PCNSE exam

An engineer wants to implement the Palo Alto Networks firewall in VWire mode on the internet gateway and wants to be sure of the functions that are supported on the vwire interface What are three supported functions on the VWire interface? (Choose three)A . NAT B. QoS C. IPSec D....

A network security administrator wants to begin inspecting bulk user HTTPS traffic flows egressing out of the internet edge firewall. Which certificate is the best choice to configure as an SSL Forward Trust certificate?A . A self-signed Certificate Authority certificate generated by the firewall B. A Machine Certificate for the...

During the process of developing a decryption strategy and evaluating which websites are required for corporate users to access, several sites have been identified that cannot be decrypted due to technical reasons. In this case, the technical reason is unsupported ciphers. Traffic to these sites will therefore be blocked if...

Which log type would provide information about traffic blocked by a Zone Protection profile?A . Data Filtering B. IP-Tag C. Traffic D. ThreatView AnswerAnswer: D Explanation: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clm9CAC Zone Protection profile is a set of security policies that you can apply to an interface or zone to protect it from reconnaissance,...

An administrator Just enabled HA Heartbeat Backup on two devices However, the status on tie firewall's dashboard is showing as down High Availability. What could an administrator do to troubleshoot the issue?A . Goto Device > High Availability> General > HA Pair Settings > Setup and configuring the peer IP...

Which three items are import considerations during SD-WAN configuration planning? (Choose three.)A . link requirements B. the name of the ISP C. IP Addresses D. branch and hub locationsView AnswerAnswer: A,C,D Explanation: https://docs.paloaltonetworks.com/sd-wan/1-0/sd-wan-admin/sd-wan-overview/plan-sd-wan-configuration

A network administrator is trying to prevent domain username and password submissions to phishing sites on some allowed URL categories Which set of steps does the administrator need to take in the URL Filtering profile to prevent credential phishing on the firewall?A . Choose the URL categories on Site Access...

What steps should a user take to increase the NAT oversubscription rate from the default platform setting?A . Navigate to Device > Setup > TCP Settings > NAT Oversubscription Rate B. Navigate to Policies > NAT > Destination Address Translation > Dynamic IP (with session distribution) C. Navigate to Policies...

When you navigate to Network: > GlobalProtect > Portals > Method section, which three options are available? (Choose three)A . user-logon (always on) B. pre-logon then on-demand C. on-demand (manual user initiated connection) D. post-logon (always on) E. certificate-logonView AnswerAnswer: A,B,C Explanation: The Method section of the GlobalProtect portal configuration...

A customer wants to set up a VLAN interface for a Layer 2 Ethernet port. Which two mandatory options are used to configure a VLAN interface? (Choose two.)A . Virtual router B. Security zone C. ARP entries D. Netflow ProfileView AnswerAnswer: A,B Explanation: Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/network/network-interfaces/pa-7000-series- layer-2-interface#idd2bcaacc-54b9-4ec9-a1dd-8064499f5b9d https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRqCAK VLAN interface is...