Tag - PCNSE exam

Which value in the Application column indicates UDP traffic that did not match an App-ID signature?A . not-applicableB . incompleteC . unknown-ipD . unknown-udpView AnswerAnswer: D Explanation: To safely enable applications you must classify all traffic, across all ports, all the time. With App-ID, the only applications that are typically...

An administrator is considering upgrading the Palo Alto Networks NGFW and central management Panorama version What is considered best practice for this scenario?A . Perform the Panorama and firewall upgrades simultaneouslyB . Upgrade the firewall first wait at least 24 hours and then upgrade the Panorama versionC . Upgrade Panorama...

Which action disables Zero Touch Provisioning (ZTP) functionality on a ZTP firewall during the onboarding process?A . performing a local firewall commitB . removing the firewall as a managed device in PanoramaC . performing a factory reset of the firewallD . removing the Panorama serial number from the ZTP serviceView...

An administrator plans to deploy 15 firewalls to act as GlobalProtect gateways around the world Panorama will manage the firewalls. The firewalls will provide access to mobile users and act as edge locations to on-premises infrastructure. The administrator wants to scale the configuration out quickly and wants all of the...

What are three reasons for excluding a site from SSL decryption? (Choose three.)A . the website is not present in EnglishB . unsupported ciphersC . certificate pinningD . unsupported browser versionE . mutual authenticationView AnswerAnswer: B,C,E Explanation: Reasons that sites break decryption technically include pinned certificates, client authentication, incomplete certificate...

When you import the configuration of an HA pair into Panorama, how do you prevent the import from affecting ongoing traffic?A . Disable HAB . Disable the HA2 linkC . Disable config syncD . Set the passive link state to 'shutdown.-View AnswerAnswer: C Explanation: Updated reference: https://docs.paloaltonetworks.com/panorama/10-1/panorama-admin/manage-firewalls/transition-a-firewall-to-panorama-management/migrate-a-firewall-ha-pair-to-panorama-management.html Step 2 is...

A company needs to preconfigure firewalls to be sent to remote sites with the least amount of preconfiguration Once deployed each firewall must establish secure tunnels back to multiple regional data centers to include the future regional data centers Which VPN preconfigured configuration would adapt to changes when deployed to...

An administrator is attempting to create policies tor deployment of a device group and template stack When creating the policies, the zone drop down list does not include the required zone. What must the administrator do to correct this issue?A . Specify the target device as the master device in...

An engineer is planning an SSL decryption implementation Which of the following statements is a best practice for SSL decryption?A . Obtain an enterprise CA-signed certificate for the Forward Trust certificateB . Obtain a certificate from a publicly trusted root CA for the Forward Trust certificateC . Use an enterprise...

A remote administrator needs firewall access on an untrusted interface. Which two components are required on the firewall to configure certificate-based administrator authentication to the web Ul? (Choose two)A . client certificateB . certificate profileC . certificate authority (CA) certificateD . server certificateView AnswerAnswer: A,B Explanation: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/firewall-administration/manage-firewall-administrators/configure-administrative-accounts-and-authentication/configure-certificate-based-administrator-authentication-to-the-web-interface.html