Tag - PCNSE exam

An internal system is not functioning. The firewall administrator has determined that the incorrect egress interface is being used. After looking at the configuration, the administrator believes that the firewall is not using a static route. What are two reasons why the firewall might not use a static route? (Choose...

Refer to the exhibit. An organization has Palo Alto Networks NGFWs that send logs to remote monitoring and security management platforms. The network team has reported excessive traffic on the corporate WAN. How could the Palo Alto Networks NGFW administrator reduce WAN traffic while maintaining support for all the existing...

When using SSH keys for CLI authentication for firewall administration, which method is used for authorization?A . Local B. LDAP C. Kerberos D. RadiusView AnswerAnswer: A Explanation: When using SSH keys for CLI authentication for firewall administration, the method used for authorization is local. This is described in the Palo...

How would an administrator monitor/capture traffic on the management interface of the Palo Alto Networks NGFW?A . Use the debug dataplane packet-diag set capture stage firewall file command. B. Enable all four stages of traffic capture (TX, RX, DROP, Firewall). C. Use the debug dataplane packet-diag set capture stage management...

A network security administrator wants to begin inspecting bulk user HTTPS traffic flows egressing out of the internet edge firewall. Which certificate is the best choice to configure as an SSL Forward Trust certificate?A . A self-signed Certificate Authority certificate generated by the firewall B. A Machine Certificate for the...

Which CLI command displays the physical media that are connected to ethernet1/8?A . > show system state filter-pretty sys.si.p8.stats B. > show system state filter-pretty sys.sl.p8.phy C. > show interface ethernet1/8 D. > show system state filter-pretty sys.sl.p8.medView AnswerAnswer: C

Which log type would provide information about traffic blocked by a Zone Protection profile?A . Data Filtering B. IP-Tag C. Traffic D. ThreatView AnswerAnswer: D Explanation: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clm9CAC Zone Protection profile is a set of security policies that you can apply to an interface or zone to protect it from reconnaissance,...

An engineer configures SSL decryption in order to have more visibility to the internal users' traffic when it is regressing the firewall. Which three types of interfaces support SSL Forward Proxy? (Choose three.)A . High availability (HA) B. Layer 2 C. Virtual Wire D. Tap E. Layer 3View AnswerAnswer: B,C,E

When using SSH keys for CLI authentication for firewall administration, which method is used for authorization?A . Local B. LDAP C. Kerberos D. RadiusView AnswerAnswer: A Explanation: When using SSH keys for CLI authentication for firewall administration, the method used for authorization is local. This is described in the Palo...

An administrator can not see any Traffic logs from the Palo Alto Networks NGFW in Panorama reports. The configuration problem seems to be on the firewall. Which settings, if configured incorrectly, most likely would stop only Traffic logs from being sent from the NGFW to Panorama? A) B) C) D)...