PCNSE exam

Which log type will help the engineer verify whether packet buffer protection was activated?A . Data Filtering B. Configuration C. Threat D. TrafficView AnswerAnswer: C Explanation: The log type that will help the engineer verify whether packet buffer protection was activated is Threat Logs. Threat Logs are logs generated by...

An existing NGFW customer requires direct interne! access offload locally at each site and iPSec connectivity to all branches over public internet. One requirement is mat no new SD-WAN hardware be introduced to the environment. What is the best solution for the customer?A . Configure a remote network on PAN-OS...

An administrator is building Security rules within a device group to block traffic to and from malicious locations How should those rules be configured to ensure that they are evaluated with a high priority?A . Create the appropriate rules with a Block action and apply them at the top of...

What are three reasons for excluding a site from SSL decryption? (Choose three.)A . the website is not present in English B. unsupported ciphers C. certificate pinning D. unsupported browser version E. mutual authenticationView AnswerAnswer: B,C,E Explanation: Reasons that sites break decryption technically include pinned certificates, client authentication, incomplete certificate...

An engineer needs to configure SSL Forward Proxy to decrypt traffic on a PA-5260. The engineer uses a forward trust certificate from the enterprise PKI that expires December 31, 2025. The validity date on the PA-generated certificate is taken from what?A . The trusted certificate B. The server certificate C....

the firewall's device group as post-rules How will the rule order populate once pushed to the firewall?A . shared device group policies, firewall device group policies. local policies. B. firewall device group policies, local policies. shared device group policies C. shared device group policies. local policies, firewall device group policies...

What is a correct statement regarding administrative authentication using external services with a local authorization method?A . Prior to PAN-OS 10.2. an administrator used the firewall to manage role assignments, but access domains have not been supported by this method. B. Starting with PAN-OS 10.2. an administrator needs to configure...

While analyzing the Traffic log, you see that some entries show "unknown-tcp" in the Application column What best explains these occurrences?A . A handshake took place, but no data packets were sent prior to the timeout. B. A handshake took place; however, there were not enough packets to identify the...

A network security administrator has an environment with multiple forms of authentication. There is a network access control system in place that authenticates and restricts access for wireless users, multiple Windows domain controllers, and an MDM solution for company-provided smartphones. All of these devices have their authentication events logged. Given...

An administrator is using Panorama to manage me and suspects an IKE Crypto mismatch between peers, from the firewalls to Panorama. However, pre-existing logs from the firewalls are not appearing in Panorama. Which action should be taken to enable the firewalls to send their pre-existing logs to Panorama?A . Export...