PCNSE exam

A network administrator configured a site-to-site VPN tunnel where the peer device will act as initiator None of the peer addresses are known What can the administrator configure to establish the VPN connection?A . Set up certificate authentication. B. Use the Dynamic IP address type. C. Enable Passive Mode D....

What happens, by default, when the GlobalProtect app fails to establish an IPSec tunnel to the GlobalProtect gateway?A . It stops the tunnel-establishment processing to the GlobalProtect gateway immediately. B. It tries to establish a tunnel to the GlobalProtect gateway using SSL/TLS. C. It keeps trying to establish an IPSec...

An administrator accidentally closed the commit window/screen before the commit was finished. Which two options could the administrator use to verify the progress or success of that commit task? (Choose two.) A. System Logs B. Task Manager C. Traffic Logs D. Configuration LogsView AnswerAnswer: A,B Explanation: A. System Logs: The...

Where is Palo Alto Networks Device Telemetry data stored on a firewall with a device certificate installed?A . Cortex Data Lake B. Panorama C. On Palo Alto Networks Update Servers D. M600 Log CollectorsView AnswerAnswer: C

An administrator connected a new fiber cable and transceiver to interface Ethernetl/l on a Palo Alto Networks firewall. However, the link does not seem to be coming up. If an administrator were to troubleshoot, how would they confirm the transceiver type, tx-power, rx-power, vendor name, and part number via the...

An engineer is designing a deployment of multi-vsys firewalls. What must be taken into consideration when designing the device group structure?A . Multiple vsys and firewalls can be assigned to a device group, and a multi-vsys firewall must have all its vsys in a single device group. B. Only one...

A customer is replacing their legacy remote access VPN solution The current solution is in place to secure only internet egress for the connected clients Prisma Access has been selected to replace the current remote access VPN solution During onboarding the following options and licenses were selected and enabled -...

How would an administrator monitor/capture traffic on the management interface of the Palo Alto Networks NGFW?A . Use the debug dataplane packet-diag set capture stage firewall file command. B. Enable all four stages of traffic capture (TX, RX, DROP, Firewall). C. Use the debug dataplane packet-diag set capture stage management...

An administrator wants multiple web servers In the DMZ to receive connections initiated from the internet. Traffic destined for 206.15.22.9 port 80/TCP needs to be forwarded to the server at 10.1.1.22. Based on the image, which NAT rule will forward web-browsing traffic correctly? A) B) C) D) A . Option...

An engineer must configure a new SSL decryption deployment. Which profile or certificate is required before any traffic that matches an SSL decryption rule is decrypted?A . There must be a certificate with both the Forward Trust option and Forward Untrust option selected. B. A Decryption profile must be attached...