Palo Alto Networks PCNSE Palo Alto Networks Certified Network Security Engineer Exam Online Training
Palo Alto Networks PCNSE Online Training
The questions for PCNSE were last updated at May 06,2024.
- Exam Code: PCNSE
- Exam Name: Palo Alto Networks Certified Network Security Engineer Exam
- Certification Provider: Palo Alto Networks
- Latest update: May 06,2024
An administrator has two pairs of firewalls within the same subnet. Both pairs of firewalls have been configured to use High Availability mode with Active/Passive. The ARP tables for upstream routes display the same MAC address being shared for some of these firewalls.
What can be configured on one pair of firewalls to modify the MAC addresses so they are no longer in conflict?
- A . Configure a floating IP between the firewall pairs.
- B . Change the Group IDs in the High Availability settings to be different from the other firewall pair on the same subnet.
- C . Change the interface type on the interfaces that have conflicting MAC addresses from L3 to VLAN.
- D . On one pair of firewalls, run the CLI command: set network interface vlan arp.
A network administrator configured a site-to-site VPN tunnel where the peer device will act as initiator None of the peer addresses are known
What can the administrator configure to establish the VPN connection?
- A . Set up certificate authentication.
- B . Use the Dynamic IP address type.
- C . Enable Passive Mode
- D . Configure the peer address as an FQDN.
An administrator needs to optimize traffic to prefer business-critical applications over non-critical applications QoS natively integrates with which feature to provide service quality?
- A . certificate revocation
- B . Content-ID
- C . App-ID8 9 B
- D . port inspection
Which data flow describes redistribution of user mappings?
- A . User-ID agent to firewall
- B . firewall to firewall
- C . Domain Controller to User-ID agent
- D . User-ID agent to Panorama
A firewall administrator wants to avoid overflowing the company syslog server with traffic logs.
What should the administrator do to prevent the forwarding of DNS traffic logs to syslog?
- A . Disable logging on security rules allowing DNS.
- B . Go to the Log Forwarding profile used to forward traffic logs to syslog. Then, under traffic logs match list, create a new filter with application not equal to DNS.
- C . Create a security rule to deny DNS traffic with the syslog server in the destination
- D . Go to the Log Forwarding profile used to forward traffic logs to syslog. Then, under traffic logs match list, create a new filter with application equal to DNS.
Which CLI command displays the physical media that are connected to ethernet1/8?
- A . > show system state filter-pretty sys.si.p8.stats
- B . > show system state filter-pretty sys.sl.p8.phy
- C . > show interface ethernet1/8
- D . > show system state filter-pretty sys.sl.p8.med
An internal system is not functioning. The firewall administrator has determined that the incorrect egress interface is being used. After looking at the configuration, the administrator believes that the firewall is not using a static route.
What are two reasons why the firewall might not use a static route? (Choose two.)
- A . no install on the route
- B . duplicate static route
- C . path monitoring on the static route
- D . disabling of the static route
A remote administrator needs firewall access on an untrusted interface.
Which two components are required on the firewall to configure certificate-based administrator authentication to the web Ul? (Choose two)
- A . client certificate
- B . certificate profile
- C . certificate authority (CA) certificate
- D . server certificate
DRAG DROP
An engineer is troubleshooting traffic routing through the virtual router. The firewall uses multiple routing protocols, and the engineer is trying to determine routing priority Match the default Administrative Distances for each routing protocol.
When configuring forward error correction (FEC) for PAN-OS SD-WAN, an administrator would turn on the feature inside which type of SD-WAN profile?
- A . Certificate profile
- B . Path Quality profile
- C . SD-WAN Interface profile
- D . Traffic Distribution profile