Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Paloalto Networks PCNSE - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

Paloalto Networks PCNSE Premium Access     Download Demo    
Page: 2 / 12
Total 346 questions

A firewall administrator is changing a packet capture filter to troubleshoot a specific traffic flow. Upon opening the newly created packet capture, the administrator still sees traffic for the previous filter.

What can the administrator do to limit the captured traffic to the newly configured filter?

A.

In the GUI under Monitor > Packet Capture > Manage Filters, under Ingress Interface, select an interface.

B.

Command line: > debug dataplane packet-diag clear filter all

C.

In the GUI under Monitor > Packet Capture > Manage Filters, under the Non-IP field, select "exclude."

D.

Command line: > debug dataplane packet-diag clear filter-marked-session all

An administrator has configured a pair of firewalls using high availability in Active/Passive mode. Link and Path Monitoring is enabled with the Failure Condition set to "any." There is one link group configured containing member interfaces ethernet1/1 and ethernet1/2 with a Group Failure Condition set to "all."

Which HA state will the Active firewall go into if ethernet1/1 link goes down due to a failure?'

A.

Active-Secondary

B.

Non-functional

C.

Passive

D.

Active

What can the Log Forwarding built-in action with tagging be used to accomplish?

A.

Block the source zones of selected unwanted traffic.

B.

Block the destination IP addresses of selected unwanted traffic.

C.

Forward selected logs to the Azure Security Center.

D.

Block the destination zones of selected unwanted traffic.

Based on the images below, and with no configuration inside the Template Stack itself, what access will the device permit on its management port?

A.

The firewall will allow HTTP, Telnet, SNMP, HTTPS, SSH, and Ping from IP addresses defined as $permitted-subnet.1 and $permitted-subnet-2.

B.

The firewall will allow HTTP, Telnet, HTTPS, SSH, and Ping from IP addresses defined as $permitted-subnet-2.

C.

The firewall will allow HTTP, Telnet, HTTPS, SSH, and Ping from IP addresses defined as $permitted-subnet-1 and $permitted-subnet-2.

D.

The firewall will allow HTTP, Telnet, HTTPS, SSH, and Ping from IP addresses defined as $permitted-subnet-1.

A root cause analysis investigation into a recent security incident reveals that several decryption rules have been disabled. The security team wants to generate email alerts when decryption rules are changed.

How should email log forwarding be configured to achieve this goal?

A.

With the relevant configuration log filter inside Device > Log Settings

B.

With the relevant system log filter inside Objects > Log Forwarding

C.

With the relevant system log filter inside Device > Log Settings

D.

With the relevant configuration log filter inside Objects > Log Forwarding

Which log type would provide information about traffic blocked by a Zone Protection profile?

A.

Data Filtering

B.

IP-Tag

C.

Traffic

D.

Threat

After implementing a new NGFW, a firewall engineer sees a VoIP traffic issue going through the firewall After troubleshooting the engineer finds that the firewall performs NAT on the voice packets payload and opens dynamic pinholes for media ports

What can the engineer do to solve the VoIP traffic issue?

A.

Disable ALG under H.323 application

B.

Increase the TCP timeout under H.323 application

C.

Increase the TCP timeout under SIP application

D.

Disable ALG under SIP application

An administrator connects a new fiber cable and transceiver Ethernet1/1 on a Palo Alto Networks firewall. However, the link does not come up. How can the administrator troubleshoot to confirm the transceiver type, tx-power, rxpower, vendor name, and part number by using the CLI?

A.

show chassis status slot s1

B.

show s/stem state filter ethernet1/1

C.

show s/stem state filter sw.dev interface config

D.

show s/stem state filter-pretty sys.sl*

What are three prerequisites for credential phishing prevention to function? (Choose three.)

A.

In the URL filtering profile, use the drop-down list to enable user credential detection.

B.

Enable Device-ID in the zone.

C.

Select the action for Site Access for each category.

D.

Add the URL filtering profile to one or more Security policy rules.

E.

Set phishing category to block in the URL Filtering profile.

Information Security is enforcing group-based policies by using security-event monitoring on Windows User-ID agents for IP-to-User mapping in the network. During the rollout, Information Security identified a gap for users authenticating to their VPN and wireless networks.

Root cause analysis showed that users were authenticating via RADIUS and that authentication events were not captured on the domain controllers that were being monitored Information Security found that authentication events existed on the Identity Management solution (IDM). There did not appear to be direct integration between PAN-OS and the IDM solution

How can Information Security extract and learn iP-to-user mapping information from authentication events for VPN and wireless users?

A.

Add domain controllers that might be missing to perform security-event monitoring for VPN and wireless users.

B.

Configure the integrated User-ID agent on PAN-OS to accept Syslog messages over TLS.

C.

Configure the User-ID XML API on PAN-OS firewalls to pull the authentication events directly from the IDM solution

D.

Configure the Windows User-ID agents to monitor the VPN concentrators and wireless controllers for IP-to-User mapping.