Tag - PCNSE exam

Which source is the most reliable for collecting User-ID user mapping?A . GlobalProtect B. Microsoft Active Directory C. Microsoft Exchange D. Syslog ListenerView AnswerAnswer: A Explanation: User-ID is a feature that enables you to identify and control users on your network based on their usernames instead of their IP addresses1....

What can be used to create dynamic address groups?A . dynamic address B. region objects C. tags D. FODN addressesView AnswerAnswer: C Explanation: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/policy/monitor-changes-in-the-virtual-environment/use-dynamic-address-groups-in-policy

An engineer is deploying multiple firewalls with common configuration in Panorama. What are two benefits of using nested device groups? (Choose two.)A . Inherit settings from the Shared group B. Inherit IPSec crypto profiles C. Inherit all Security policy rules and objects D. Inherit parent Security policy rules and objectsView...

Which three items are import considerations during SD-WAN configuration planning? (Choose three.)A . link requirements B. the name of the ISP C. IP Addresses D. branch and hub locationsView AnswerAnswer: A,C,D Explanation: https://docs.paloaltonetworks.com/sd-wan/1-0/sd-wan-admin/sd-wan-overview/plan-sd-wan-configuration

Given the screenshot, how did the firewall handle the traffic? A . Traffic was allowed by policy but denied by profile as encrypted. B. Traffic was allowed by policy but denied by profile as a threat. C. Traffic was allowed by profile but denied by policy as a threat. D....

A firewall engineer reviews the PAN-OS GlobalProtect application and sees that it implicitly uses web-browsing and depends on SSL. When creating a new rule, what is needed to allow the application to resolve dependencies?A . Add SSL and web-browsing applications to the same rule. B. Add web-browsing application to the...

Based on the graphic which statement accurately describes the output shown in the Server Monitoring panel? A. The User-ID agent is connected to a domain controller labeled lab-client B. The host lab-client has been found by a domain controller C. The host lab-client has been found by the User-ID agent....

Which profile generates a packet threat type found in threat logs?A . Zone Protection B. WildFire C. Anti-Spyware D. AntivirusView AnswerAnswer: A Explanation: "Threat/Content Type (subtype) Subtype of threat log." "packet―Packet-based attack protection triggered by a Zone Protection profile." https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/threat-log-fields https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/threat-log-fields packet―Packet-based attack protection triggered by a Zone Protection profile.

Which three items are import considerations during SD-WAN configuration planning? (Choose three.)A . link requirements B. the name of the ISP C. IP Addresses D. branch and hub locationsView AnswerAnswer: A,C,D Explanation: https://docs.paloaltonetworks.com/sd-wan/1-0/sd-wan-admin/sd-wan-overview/plan-sd-wan-configuration

A remote administrator needs firewall access on an untrusted interface. Which two components are required on the firewall to configure certificate-based administrator authentication to the web Ul? (Choose two)A . client certificate B. certificate profile C. certificate authority (CA) certificate D. server certificateView AnswerAnswer: B,D