PCNSE exam

An internal system is not functioning. The firewall administrator has determined that the incorrect egress interface is being used. After looking at the configuration, the administrator believes that the firewall is not using a static route. What are two reasons why the firewall might not use a static route? (Choose...

An engineer must configure a new SSL decryption deployment. Which profile or certificate is required before any traffic that matches an SSL decryption rule is decrypted?A . There must be a certificate with both the Forward Trust option and Forward Untrust option selected. B. A Decryption profile must be attached...

The UDP-4501 protocol-port is used between which two GlobalProtect components?A . GlobalProtect app and GlobalProtect gateway B. GlobalProtect portal and GlobalProtect gateway C. GlobalProtect app and GlobalProtect satellite D. GlobalProtect app and GlobalProtect portalView AnswerAnswer: A Explanation: UDP 4501 Used for IPSec tunnel connections between GlobalProtect apps and gateways. https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall-administration/reference-port-number-usage/ports-used-for-globalprotect.html

What are two best practices for incorporating new and modified App-IDs? (Choose two)A . Configure a security policy rule to allow new App-lDs that might have network-wide impact B. Study the release notes and install new App-IDs if they are determined to have low impact C. Perform a Best Practice...

What are two best practices for incorporating new and modified App-IDs? (Choose two)A . Configure a security policy rule to allow new App-lDs that might have network-wide impact B. Study the release notes and install new App-IDs if they are determined to have low impact C. Perform a Best Practice...

How can an administrator use the Panorama device-deployment option to update the apps and threat version of an HA pair of managed firewalls?A . Configure the firewall's assigned template to download the content updates. B. Choose the download and install action for both members of the HA pair in the...

When configuring forward error correction (FEC) for PAN-OS SD-WAN, an administrator would turn on the feature inside which type of SD-WAN profile?A . Certificate profile B. Path Quality profile C. SD-WAN Interface profile D. Traffic Distribution profileView AnswerAnswer: B

An administrator is attempting to create policies tor deployment of a device group and template stack. When creating the policies, the zone drop down list does not include the required zone. What must the administrator do to correct this issue?A . Specify the target device as the master device in...

Where is Palo Alto Networks Device Telemetry data stored on a firewall with a device certificate installed?A . Cortex Data Lake B. Panorama C. On Palo Alto Networks Update Servers D. M600 Log CollectorsView AnswerAnswer: A

DRAG DROP An engineer is troubleshooting traffic routing through the virtual router. The firewall uses multiple routing protocols, and the engineer is trying to determine routing priority Match the default Administrative Distances for each routing protocol. View AnswerAnswer: Explanation: ✑ Static ―Range is 10-240; default is 10. ✑ OSPF Internal...