PCNSE V8

An engineer configures SSL decryption in order to have more visibility to the internal users' traffic when it is regressing the firewall. Which three types of interfaces support SSL Forward Proxy? (Choose three.)A . High availability (HA) B. Layer 2 C. Virtual Wire D. Tap E. Layer 3View AnswerAnswer: B,C,E

An administrator can not see any Traffic logs from the Palo Alto Networks NGFW in Panorama reports. The configuration problem seems to be on the firewall. Which settings, if configured incorrectly, most likely would stop only Traffic logs from being sent from the NGFW to Panorama? A) B) C) D)...

Which data flow describes redistribution of user mappings?A . User-ID agent to firewall B. firewall to firewall C. Domain Controller to User-ID agent D. User-ID agent to PanoramaView AnswerAnswer: B Explanation: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/user-id/configure-firewalls-to-redistribute-user-mapping-information https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/user-id/deploy-user-id-in-a-large-scale-network/redistribute-user-mappings-and-authentication-timestamps/firewall-deployment-for-user-id-redistribution.html#ide3661b46-4722-4936-bb9b-181679306809

A customer wants to set up a VLAN interface for a Layer 2 Ethernet port. Which two mandatory options are used to configure a VLAN interface? (Choose two.)A . Virtual router B. Security zone C. ARP entries D. Netflow ProfileView AnswerAnswer: A,B Explanation: Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/network/network-interfaces/pa-7000-series- layer-2-interface#idd2bcaacc-54b9-4ec9-a1dd-8064499f5b9d https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRqCAK VLAN interface is...

An engineer receives reports from users that applications are not working and that websites are only partially loading in an asymmetric environment. After investigating, the engineer observes the flow_tcp_non_syn_drop counter increasing in the show counters global output. Which troubleshooting command should the engineer use to work around this issue?A ....

After configuring HA in Active/Passive mode on a pair of firewalls the administrator gets a failed commit with the following details. What are two explanations for this type of issue? (Choose two)A . The peer IP is not included in the permit list on Management Interface Settings B. The Backup...

Which log type would provide information about traffic blocked by a Zone Protection profile?A . Data Filtering B. IP-Tag C. Traffic D. ThreatView AnswerAnswer: D Explanation: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clm9CAC Zone Protection profile is a set of security policies that you can apply to an interface or zone to protect it from reconnaissance,...

When planning to configure SSL Froward Proxy on a PA 5260, a user asks how SSL decryption can be implemented using phased approach in alignment with Palo Alto Networks best practices What should you recommend?A . Enable SSL decryption for known malicious source IP addresses B. Enable SSL decryption for...

Which feature of Panorama allows an administrator to create a single network configuration that can be reused repeatedly for large-scale deployments even if values of configured objects, such as routes and interface addresses, change?A . Template stacks B. Template variables C. The Shared device group D. A device groupView AnswerAnswer:...

An ISP manages a Palo Alto Networks firewall with multiple virtual systems for its tenants. Where on this firewall can the ISP configure unique service routes for different tenants?A . Setup > Services > Virtual Systems > Set Location > Service Route Configuration > Inherit Global Service Route Configuration B....