PCNSE exam

Which statement about High Availability timer settings is true?A . Use the Moderate timer for typical failover timer settings. B. Use the Critical timer for taster failover timer settings. C. Use the Recommended timer tor faster failover timer settings. D. Use the Aggressive timer for taster failover timer settingsView AnswerAnswer:...

The decision to upgrade to PAN-OS 10.2 has been approved. The engineer begins the process by upgrading the Panorama servers, but gets an error when trying to install. When performing an upgrade on Panorama to PAN-OS 10.2, what is the potential cause of a failed install?A . Management only mode...

An administrator wants to grant read-only access to all firewall settings, except administrator accounts, to a new-hire colleague in the IT department. Which dynamic role does the administrator assign to the new-hire colleague?A . Device administrator (read-only) B. System administrator (read-only) C. Firewall administrator (read-only) D. Superuser (read-only)View AnswerAnswer: A

Which GlobalProtect component must be configured to enable Clientless VPN?A . GlobalProtect satellite B. GlobalProtect app C. GlobalProtect portal D. GlobalProtect gatewayView AnswerAnswer: C Explanation: Creating the GlobalProtect portal is as simple as letting it know if you have accessed it already. A new gateway for accessing the GlobalProtect portal...

An organization wishes to roll out decryption but gets some resistance from engineering leadership regarding the guest network. What is a common obstacle for decrypting traffic from guest devices?A . Guest devices may not trust the CA certificate used for the forward untrust certificate. B. Guests may use operating systems...

What would allow a network security administrator to authenticate and identify a user with a new BYOD-type device that is not joined to the corporate domain'?A . a Security policy with 'known-user" selected in the Source User field B. an Authentication policy with 'unknown' selected in the Source User field...

You need to allow users to access the office-suite applications of their choice. How should you configure the firewall to allow access to any office-suite application?A . Create an Application Group and add Office 365, Evernote Google Docs and Libre Office B. Create an Application Group and add business-systems to...

A user at an external system with the IP address 65.124.57.5 queries the DNS server at 4. 2.2.2 for the IP address of the web server, www,xyz.com. The DNS server returns an address of 172.16.15.1 In order to reach Ire web server, which Security rule and NAT rule must be...

What are three reasons for excluding a site from SSL decryption? (Choose three.)A . the website is not present in English B. unsupported ciphers C. certificate pinning D. unsupported browser version E. mutual authenticationView AnswerAnswer: B,C,E Explanation: Reasons that sites break decryption technically include pinned certificates, client authentication, incomplete certificate...

A customer wants to set up a VLAN interface for a Layer 2 Ethernet port. Which two mandatory options are used to configure a VLAN interface? (Choose two.)A . Virtual router B. Security zone C. ARP entries D. Netflow ProfileView AnswerAnswer: A,B Explanation: Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/network/network-interfaces/pa-7000-series- layer-2-interface#idd2bcaacc-54b9-4ec9-a1dd-8064499f5b9d https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRqCAK VLAN interface is...