PCNSE V3

An engineer is configuring Packet Buffer Protection on ingress zones to protect from single-session DoS attacks Which sessions does Packet Buffer Protection apply to?A . It applies to existing sessions and is not global B. It applies to new sessions and is global C. It applies to new sessions and...

Which function is handled by the management plane (control plane) of a Palo Alto Networks firewall?A . signature matching for content inspection B. IPSec tunnel standup C. Quality of Service D. loggingView AnswerAnswer: D

An engineer is creating a template and wants to use variables to standardize the configuration across a large number of devices Which Mo variable types can be defined? (Choose two.)A . Path group B. Zone C. IP netmask D. FQDNView AnswerAnswer: C,D

What would allow a network security administrator to authenticate and identify a user with a new BYOD-type device that is not joined to the corporate domain'?A . a Security policy with 'known-user" selected in the Source User field B. an Authentication policy with 'unknown' selected in the Source User field...

What is considered the best practice with regards to zone protection?A . Review DoS threat activity (ACC > Block Activity) and look for patterns of abuse B. Use separate log-forwarding profiles to forward DoS and zone threshold event logs separately from other threat logs C. If the levels of zone...

Which two actions would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL Forward Proxy? (Choose two.)A . Create a no-decrypt Decryption Policy rule. B. Configure an EDL to pull IP addresses of known sites resolved from a CRL. C. Create a Dynamic...

DRAG DROP An engineer is troubleshooting traffic routing through the virtual router. The firewall uses multiple routing protocols, and the engineer is trying to determine routing priority. Match the default Administrative Distances for each routing protocol. View AnswerAnswer: Explanation: ✑ Static ―Range is 10-240; default is 10. ✑ OSPF Internal...

A company with already deployed Palo Alto firewalls has purchased their first Panorama server. The security team has already configured all firewalls with the Panorama IP address and added all the firewall serial numbers in Panorama. What are the next steps to migrate configuration from the firewalls to Panorama?A ....

Given the following snippet of a WildFire submission log. did the end-user get access to the requested information and why or why not? A . Yes. because the action is set to "allow '' B. No because WildFire categorized a file with the verdict "malicious" C. Yes because the action...

What is the best description of the HA4 Keep-Alive Threshold (ms)?A . the maximum interval between hello packets that are sent to verify that the HA functionality on the other firewall is operational. B. The time that a passive or active-secondary firewall will wait before taking over as the active...