PCNSE exam

An administrator is using Panorama to manage multiple firewalls. After upgrading all devices to the latest PAN-OS software, the administrator enables log forwarding from the firewalls to Panorama. However, pre-existing logs from the firewalls are not appearing in Panorama. Which action should be taken to enable the firewalls to send...

A network security administrator wants to inspect HTTPS traffic from users as it egresses through a firewall to the Internet/Untrust zone from trusted network zones. The security admin wishes to ensure that if users are presented with invalid or untrusted security certificates, the user will see an untrusted certificate warning....

A network administrator configured a site-to-site VPN tunnel where the peer device will act as initiator None of the peer addresses are known What can the administrator configure to establish the VPN connection?A . Set up certificate authentication.B . Use the Dynamic IP address type.C . Enable Passive ModeD ....

An engineer is monitoring an active/active high availability (HA) firewall pair. Which HA firewall state describes the firewall that is experiencing a failure of a monitored path?A . InitialB . TentativeC . PassiveD . Active-secondaryView AnswerAnswer: B Explanation: In an active/active high availability (HA) firewall pair, when a firewall experiences...

A network security administrator has an environment with multiple forms of authentication. There is a network access control system in place that authenticates and restricts access for wireless users, multiple Windows domain controllers, and an MDM solution for company-provided smartphones. All of these devices have their authentication events logged. Given...

A company has configured a URL Filtering profile with override action on their firewall. Which two profiles are needed to complete the configuration? (Choose two)A . SSL/TLS ServiceB . HTTP ServerC . DecryptionD . Interface ManagementView AnswerAnswer: A, D Explanation: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRdCAK https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/url-filtering/configure-url-filtering https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/url-filtering/allow-password-access-to-certain-sites#id7e63ce07-8b30-4506-a1e3-5800303954e8

Refer to the exhibit. Which will be the egress interface if the traffic's ingress interface is ethernet1/7 sourcing from 192.168.111.3 and to the destination 10.46.41.113?A . ethernet1/6B . ethernet1/3C . ethernet1/7D . ethernet1/5View AnswerAnswer: D Explanation: In the second image, VW ports mentioned are 1/5 and 1/7. Hence it can...

An engineer creates a set of rules in a Device Group (Panorama) to permit traffic to various services for a specific LDAP user group. What needs to be configured to ensure Panorama can retrieve user and group information for use in these rules?A . A service route to the LDAP...

An engineer configures a specific service route in an environment with multiple virtual systems instead of using the inherited global service route configuration. What type of service route can be used for this configuration?A . IPv6 Source or Destination AddressB . Destination-Based Service RouteC . IPv4 Source InterfaceD . Inherit...

An administrator is attempting to create policies tor deployment of a device group and template stack. When creating the policies, the zone drop down list does not include the required zone. What must the administrator do to correct this issue?A . Specify the target device as the master device in...