PCNSE exam

An existing NGFW customer requires direct interne! access offload locally at each site and iPSec connectivity to all branches over public internet. One requirement is mat no new SD-WAN hardware be introduced to the environment. What is the best solution for the customer?A . Configure a remote network on PAN-OS...

What best describes the HA Promotion Hold Time?A . the time that is recommended to avoid an HA failover due to the occasional flapping of neighboring devices B. the time that is recommended to avoid a failover when both firewalls experience the same link/path monitor failure simultaneously C. the time...

Which statement regarding HA timer settings is true?A . Use the Recommended profile for typical failover timer settings B. Use the Moderate profile for typical failover timer settings C. Use the Aggressive profile for slower failover timer settings. D. Use the Critical profile for faster failover timer settings.View AnswerAnswer: A

the firewall's device group as post-rules How will the rule order populate once pushed to the firewall?A . shared device group policies, firewall device group policies. local policies. B. firewall device group policies, local policies. shared device group policies C. shared device group policies. local policies, firewall device group policies...

A firewall administrator has been tasked with ensuring that all Panorama-managed firewalls forward traffic logs to Panorama. In which section is this configured?A . Panorama > Managed Devices B. Monitor > Logs > Traffic C. Device Groups > Objects > Log Forwarding D. Templates > Device > Log SettingsView AnswerAnswer:...

An engineer wants to configure aggregate interfaces to increase bandwidth and redundancy between the firewall and switch. Which statement is correct about the configuration of the interfaces assigned to an aggregate interface group?A . They can have a different bandwidth. B. They can have a different interface type such as...

An administrator creates a custom application containing Layer 7 signatures. The latest application and threat dynamic update is downloaded to the same firewall. The update contains an application that matches the same traffic signatures as the custom application. Which application will be used to identify traffic traversing the firewall?A ....

PBF can address which two scenarios? (Select Two)A . forwarding all traffic by using source port 78249 to a specific egress interface B. providing application connectivity the primary circuit fails C. enabling the firewall to bypass Layer 7 inspection D. routing FTP to a backup ISP link to save bandwidth...

A network engineer has discovered that asymmetric routing is causing a Palo Alto Networks firewall to drop traffic. The network architecture cannot be changed to correct this. Which two actions can be taken on the firewall to allow the dropped traffic permanently? (Choose two.)A . Navigate to Network > Zone...

An administrator has 750 firewalls. The administrator's central-management Panorama instance deploys dynamic updates to the firewalls. The administrator notices that the dynamic updates from Panorama do not appear on some of the firewalls. If Panorama pushes the configuration of a dynamic update schedule to managed firewalls, but the configuration does...