PCNSE exam

Which type of policy in Palo Alto Networks firewalls can use Device-ID as a match condition?A . NATB . DOS protectionC . QoSD . Tunnel inspectionView AnswerAnswer: C Explanation: The type of policy in Palo Alto Networks firewalls that can use Device-ID as a match condition is QoS. This is...

Which three external authentication services can the firewall use to authenticate admins into the Palo Alto Networks NGFW without creating administrator account on the firewall? (Choose three.)A . RADIUSB . TACACS+C . KerberosD . LDAPE . SAMLView AnswerAnswer: ABE Explanation: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/firewall-administration/manage-firewall-administrators/administrative-authentication#:~:text=The%20administrative%20accounts%20are%20defined,attributes%20on%20the%20SAML%20server.

An administrator notices that an interface configuration has been overridden locally on a firewall. They require all configuration to be managed from Panorama and overrides are not allowed. What is one way the administrator can meet this requirement?A . Perform a commit force from the CLI of the firewall.B ....

Based on the graphic which statement accurately describes the output shown in the Server Monitoring panel? A . The User-ID agent is connected to a domain controller labeled lab-clientB . The host lab-client has been found by a domain controllerC . The host lab-client has been found by the User-ID...

An administrator needs to identify which NAT policy is being used for internet traffic. From the Monitor tab of the firewall GUI, how can the administrator identify which NAT policy is in use for a traffic flow?A . Click Session Browser and review the session details.B . Click Traffic view...

An administrator has two pairs of firewalls within the same subnet. Both pairs of firewalls have been configured to use High Availability mode with Active/Passive. The ARP tables for upstream routes display the same MAC address being shared for some of these firewalls. What can be configured on one pair...

An administrator has been tasked with configuring decryption policies. Which decryption best practice should they consider?A . Consider the local, legal, and regulatory implications and how they affect which traffic can be decrypted.B . Decrypt all traffic that traverses the firewall so that it can be scanned for threats.C ....

An engineer reviews high availability (HA) settings to understand a recent HA failover event. Review the screenshot below. Which timer determines the frequency at which the HA peers exchange messages in the form of an ICMP (ping)A . Hello IntervalB . Promotion Hold TimeC . Heartbeat IntervalD . Monitor Fail...

Which two statements correctly describe Session 380280? (Choose two.) A . The session went through SSL decryption processing.B . The session has ended with the end-reason unknown.C . The application has been identified as web-browsing.D . The session did not go through SSL decryption processing.View AnswerAnswer: A, C

A network administrator wants to deploy SSL Forward Proxy decryption. What two attributes should a forward trust certificate have? (Choose two.)A . A subject alternative nameB . A private keyC . A server certificateD . A certificate authority (CA) certificateView AnswerAnswer: B, D Explanation: The two attributes that a forward...