PCNSE exam

What happens, by default, when the GlobalProtect app fails to establish an IPSec tunnel to the GlobalProtect gateway?A . It stops the tunnel-establishment processing to the GlobalProtect gateway immediately. B. It tries to establish a tunnel to the GlobalProtect gateway using SSL/TLS. C. It keeps trying to establish an IPSec...

Which source is the most reliable for collecting User-ID user mapping?A . GlobalProtect B. Microsoft Active Directory C. Microsoft Exchange D. Syslog ListenerView AnswerAnswer: A Explanation: User-ID is a feature that enables you to identify and control users on your network based on their usernames instead of their IP addresses1....

Information Security is enforcing group-based policies by using security-event monitoring on Windows User-ID agents for IP-to-User mapping in the network. During the rollout, Information Security identified a gap for users authenticating to their VPN and wireless networks. Root cause analysis showed that users were authenticating via RADIUS and that authentication...

An ISP manages a Palo Alto Networks firewall with multiple virtual systems for its tenants. Where on this firewall can the ISP configure unique service routes for different tenants?A . Setup > Services > Virtual Systems > Set Location > Service Route Configuration > Inherit Global Service Route Configuration B....

Where is information about packet buffer protection logged?A . Alert entries are in the Alarms log. Entries for dropped traffic, discarded sessions, and blocked IP address are in the Threat log B. All entries are in the System log C. Alert entries are in the System log. Entries for dropped...

A company is using wireless controllers to authenticate users. Which source should be used for User-ID mappings?A . Syslog B. XFF headers C. server monitoring D. client probingView AnswerAnswer: A Explanation: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/user-id/user-id-overview

An engineer receives reports from users that applications are not working and that websites are only partially loading in an asymmetric environment. After investigating, the engineer observes the flow_tcp_non_syn_drop counter increasing in the show counters global output. Which troubleshooting command should the engineer use to work around this issue?A ....

In a Panorama template which three types of objects are configurable? (Choose three)A . certificate profiles B. HIP objects C. QoS profiles D. security profiles E. interface management profilesView AnswerAnswer: A,C,E Explanation: https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/manage-firewalls/use-case-configure-firewalls-using-panorama/set-up-your-centralized-configuration-and-policies/use-templates-to-administer-a-base-configuration

A customer is replacing their legacy remote access VPN solution The current solution is in place to secure only internet egress for the connected clients Prisma Access has been selected to replace the current remote access VPN solution During onboarding the following options and licenses were selected and enabled -...

Which CLI command displays the physical media that are connected to ethernet1/8?A . > show system state filter-pretty sys.si.p8.stats B. > show system state filter-pretty sys.sl.p8.phy C. > show interface ethernet1/8 D. > show system state filter-pretty sys.sl.p8.medView AnswerAnswer: B Explanation: Example output: > show system state filter-pretty sys.s1.p1.phy sys.s1.p1.phy:...