.x
- E . The bootstrap.xml file is a required file but it is missing
Where is information about packet buffer protection logged?
- A . Alert entries are in the Alarms log. Entries for dropped traffic, discarded sessions, and blocked IP address are in the Threat log
- B . All entries are in the System log
- C . Alert entries are in the System log. Entries for dropped traffic, discarded sessions and blocked IP addresses are in the Threat log
- D . All entries are in the Alarms log
An engineer troubleshooting a VPN issue needs to manually initiate a VPN tunnel from the CLI.
Which CLI command can the engineer use?
- A . test vpn flow
- B . test vpn Ike―sa
- C . test vpn tunnel
- D . test vpn gateway
An administrator wants multiple web servers In the DMZ to receive connections initiated from the internet. Traffic destined for 206.15.22.9 port 80/TCP needs to be forwarded to the server at 10.1.1.22.
Based on the image, which NAT rule will forward web-browsing traffic correctly?
A)
B)
C)
D)
- A . Option
- B . Option
- C . Option
- D . Option
A company is using wireless controllers to authenticate users.
Which source should be used for User-ID mappings?
- A . Syslog
- B . XFF headers
- C . server monitoring
- D . client probing
An engineer wants to configure aggregate interfaces to increase bandwidth and redundancy between the firewall and switch.
Which statement is correct about the configuration of the interfaces assigned to an aggregate interface group?
- A . They can have a different bandwidth.
- B . They can have a different interface type such as Layer 3 or Layer 2.
- C . They can have a different interface type from an aggregate interface group.
- D . They can have different hardware media such as the ability to mix fiber optic and copper.
The administrator for a small company has recently enabled decryption on their Palo Alto Networks firewall using a self-signed root certificate. They have also created a Forward Trust and Forward Untrust certificate and set them as such
The admin has not yet installed the root certificate onto client systems
What effect would this have on decryption functionality?
- A . Decryption will function and there will be no effect to end users
- B . Decryption will not function because self-signed root certificates are not supported
- C . Decryption will not function until the certificate is installed on client systems
- D . Decryption will function but users will see certificate warnings for each SSL site they visit
An engineer is in the planning stages of deploying User-ID in a diverse directory services environment.
Which server OS platforms can be used for server monitoring with User-ID?
- A . Microsoft Terminal Server, Red Hat Linux, and Microsoft Active Directory
- B . Microsoft Active Directory, Red Hat Linux, and Microsoft Exchange
- C . Microsoft Exchange, Microsoft Active Directory, and Novell eDirectory
- D . Novell eDirectory, Microsoft Terminal Server, and Microsoft Active Directory
A company with already deployed Palo Alto firewalls has purchased their first Panorama server. The security team has already configured all firewalls with the Panorama IP address and added all the firewall serial numbers in Panorama.
What are the next steps to migrate configuration from the firewalls to Panorama?
- A . Use API calls to retrieve the configuration directly from the managed devices
- B . Export Named Configuration Snapshot on each firewall followed by Import Named Configuration Snapshot in Panorama
- C . import Device Configuration to Panorama followed by Export or Push Device Config Bundle
- D . Use the Firewall Migration plugin to retrieve the configuration directly from the managed devices
After configuring HA in Active/Passive mode on a pair of firewalls the administrator gets a failed commit with the following details.
What are two explanations for this type of issue? (Choose two)
- A . The peer IP is not included in the permit list on Management Interface Settings
- B . The Backup Peer HA1 IP Address was not configured when the commit was issued
- C . Either management or a data-plane interface is used as HA1-backup
- D . One of the firewalls has gone into the suspended state