PCNSE

A firewall is configured with SSL Forward Proxy decryption and has the following four enterprise certificate authorities (Cas) i. Enterprise-Trusted-CA; which is verified as Forward Trust Certificate (The CA is also installed in the trusted store of the end-user browser and system) ii. Enterpnse-Untrusted-CA, which is verified as Forward Untrust...

What would allow a network security administrator to authenticate and identify a user with a new BYOD-type device that is not joined to the corporate domain'?A . a Security policy with 'known-user" selected in the Source User fieldB . an Authentication policy with 'unknown' selected in the Source User fieldC...

An engineer wants to implement the Palo Alto Networks firewall in VWire mode on the internet gateway and wants to be sure of the functions that are supported on the vwire interface What are three supported functions on the VWire interface? (Choose three )A . NATB . QoSC . IPSecD...

A organizations administrator has the funds available to purchase more firewalls to increase the organization's security posture. The partner SE recommends placing the firewalls as close as possible to the resources that they protect Is the SE's advice correct and why or why not?A . Yes Firewalls are session based...

Which User-ID mapping method should be used in a high-security environment where all IP address-to-user mappings should always be explicitly known?A . PAN-OS integrated User-ID agentB . LDAP Server Profile configurationC . GlobalProtectD . Windows-based User-ID agentView AnswerAnswer: C Explanation: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/user-id/user-id-concepts/user-mapping/globalprotect.html Because GlobalProtect users must authenticate to gain access to...

When setting up a security profile which three items can you use? (Choose three)A . Wildfire analysisB . anti-ransom wareC . antivirusD . URL filteringE . decryption profileView AnswerAnswer: A,C,D Explanation: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/policy/security-profiles

An administrator needs to troubleshoot a User-ID deployment The administrator believes that there is an issue related to LDAP authentication The administrator wants to create a packet capture on the management plane Which CLI command should the administrator use to obtain the packet capture for validating the configuration^A . >...

An engineer is planning an SSL decryption implementation Which of the following statements is a best practice for SSL decryption?A . Obtain an enterprise CA-signed certificate for the Forward Trust certificateB . Obtain a certificate from a publicly trusted root CA for the Forward Trust certificateC . Use an enterprise...

An organization has recently migrated its infrastructure and configuration to NGFWs, for which Panorama manages the devices The organization is coming from a L2-L4 firewall vendor, but wants to use App-ID while identifying policies that are no longer needed Which Panorama tool can help this organization?A . Config AuditB ....

In a device group, which two configuration objects are defined? (Choose two )A . DNS ProxyB . address groupsC . SSL/TLS profilesD . URL Filtering profilesView AnswerAnswer: C,D