PCNSE

When configuring the firewall for packet capture, what are the valid stage types?A . Receive, management, transmit, and dropB . Receive, firewall, send, and non-synC . Receive management, transmit, and non-synD . Receive, firewall, transmit, and dropView AnswerAnswer: D

A web server is hosted in the DMZ and the server is configured to listen for incoming connections on TCP port 443. A Security policies rules allowing access from the Trust zone to the DMZ zone needs to be configured to allow web-browsing access. The web server hosts its contents...

Which GlobalProtect Client connect method requires the distribution and use of machine certificates?A . User-logon (Always on)B . At-bootC . On-demandD . Pre-logonView AnswerAnswer: D

When is the content inspection performed in the packet flow process?A . after the application has been identifiedB . before session lookupC . before the packet forwarding processD . after the SSL Proxy re-encrypts the packetView AnswerAnswer: C Explanation: Reference: https://live.paloaltonetworks.com/t5/Learning-Articles/Packet-Flow-Sequence-in-PAN-OS/ta-p/56081

Which three options are supported in HA Lite? (Choose three.)A . Virtual linkB . Active/passive deploymentC . Synchronization of IPsec security associationsD . Configuration synchronizationE . Session synchronizationView AnswerAnswer: B,C,D Explanation: “The PA-200 firewall supports HA Lite only. HA Lite is an active/passive deployment that provides configuration synchronization and some...

An administrator has been asked to configure active/passive HA for a pair of Palo Alto Networks NGFWs. The administrator assigns priority 100 to the active firewall. Which priority is correct for the passive firewall?A . 0B . 99C . 1D . 255View AnswerAnswer: D Explanation: Reference: https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/framemaker/71/pan-os/pan-os/section_5.pdf (page 9)

The firewall determines if a packet is the first packet of a new session or if a packet is part of an existing session using which kind of match?A . 6-tuple match: Source IP Address, Destination IP Address, Source port, Destination Port, Protocol, and Source Security ZoneB . 5-tuple match:...

Which virtual router feature determines if a specific destination IP address is reachable?A . Heartbeat MonitoringB . FailoverC . Path MonitoringD . Ping-PathView AnswerAnswer: C Explanation: Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/policy/pbf

An administrator has users accessing network resources through Citrix XenApp 7 x. Which User-ID mapping solution will map multiple users who are using Citrix to connect to the network and access resources?A . Client ProbingB . Terminal Services agentC . GlobalProtectD . Syslog MonitoringView AnswerAnswer: B

Which Security policy rule will allow an admin to block facebook chat but allow Facebook in general?A . Deny application facebook-chat before allowing application facebookB . Deny application facebook on topC . Allow application facebook on topD . Allow application facebook before denying application facebook-chatView AnswerAnswer: A Explanation: Reference: https://live.paloaltonetworks.com/t5/Configuration-Articles/Failed-to-Block-Facebook-Chat-Consistently/ta-p/115673