PCNSE exam

Which three actions can Panorama perform when deploying PAN-OS images to its managed devices? (Choose three.)A . upload-onlysB . install and rebootC . upload and installD . upload and install and rebootE . verify and installView AnswerAnswer: ACD Explanation: ttps://www.kareemccie.com/2021/05/palo-alto-firewall-packet-flow.html

Which DoS Protection Profile detects and prevents session exhaustion attacks against specific destinations?A . Resource ProtectionB . TCP Port Scan ProtectionC . Packet Based Attack ProtectionD . Packet Buffer ProtectionView AnswerAnswer: A Explanation: IP flood thresholds, you can also use DoS Protection profiles to detect and prevent session exhaustion attacks...

An organization conducts research on the benefits of leveraging the Web Proxy feature of PAN-OS 11.0. What are two benefits of using an explicit proxy method versus a transparent proxy method? (Choose two.)A . No client configuration is required for explicit proxy, which simplifies the deployment complexity.B . Explicit proxy...

An engineer reviews high availability (HA) settings to understand a recent HA failover event. Review the screenshot below. Which timer determines the frequency at which the HA peers exchange messages in the form of an ICMP (ping)A . Hello IntervalB . Promotion Hold TimeC . Heartbeat IntervalD . Monitor Fail...

Which two statements correctly describe Session 380280? (Choose two.) A . The session went through SSL decryption processing.B . The session has ended with the end-reason unknown.C . The application has been identified as web-browsing.D . The session did not go through SSL decryption processing.View AnswerAnswer: A, C

Refer to the exhibit. Based on the screenshots above what is the correct order in which the various rules are deployed to firewalls inside the DATACENTER_DG device group?A . shared pre-rules DATACENTER DG pre rules rules configured locally on the firewall shared post-rules DATACENTER_DG post-rules DATACENTER.DG default rulesB . shared...

Which protocol is supported by GlobalProtect Clientless VPN?A . FTPB . RDPC . SSHD . HTTPSView AnswerAnswer: D Explanation: Virtual Desktop Infrastructure (VDI) and Virtual Machine (VM) environments, such as Citrix XenApp and XenDesktop or VMWare Horizon and Vcenter, support access natively through HTML5. You can RDP, VNC, or SSH...

A firewall engineer reviews the PAN-OS GlobalProtect application and sees that it implicitly uses web-browsing and depends on SSL. When creating a new rule, what is needed to allow the application to resolve dependencies?A . Add SSL and web-browsing applications to the same rule.B . Add web-browsing application to the...

An engineer is deploying multiple firewalls with common configuration in Panorama. What are two benefits of using nested device groups? (Choose two.)A . Inherit settings from the Shared groupB . Inherit IPSec crypto profilesC . Inherit all Security policy rules and objectsD . Inherit parent Security policy rules and objectsView...

Which three external authentication services can the firewall use to authenticate admins into the Palo Alto Networks NGFW without creating administrator account on the firewall? (Choose three.)A . RADIUSB . TACACS+C . KerberosD . LDAPE . SAMLView AnswerAnswer: ABE Explanation: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/firewall-administration/manage-firewall-administrators/administrative-authentication#:~:text=The%20administrative%20accounts%20are%20defined,attributes%20on%20the%20SAML%20server.