PCNSE

A network administrator wants to deploy GlobalProtect with pre-logon for Windows 10 endpoints and follow Palo Alto Networks best practices. To install the certificate and key for an endpoint, which three components are required? (Choose three.)A . server certificateB . local computer storeC . private keyD . self-signed certificateE ....

DRAG DROP Match each SD-WAN configuration element to the description of that element. View AnswerAnswer: Explanation: ✑ An SD-WAN Interface Profile specifies the Tag that you apply to the physical interface, and also specifies the type of Link that interface is (ADSL/DSL, cable modem, Ethernet, fiber, LTE/3G/4G/5G, MPLS, microwave/radio, satellite,...

A network security engineer has applied a File Blocking profile to a rule with the action of Block. The user of a Linux CLI operating system has opened a ticket. The ticket states that the user is being blocked by the firewall when trying to download a TAR file. The...

Before you upgrade a Palo Alto Networks NGFW, what must you do?A . Make sure that the PAN-OS support contract is valid for at least another yearB . Export a device state of the firewallC . Make sure that the firewall is running a version of antivirus software and a...

Which two statements are true about DoS Protection and Zone Protection Profiles? (Choose two).A . Zone Protection Profiles protect ingress zonesB . Zone Protection Profiles protect egress zonesC . DoS Protection Profiles are packet-based, not signature-basedD . DoS Protection Profiles are linked to Security policy rulesView AnswerAnswer: A,D Explanation: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/zone-protection-and-dos-protection/zone-defense/zone-protection-profiles

In a firewall, which three decryption methods are valid? (Choose three)A . SSL Inbound InspectionB . SSL Outbound Proxyless InspectionC . SSL Inbound ProxyD . Decryption MirrorE . SSH ProxyView AnswerAnswer: A,D,E Explanation: You can also use Decryption Mirroring to forward decrypted traffic as plaintext to a third party solution...

In a security-first network what is the recommended threshold value for content updates to be dynamically updated?A . 1 to 4 hoursB . 6 to 12 hoursC . 24 hoursD . 36 hoursView AnswerAnswer: B Explanation: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/threat-prevention/best-practices-for-content-and-threat-content-updates/best-practices-security-first.html Schedule content updates so that they download-and-install automatically. Then, set a Threshold that...

To ensure that a Security policy has the highest priority, how should an administrator configure a Security policy in the device group hierarchy?A . Add the policy in the shared device group as a pre-ruleB . Reference the targeted device's templates in the target device groupC . Add the policy...

An administrator has purchased WildFire subscriptions for 90 firewalls globally. What should the administrator consider with regards to the WildFire infrastructure?A . To comply with data privacy regulations, WildFire signatures and verdicts are not shared globally.B . Palo Alto Networks owns and maintains one global cloud and four WildFire regional...

A customer is replacing its legacy remote-access VPN solution Prisma Access has been selected as the replacement During onboarding, the following options and licenses were selected and enabled: The customer wants to forward to a Splunk SIEM the logs that are generated by users that are connected to Prisma Access...