Palo Alto Networks PCNSE Palo Alto Networks Certified Network Security Engineer Exam Online Training
Palo Alto Networks PCNSE Online Training
The questions for PCNSE were last updated at May 17,2024.
- Exam Code: PCNSE
- Exam Name: Palo Alto Networks Certified Network Security Engineer Exam
- Certification Provider: Palo Alto Networks
- Latest update: May 17,2024
How can an administrator use the Panorama device-deployment option to update the apps and threat version of an HA pair of managed firewalls?
- A . Configure the firewall’s assigned template to download the content updates.
- B . Choose the download and install action for both members of the HA pair in the Schedule object.
- C . Switch context to the firewalls to start the download and install process.
- D . Download the apps to the primary; no further action is required.
An administrator has configured OSPF with Advanced Routing enabled on a Palo Alto Networks firewall running PAN-OS 10.2. After OSPF was configured, the administrator noticed that OSPF routes were not being learned.
Which two actions could an administrator take to troubleshoot this issue? (Choose two.)
- A . Run the CLI command show advanced-routing ospf neighbor
- B . In the WebUl, view the Runtime Stats in the logical router.
- C . In the WebUl, view the Runtime Stats in the virtual router.
- D . Look for configuration problems in Network > virtual router > OSPF
What is a key step in implementing WildFire best practices?
- A . In a mission-critical network, increase the WildFire size limits to the maximum value.
- B . Configure the firewall to retrieve content updates every minute.
- C . In a security-first network, set the WildFire size limits to the minimum value.
- D . Ensure that a Threat Prevention subscription is active.
Which time determines how long the passive firewall will wait before taking over as the active firewall alter losing communications with the HA peer?
- A . Heartbeat Interval
- B . Additional Master Hold Up Time
- C . Promotion Hold Time
- D . Monitor Fall Hold Up Time
How would an administrator monitor/capture traffic on the management interface of the Palo Alto Networks NGFW?
- A . Use the debug dataplane packet-diag set capture stage firewall file command.
- B . Enable all four stages of traffic capture (TX, RX, DROP, Firewall).
- C . Use the debug dataplane packet-diag set capture stage management file command.
- D . Use the tcpdump command.
An engineer is pushing configuration from Panorama lo a managed firewall.
What happens when the pushed Panorama configuration has Address Object names that duplicate the Address Objects already configured on the firewall?
- A . The firewall rejects the pushed configuration, and the commit fails.
- B . The firewall renames the duplicate local objects with "-1" at the end signifying they are clones; it will update the references to the objects accordingly and fully commit the pushed configuration.
- C . The firewall fully commits all of the pushed configuration and overwrites its locally configured objects
- D . The firewall ignores only the pushed objects that have the same name as the locally configured objects, and it will commit the rest of the pushed configuration.
What happens when an A/P firewall cluster synchronizes IPsec tunnel security associations (SAs)?
- A . Phase 1 and Phase 2 SAs are synchronized over HA3 links.
- B . Phase 1 SAs are synchronized over HA1 links.
- C . Phase 2 SAs are synchronized over HA2 links.
- D . Phase 1 and Phase 2 SAs are synchronized over HA2 links.
A network administrator wants to deploy SSL Forward Proxy decryption.
What two attributes should a forward trust certificate have? (Choose two.)
- A . A subject alternative name
- B . A private key
- C . A server certificate
- D . A certificate authority (CA) certificate
An engineer is creating a template and wants to use variables to standardize the configuration across a large number of devices Which Mo variable types can be defined? (Choose two.)
- A . Path group
- B . Zone
- C . IP netmask
- D . FQDN
Which configuration task is best for reducing load on the management plane?
- A . Disable logging on the default deny rule
- B . Enable session logging at start
- C . Disable pre-defined reports
- D . Set the URL filtering action to send alerts