PCNSE exam

Which statement accurately describes service routes and virtual systems?A . Virtual systems that do not have specific service routes configured inherit the global service and service route settings for the firewall. B. Virtual systems can only use one interface for all global service and service routes of the firewall. C....

An administrator has a PA-820 firewall with an active Threat Prevention subscription The administrator is considering adding a WildFire subscription. How does adding the WildFire subscription improve the security posture of the organization1?A . Protection against unknown malware can be provided in near real-time B. WildFire and Threat Prevention combine...

View the screenshots. A QoS profile and policy rules are configured as shown. Based on this information, which two statements are correct? (Choose two.)A . DNS has a higher priority and more bandwidth than SSH. B. Google-video has a higher priority and more bandwidth than WebEx. C. SMTP has a...

During the implementation of SSL Forward Proxy decryption, an administrator imports the company's Enterprise Root CA and Intermediate CA certificates onto the firewall. The company's Root and Intermediate CA certificates are also distributed to trusted devices using Group Policy and GlobalProtect. Additional device certificates and/or Subordinate certificates requiring an Enterprise...

An engineer is configuring Packet Buffer Protection on ingress zones to protect from single-session DoS attacks Which sessions does Packet Buffer Protection apply to?A . It applies to existing sessions and is not global B. It applies to new sessions and is global C. It applies to new sessions and...

Which function is handled by the management plane (control plane) of a Palo Alto Networks firewall?A . signature matching for content inspection B. IPSec tunnel standup C. Quality of Service D. loggingView AnswerAnswer: D

An engineer is creating a template and wants to use variables to standardize the configuration across a large number of devices Which Mo variable types can be defined? (Choose two.)A . Path group B. Zone C. IP netmask D. FQDNView AnswerAnswer: C,D

What would allow a network security administrator to authenticate and identify a user with a new BYOD-type device that is not joined to the corporate domain'?A . a Security policy with 'known-user" selected in the Source User field B. an Authentication policy with 'unknown' selected in the Source User field...

What is considered the best practice with regards to zone protection?A . Review DoS threat activity (ACC > Block Activity) and look for patterns of abuse B. Use separate log-forwarding profiles to forward DoS and zone threshold event logs separately from other threat logs C. If the levels of zone...

Which two actions would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL Forward Proxy? (Choose two.)A . Create a no-decrypt Decryption Policy rule. B. Configure an EDL to pull IP addresses of known sites resolved from a CRL. C. Create a Dynamic...