PCNSE

An enterprise has a large Palo Alto Networks footprint that includes onsite firewalls and Prisma Access for mobile users, which is managed by Panorama. The enterprise already uses GlobalProtect with SAML authentication to obtain iP-to-user mapping information However information Security wants to use this information in Prisma Access for policy...

Which action disables Zero Touch Provisioning (ZTP) functionality on a ZTP firewall during the onboarding process?A . performing a local firewall commitB . removing the firewall as a managed device in PanoramaC . performing a factory reset of the firewallD . removing the Panorama serial number from the ZTP serviceView...

Which GlobalProtect gateway setting is required to enable split-tunneling by access route, destination domain, and application?A . No Direct Access to local networksB . Satellite modeC . Tunnel modeD . IPSec modeView AnswerAnswer: A Explanation: https://docs.paloaltonetworks.com/globalprotect/9-1/globalprotect-admin/globalprotect-gateways/split-tunnel-traffic-on-globalprotect-gateways/configure-a-split-tunnel-based-on-the-access-route.html

PBF can address which two scenarios? (Select Two)A . forwarding all traffic by using source port 78249 to a specific egress interfaceB . providing application connectivity the primary circuit failsC . enabling the firewall to bypass Layer 7 inspectionD . routing FTP to a backup ISP link to save bandwidth...

in a template you can configure which two objects? (Choose two.)A . SD WAN path quality profileB . application groupC . IPsec tunnelD . Monitor profileView AnswerAnswer: A,C

An administrator plans to deploy 15 firewalls to act as GlobalProtect gateways around the world Panorama will manage the firewalls. The firewalls will provide access to mobile users and act as edge locations to on-premises infrastructure. The administrator wants to scale the configuration out quickly and wants all of the...

In SSL Forward Proxy decryption, which two certificates can be used for certificate signing? (Choose two.)A . wildcard server certificateB . enterprise CA certificateC . client certificateD . server certificateE . self-signed CA certificateView AnswerAnswer: B,E Explanation: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/decryption/configure-ssl-forward-proxy.html

A superuser is tasked with creating administrator accounts for three contractors. For compliance purposes, all three contractors will be working with different device-groups in their hierarchy to deploy policies and objects. Which type of role-based access is most appropriate for this project?A . Create a Dynamic Admin with the Panorama...

The following objects and policies are defined in a device group hierarchy A) B) C) Address Objects -Shared Address 1 -Branch Address2 Policies -Shared Polic1 l -Branch Policyl D) Address Objects -Shared Addressl -Shared Address2 -Branch Addressl Policies -Shared Policyl -Shared Policy2 -Branch PolicylA . Option AB . Option BC...

A web server is hosted in the DMZ and the server is configured to listen for incoming connections on TCP port 443. A Security policies rules allowing access from the Trust zone to the DMZ zone needs to be configured to allow web-browsing access. The web server hosts its contents...