PCNSE exam

DRAG DROP An engineer is troubleshooting traffic routing through the virtual router. The firewall uses multiple routing protocols, and the engineer is trying to determine routing priority Match the default Administrative Distances for each routing protocol. View AnswerAnswer: Explanation: ✑ Static ―Range is 10-240; default is 10. ✑ OSPF Internal...

A network security administrator has an environment with multiple forms of authentication. There is a network access control system in place that authenticates and restricts access for wireless users, multiple Windows domain controllers, and an MDM solution for company-provided smartphones. All of these devices have their authentication events logged. Given...

Which GlobalProtect gateway selling is required to enable split-tunneling by access route, destination domain, and application?A . No Direct Access to local networks B. Tunnel mode C. iPSec mode D. Satellite modeView AnswerAnswer: B Explanation: To enable split-tunneling by access route, destination domain, and application, you need to configure a...

Which configuration task is best for reducing load on the management plane?A . Disable logging on the default deny rule B. Enable session logging at start C. Disable pre-defined reports D. Set the URL filtering action to send alertsView AnswerAnswer: A

When planning to configure SSL Froward Proxy on a PA 5260, a user asks how SSL decryption can be implemented using phased approach in alignment with Palo Alto Networks best practices What should you recommend?A . Enable SSL decryption for known malicious source IP addresses B. Enable SSL decryption for...

An administrator has configured a pair of firewalls using high availability in Active/Passive mode. Path Monitoring has been enabled with a Failure Condition of "any." A path group is configured with Failure Condition of "all" and contains a destination IP of 8.8.8.8 and 4.2.2.2 with a Ping Interval of 500ms...

Which DoS Protection Profile detects and prevents session exhaustion attacks against specific destinations?A . Resource Protection B. TCP Port Scan Protection C. Packet Based Attack Protection D. Packet Buffer ProtectionView AnswerAnswer: A Explanation: According to the documentation, resource protection detects and prevents session exhaustion attacks against specific destinations. This type...

An engineer configures SSL decryption in order to have more visibility to the internal users' traffic when it is regressing the firewall. Which three types of interfaces support SSL Forward Proxy? (Choose three.)A . High availability (HA) B. Layer 2 C. Virtual Wire D. Tap E. Layer 3View AnswerAnswer: B,C,E

A firewall administrator wants to avoid overflowing the company syslog server with traffic logs. What should the administrator do to prevent the forwarding of DNS traffic logs to syslog?A . Disable logging on security rules allowing DNS. B. Go to the Log Forwarding profile used to forward traffic logs to...

A network security administrator wants to enable Packet-Based Attack Protection in a Zone Protection profile. What are two valid ways to enable Packet-Based Attack Protection? (Choose two.)A . ICMP Drop B. TCP Drop C. TCP Port Scan Block D. SYN Random Early DropView AnswerAnswer: A,D