PCNSE

Exhibit: What will be the egress interface if the traffic’s ingress interface is ethernet1/6 sourcing from 192.168.111.3 and to the destination 10.46.41.113 during the time shown in the image?A . ethernet1/7B . ethernet1/5C . ethernet1/6D . ethernet1/3View AnswerAnswer: D

A customer wants to set up a site-to-site VPN using tunnel interfaces? Which two formats are correct for naming tunnel interfaces? (Choose two.)A . Vpn-tunnel.1024B . vpn-tunne.1C . tunnel 1025D . tunnel. 1View AnswerAnswer: C,D

During the packet flow process, which two processes are performed in application identification? (Choose two.)A . Pattern based application identificationB . Application override policy matchC . Application changed from content inspectionD . Session application identified.View AnswerAnswer: A,B Explanation: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVHCA0 http://live.paloaltonetworks.com//t5/image/serverpage/image-id/12862i950F549C7D4E6309

In the following image from Panorama, why are some values shown in red? A . sg2 session count is the lowest compared to the other managed devices.B . us3 has a logging rate that deviates from the administrator-configured thresholds.C . uk3 has a logging rate that deviates from the seven-day...

A Palo Alto Networks NGFW just submitted a file to WildFire for analysis. Assume a 5-minute window for analysis. The firewall is configured to check for verdicts every 5 minutes. How quickly will the firewall receive back a verdict?A . More than 15 minutesB . 5 minutesC . 10 to...

Which prerequisite must be satisfied before creating an SSH proxy Decryption policy?A . Both SSH keys and SSL certificates must be generated.B . No prerequisites are required.C . SSH keys must be manually generated.D . SSL certificates must be generated.View AnswerAnswer: B Explanation: Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/decryption/configure-ssh-proxy “In an SSH Proxy configuration,...

A client has a sensitive application server in their data center and is particularly concerned about resource exhaustion because of distributed denial-of-service attacks. How can the Palo Alto Networks NGFW be configured to specifically protect this server against resource exhaustion originating from multiple IP addresses (DDoS attack)?A . Define a...

Which version of GlobalProtect supports split tunneling based on destination domain, client process, and HTTP/HTTPS video streaming application?A . GlobalProtect version 4.0 with PAN-OS 8.1B . GlobalProtect version 4.1 with PAN-OS 8.1C . GlobalProtect version 4.1 with PAN-OS 8.0D . GlobalProtect version 4.0 with PAN-OS 8.0View AnswerAnswer: B

Refer to the exhibit. Which certificates can be used as a Forwarded Trust certificate?A . Certificate from Default Trust Certificate AuthoritiesB . Domain Sub-CAC . Forward_TrustD . Domain-Root-CertView AnswerAnswer: B

What is the purpose of the firewall decryption broker?A . Decrypt SSL traffic a then send it as cleartext to a security chain of inspection toolsB . Force decryption of previously unknown cipher suitesC . Inspection traffic within IPsec tunnelD . Reduce SSL traffic to a weaker cipher before sending...