PCNSE exam

What can you use with Global Protect to assign user-specific client certificates to each GlobalProtect user?A . SSL/TLS Service profile B. Certificate profile C. SCEP D. OCSP ResponderView AnswerAnswer: C Explanation: If you have a Simple Certificate Enrollment Protocol (SCEP) server in your enterprise PKI, you can configure a SCEP...

A company with already deployed Palo Alto firewalls has purchased their first Panorama server. The security team has already configured all firewalls with the Panorama IP address and added all the firewall serial numbers in Panorama. What are the next steps to migrate configuration from the firewalls to Panorama?A ....

A customer wants to set up a VLAN interface for a Layer 2 Ethernet port. Which two mandatory options are used to configure a VLAN interface? (Choose two.)A . Virtual router B. Security zone C. ARP entries D. Netflow ProfileView AnswerAnswer: A,B Explanation: Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/network/network-interfaces/pa-7000-series- layer-2-interface#idd2bcaacc-54b9-4ec9-a1dd-8064499f5b9d https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRqCAK VLAN interface is...

A firewall administrator wants to avoid overflowing the company syslog server with traffic logs. What should the administrator do to prevent the forwarding of DNS traffic logs to syslog?A . Disable logging on security rules allowing DNS. B. Go to the Log Forwarding profile used to forward traffic logs to...

An engineer has been given approval to upgrade their environment 10 PAN-OS 10 2. The environment consists of both physical and virtual firewalls a virtual Panorama HA pair, and virtual log collectors What is the recommended order when upgrading to PAN-OS 10.2?A . Upgrade Panorama, upgrade the log collectors, upgrade...

Refer to the exhibit. An organization has Palo Alto Networks NGFWs that send logs to remote monitoring and security management platforms. The network team has reported excessive traffic on the corporate WAN. How could the Palo Alto Networks NGFW administrator reduce WAN traffic while maintaining support for all the existing...

An engineer reviews high availability (HA) settings to understand a recent HA failover event. Review the screenshot below. Which timer determines the frequency at which the HA peers exchange messages in the form of an ICMP (ping)A . Hello Interval B. Promotion Hold Time C. Heartbeat Interval D. Monitor Fail...

An engineer is pushing configuration from Panorama lo a managed firewall. What happens when the pushed Panorama configuration has Address Object names that duplicate the Address Objects already configured on the firewall?A . The firewall rejects the pushed configuration, and the commit fails. B. The firewall renames the duplicate local...

The administrator for a small company has recently enabled decryption on their Palo Alto Networks firewall using a self-signed root certificate. They have also created a Forward Trust and Forward Untrust certificate and set them as such The admin has not yet installed the root certificate onto client systems What...

An engineer wants to configure aggregate interfaces to increase bandwidth and redundancy between the firewall and switch. Which statement is correct about the configuration of the interfaces assigned to an aggregate interface group?A . They can have a different bandwidth. B. They can have a different interface type such as...