PCNSE

DRAG DROP Match each SD-WAN configuration element to the description of that element. View AnswerAnswer: Explanation: ✑ An SD-WAN Interface Profile specifies the Tag that you apply to the physical interface, and also specifies the type of Link that interface is (ADSL/DSL, cable modem, Ethernet, fiber, LTE/3G/4G/5G, MPLS, microwave/radio, satellite,...

An administrator creates an SSL decryption rule decrypting traffic on all ports. The administrator also creates a Security policy rule allowing only the applications DNS, SSL, and web-browsing. The administrator generates three encrypted BitTorrent connections and checks the Traffic logs. There are three entries. The first entry shows traffic dropped...

A session in the Traffic log is reporting the application as “incomplete.” What does “incomplete” mean?A . The three-way TCP handshake was observed, but the application could not be identified.B . The three-way TCP handshake did not complete.C . The traffic is coming across UDP, and the application could not...

A traffic log might list an application as "not-applicable" for which two reasons'? (Choose two)A . 0 The firewall did not install the sessionB . The TCP connection terminated without identifying any application dataC . The firewall dropped a TCP SYN packetD . There was not enough application data after...

How would an administrator monitor/capture traffic on the management interface of the Palo Alto Networks NGFW?A . Use the debug dataplane packet-diag set capture stage firewall file command.B . Enable all four stages of traffic capture (TX, RX, DROP, Firewall).C . Use the debug dataplane packet-diag set capture stage management...

As a best practice, which URL category should you target first for SSL decryption?A . Online Storage and BackupB . High RiskC . Health and MedicineD . Financial ServicesView AnswerAnswer: A

When overriding a template configuration locally on a firewall, what should you consider?A . Only Panorama can revert the overrideB . Panorama will lose visibility into the overridden configurationC . Panorama will update the template with the overridden valueD . The firewall template will show that it is out of...

A company needs to preconfigure firewalls to be sent to remote sites with the least amount of preconfiguration Once deployed each firewall must establish secure tunnels back to multiple regional data centers to include the future regional data centers Which VPN preconfigured configuration would adapt to changes when deployed to...

Which two subscriptions are available when configuring panorama to push dynamic updates to connected devices? (Choose two.)A . Content-IDB . User-IDC . Applications and ThreatsD . AntivirusView AnswerAnswer: C,D Explanation: Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/web-interface-help/device/device-dynamic-updates

In a security-first network what is the recommended threshold value for content updates to be dynamically updated?A . 1 to 4 hoursB . 6 to 12 hoursC . 24 hoursD . 36 hoursView AnswerAnswer: B Explanation: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/threat-prevention/best-practices-for-content-and-threat-content-updates/best-practices-security-first.html