PCNSE exam

A network security administrator wants to enable Packet-Based Attack Protection in a Zone Protection profile. What are two valid ways to enable Packet-Based Attack Protection? (Choose two.)A . ICMP Drop B. TCP Drop C. TCP Port Scan Block D. SYN Random Early DropView AnswerAnswer: B,D Explanation: Packet-Based Attack Protection is...

An administrator can not see any Traffic logs from the Palo Alto Networks NGFW in Panorama reports. The configuration problem seems to be on the firewall. Which settings, if configured incorrectly, most likely would stop only Traffic logs from being sent from the NGFW to Panorama? A) B) C) D)...

An engineer is in the planning stages of deploying User-ID in a diverse directory services environment. Which server OS platforms can be used for server monitoring with User-ID?A . Microsoft Terminal Server, Red Hat Linux, and Microsoft Active Directory B. Microsoft Active Directory, Red Hat Linux, and Microsoft Exchange C....

An administrator notices that an interface configuration has been overridden locally on a firewall. They require all configuration to be managed from Panorama and overrides are not allowed. What is one way the administrator can meet this requirement?A . Perform a commit force from the CLI of the firewall. B....

An administrator is configuring SSL decryption and needs 10 ensure that all certificates for both SSL Inbound inspection and SSL Forward Proxy are installed properly on the firewall. When certificates are being imported to the firewall for these purposes, which three certificates require a private key? (Choose three.)A . Forward...

An administrator creates an application-based security policy rule and commits the change to the firewall. Which two methods should be used to identify the dependent applications for the respective rule? (Choose two.)A . Use the show predefined xpath <value> command and review the output. B. Review the App Dependency application...

Which GlobalProtect gateway selling is required to enable split-tunneling by access route, destination domain, and application?A . No Direct Access to local networks B. Tunnel mode C. iPSec mode D. Satellite modeView AnswerAnswer: B Explanation: To enable split-tunneling by access route, destination domain, and application, you need to configure a...

Where can an administrator see both the management-plane and data-plane CPU utilization in the WebUI?A . System Resources widget B. System Logs widget C. Session Browser D. General Information widgetView AnswerAnswer: A Explanation: The System Resources widget of the Exadata WebUI, displays a real-time overview of the various resources like...

An engineer is tasked with configuring SSL forward proxy for traffic going to external sites. Which of the following statements is consistent with SSL decryption best practices? A. The forward trust certificate should not be stored on an HSM. B. The forward untrust certificate should be signed by a certificate...

An administrator accidentally closed the commit window/screen before the commit was finished. Which two options could the administrator use to verify the progress or success of that commit task? (Choose two.) A. System Logs B. Task Manager C. Traffic Logs D. Configuration LogsView AnswerAnswer: A,B Explanation: A. System Logs: The...