PCNSE exam

An administrator encountered problems with inbound decryption. Which option should the administrator investigate as part of triage?A . Security policy rule allowing SSL to the target serverB . Firewall connectivity to a CRLC . Root certificate imported into the firewall with “Trust” enabledD . Importation of a certificate from an...

Which is not a valid reason for receiving a decrypt-cert-validation error?A . Unsupported HSMB . Unknown certificate statusC . Client authenticationD . Untrusted issuerView AnswerAnswer: A

Which three split tunnel methods are supported by a globalProtect gateway? (Choose three.)A . video streaming applicationB . Client Application ProcessC . Destination DomainD . Source DomainE . Destination user/groupF . URL CategoryView AnswerAnswer: A,B,C

Which PAN-OS® policy must you configure to force a user to provide additional credentials before he is allowed to access an internal application that contains highly-sensitive business data?A . Security policyB . Decryption policyC . Authentication policyD . Application Override policyView AnswerAnswer: C

Which two virtualization platforms officially support the deployment of Palo Alto Networks VM-Series firewalls? (Choose two.)A . Red Hat Enterprise Virtualization (RHEV)B . Kernel Virtualization Module (KVM)C . Boot Strap Virtualization Module (BSVM)D . Microsoft Hyper-VView AnswerAnswer: BD Explanation: Reference: https://www.paloaltonetworks.com/products/secure-the-network/virtualized-next-generation-firewall/vm-series

The firewall is not downloading IP addresses from MineMeld. Based, on the image, what most likely is wrong?A . A Certificate Profile that contains the client certificate needs to be selected.B . The source address supports only files hosted with an ftp://<address/file>.C . External Dynamic Lists do not support SSL...

How does an administrator schedule an Applications and Threats dynamic update while delaying installation of the update for a certain amount of time?A . Configure the option for “Threshold”.B . Disable automatic updates during weekdays.C . Automatically “download only” and then install Applications and Threats later, after the administrator approves...

An administrator is using Panorama and multiple Palo Alto Networks NGFWs. After upgrading all devices to the latest PAN-OS® software, the administrator enables log forwarding from the firewalls to Panoram A. Pre-existing logs from the firewalls are not appearing in PanoramA. Which action would enable the firewalls to send their...

In the following image from Panorama, why are some values shown in red? A . sg2 session count is the lowest compared to the other managed devices.B . us3 has a logging rate that deviates from the administrator-configured thresholds.C . uk3 has a logging rate that deviates from the seven-day...

Which three file types can be forwarded to WildFire for analysis as a part of the basic WildFire service? (Choose three.)A . dllB . exeC . srcD . apkE . pdfF . jarView AnswerAnswer: ABC Explanation: Reference: https://www.paloaltonetworks.com/documentation/80/wildfire/wf_admin/wildfire-overview/wildfire-file-type-support