PCNSE exam

An administrator receives the following error message: "IKE phase-2 negotiation failed when processing Proxy ID. Received local id 192.168 33 33/24 type IPv4 address protocol 0 port 0, received remote id 172.16 33.33/24 type IPv4 address protocol 0 port 0." How should the administrator identify the root cause of this...

A company has configured GlobalProtect to allow their users to work from home. A decrease in performance for remote workers has been reported during peak-use hours. Which two steps are likely to mitigate the issue? (Choose TWO)A . Exclude video trafficB . Enable decryptionC . Block traffic that is not...

Given the following snippet of a WildFire submission log did the end-user get access to the requested information and why or why not? A . Yes, because the action is set to alertB . No, because this is an example from a defeated phishing attackC . No, because the severity...

Which GlobalProtect gateway selling is required to enable split-tunneling by access route, destination domain, and application?A . No Direct Access to local networksB . Tunnel modeC . iPSec modeD . Satellite modeView AnswerAnswer: B Explanation: https://docs.paloaltonetworks.com/globalprotect/9-1/globalprotect-admin/globalprotect-gateways/split-tunnel-traffic-on-globalprotect-gateways/configure-a-split-tunnel-based-on-the-domain-and-application

An engineer is configuring a template in Panorama which will contain settings that need to be applied to all firewalls in production. Which three parts of a template an engineer can configure? (Choose three.)A . NTP Server AddressB . Antivirus ProfileC . Authentication ProfileD . Service Route ConfigurationE . Dynamic...

An administrator is using Panorama to manage multiple firewalls. After upgrading all devices to the latest PAN-OS software, the administrator enables log forwarding from the firewalls to Panorama. However, pre-existing logs from the firewalls are not appearing in Panorama. Which action should be taken to enable the firewalls to send...

A network security administrator wants to inspect HTTPS traffic from users as it egresses through a firewall to the Internet/Untrust zone from trusted network zones. The security admin wishes to ensure that if users are presented with invalid or untrusted security certificates, the user will see an untrusted certificate warning....

A network administrator configured a site-to-site VPN tunnel where the peer device will act as initiator None of the peer addresses are known What can the administrator configure to establish the VPN connection?A . Set up certificate authentication.B . Use the Dynamic IP address type.C . Enable Passive ModeD ....

An engineer is monitoring an active/active high availability (HA) firewall pair. Which HA firewall state describes the firewall that is experiencing a failure of a monitored path?A . InitialB . TentativeC . PassiveD . Active-secondaryView AnswerAnswer: B Explanation: In an active/active high availability (HA) firewall pair, when a firewall experiences...

A network security administrator has an environment with multiple forms of authentication. There is a network access control system in place that authenticates and restricts access for wireless users, multiple Windows domain controllers, and an MDM solution for company-provided smartphones. All of these devices have their authentication events logged. Given...