PCNSE V3

A network security engineer wants to prevent resource-consumption issues on the firewall. Which strategy is consistent with decryption best practices to ensure consistent performance?A . Use RSA in a Decryption profile tor higher-priority and higher-risk traffic, and use less processor-intensive decryption methods for lower-risk traffic B. Use PFS in a...

A network administrator wants to use a certificate for the SSL/TLS Service Profile. Which type of certificate should the administrator use?A . certificate authority (CA) certificate B. client certificate C. machine certificate D. server certificateView AnswerAnswer: D Explanation: Use only signed certificates, not CA certificates, in SSL/TLS service profiles. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/certificate-management/configure-an-ssltls-service-profile.html

An administrator has configured the Palo Alto Networks NGFW’s management interface to connect to the internet through a dedicated path that does not traverse back through the NGFW itself. Which configuration setting or step will allow the firewall to get automatic application signature updates?A . A scheduler will need to...

An organization wishes to roll out decryption but gets some resistance from engineering leadership regarding the guest network. What is a common obstacle for decrypting traffic from guest devices?A . Guest devices may not trust the CA certificate used for the forward untrust certificate. B. Guests may use operating systems...

A network security engineer is attempting to peer a virtual router on a PAN-OS firewall with an external router using the BGP protocol. The peer relationship is not establishing. What command could the engineer run to see the current state of the BGP state between the two devices?A . show...

Which three use cases are valid reasons for requiring an Active/Active high availability deployment? (Choose three.)A . The environment requires real, full-time redundancy from both firewalls at all times B. The environment requires Layer 2 interfaces in the deployment C. The environment requires that both firewalls maintain their own routing...

An engineer needs to redistribute User-ID mappings from multiple data centers. Which data flow best describes redistribution of user mappings?A . Domain Controller to User-ID agent B. User-ID agent to Panorama C. User-ID agent to firewall D. firewall to firewallView AnswerAnswer: D

Which data flow describes redistribution of user mappings?A . User-ID agent to firewall B. firewall to firewall C. Domain Controller to User-ID agent D. User-ID agent to PanoramaView AnswerAnswer: B Explanation: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/user-id/configure-firewalls-to-redistribute-user-mapping-information https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/user-id/deploy-user-id-in-a-large-scale-network/redistribute-user-mappings-and-authentication-timestamps/firewall-deployment-for-user-id-redistribution.html#ide3661b46-4722-4936-bb9b-181679306809

A client wants to detect the use of weak and manufacturer-default passwords for loT devices. Which option will help the customer?A . Configure a Data Filtering profile with alert mode. B. Configure an Antivirus profile with alert mode. C. Configure a Vulnerability Protection profile with alert mode D. Configure an...

Which statement about High Availability timer settings is true?A . Use the Moderate timer for typical failover timer settings. B. Use the Critical timer for taster failover timer settings. C. Use the Recommended timer tor faster failover timer settings. D. Use the Aggressive timer for taster failover timer settingsView AnswerAnswer:...