PCNSE exam

An engineer troubleshooting a VPN issue needs to manually initiate a VPN tunnel from the CLI. Which CLI command can the engineer use?A . test vpn flow B. test vpn Ike―sa C. test vpn tunnel D. test vpn gatewayView AnswerAnswer: D Explanation: The engineer can use the test vpn gateway...

Which DoS Protection Profile detects and prevents session exhaustion attacks against specific destinations?A . Resource Protection B. TCP Port Scan Protection C. Packet Based Attack Protection D. Packet Buffer ProtectionView AnswerAnswer: A Explanation: According to the documentation, resource protection detects and prevents session exhaustion attacks against specific destinations. This type...

Which time determines how long the passive firewall will wait before taking over as the active firewall alter losing communications with the HA peer? A . Heartbeat Interval B. Additional Master Hold Up Time C. Promotion Hold Time D. Monitor Fall Hold Up TimeView AnswerAnswer: C Explanation: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/high-availability/ha-concepts/ha-timers

The following objects and policies are defined in a device group hierarchy A. Address Objects -Shared Address1 -Shared Address2 -Branch Address1 Policies -Shared Policy1 -Branch Policy1 B. Address Objects -Shared Address1 -Shared Address2 -Branch Address1 -DC Address1 Policies -Shared Policy1 -Shared Policy2 -Branch Policy1 C. Address Objects -Shared Address 1...

Which profile generates a packet threat type found in threat logs?A . Zone Protection B. WildFire C. Anti-Spyware D. AntivirusView AnswerAnswer: A Explanation: "Threat/Content Type (subtype) Subtype of threat log." "packet―Packet-based attack protection triggered by a Zone Protection profile." https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/threat-log-fields https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/threat-log-fields packet―Packet-based attack protection triggered by a Zone Protection profile.

Refer to the image. An administrator is tasked with correcting an NTP service configuration for firewalls that cannot use the Global template NTP servers. The administrator needs to change the IP address to a preferable server for this template stack but cannot impact other template stacks. How can the issue...

A company wants to install a PA-3060 firewall between two core switches on a VLAN trunk link. They need to assign each VLAN to its own zone and to assign untagged (native) traffic to its own zone which options differentiates multiple VLAN into separate zones? A. Create V-Wire objects with...

A company is looking to increase redundancy in their network. Which interface type could help accomplish this?A . Layer 2 B. Virtual wire C. Tap D. Aggregate ethernetView AnswerAnswer: D Explanation: An aggregate group increases the bandwidth between peers by load balancing traffic across the combined interfaces. It also provides...

What is the best description of the HA4 Keep-Alive Threshold (ms)?A . the maximum interval between hello packets that are sent to verify that the HA functionality on the other firewall is operational. B. The time that a passive or active-secondary firewall will wait before taking over as the active...

You have upgraded Panorama to 10.2 and need to upgrade six Log Collectors. When upgrading Log Collectors to 10.2, you must do what?A . Upgrade the Log Collectors one at a time. B. Add Panorama Administrators to each Managed Collector. C. Add a Global Authentication Profile to each Managed Collector....