Winter Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Paloalto Networks PCNSE - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

Paloalto Networks PCNSE Premium Access     Download Demo    
Page: 9 / 12
Total 374 questions

Why are external zones required to be configured on a Palo Alto Networks NGFW in an environment with multiple virtual systems?

A.

To allow traffic between zones in different virtual systems without the traffic leaving the appliance

B.

To allow traffic between zones in different virtual systems while the traffic is leaving the appliance

C.

External zones are required because the same external zone can be used on different virtual systems

D.

Multiple external zones are required in each virtual system to allow the communications between virtual systems

Which function does the HA4 interface provide when implementing a firewall cluster which contains firewalls configured as active-passive pairs?

A.

Perform packet forwarding to the active-passive peer during session setup and asymmetric traffic flow.

B.

Perform synchronization of routes, IPSec security associations, and User-ID information.

C.

Perform session cache synchronization for all HA cluster members with the same cluster ID.

D.

Perform synchronization of sessions, forwarding tables, and IPSec security associations between firewalls in an HA pair.

A new firewall has the Threat Prevention subscription, but the Antivirus does not appear in Dynamic Updates.

What must occur to have Antivirus signatures update?

A.

An Antivirus license is needed first, then a Security profile for Antivirus needs to be created.

B.

An Antivirus license must be obtained before Dynamic Updates can be downloaded or installed.

C.

An Advanced Threat Prevention license is required to see the Dynamic Updates for Antivirus.

D.

Install the Application and Threats updates first, then refresh the Dynamic Updates.

Which CLI command displays the physical media that are connected to ethernet1/8?

A.

> show system state filter-pretty sys.si. p8. stats

B.

> show system state filter-pretty sys.sl.p8.phy

C.

> show system state filter-pretty sys.sl.p8.med

D.

> show interface ethernet1/8

An engineer reviews high availability (HA) settings to understand a recent HA failover event. Review the screenshot below.

Which timer determines the frequency at which the HA peers exchange messages in the form of an ICMP (ping)

A.

Hello Interval

B.

Promotion Hold Time

C.

Heartbeat Interval

D.

Monitor Fail Hold Up Time

An administrator is defining protection settings on the Palo Alto Networks NGFW to guard against resource exhaustion. When platform utilization is considered, which steps must the administrator take to configure and apply packet buffer protection?

A.

Enable and configure the Packet Buffer protection thresholds.Enable Packet Buffer Protection per ingress zone.

B.

Enable and then configure Packet Buffer thresholdsEnable Interface Buffer protection.

C.

Create and Apply Zone Protection Profiles in all ingress zones.Enable Packet Buffer Protection per ingress zone.

D.

Configure and apply Zone Protection Profiles for all egress zones.Enable Packet Buffer Protection pre egress zone.

E.

Enable per-vsys Session Threshold alerts and triggers for Packet Buffer Limits.Enable Zone Buffer Protection per zone.

What should an administrator consider when planning to revert Panorama to a pre-PAN-OS 10.1 version?

A.

Panorama cannot be reverted to an earlier PAN-OS release if variables are used in templates or template stacks.

B.

An administrator must use the Expedition tool to adapt the configuration to the pre-PAN-OS 10.1 state.

C.

When Panorama is reverted to an earlier PAN-OS release, variables used in templates or template stacks will be removed automatically.

D.

Administrators need to manually update variable characters to those used in pre-PAN-OS 8.1.

A new application server 192.168.197.40 has been deployed in the DMZ. There are no public IP addresses available resulting in the server sharing MAT IP 198 51 100 B8 with another OMZ serve that uses IP address 192 168 19? 60 Firewall security and NAT rules have been configured The application team has confirmed mat the new server is able to establish a secure connection to an external database with IP address 203.0.113.40. The database team reports that they are unable to establish a secure connection to 196 51 100 88 from 203.0.113.40 However it confirm a successful prig test to 198 51 100 88 Referring to the MAT configuration and traffic logs provided how can the firewall engineer resolve the situation and ensure inbound and outbound connections work concurrently for both DMZ servers?

A.

Replace the two NAT rules with a single rule that has both DMZ servers as "Source Address." both external servers as "Destination Address." and Source Translation remaining as is with bidirectional option enabled

B.

Sharing a single NAT IP is possible for outbound connectivity not for inbound, therefore, a new public IP address must be obtained for the new DMZ server and used in the NAT rule 6 DMZ server 2.

C.

Configure separate source NAT and destination NAT rules for the two DMZ servers without using the bidirectional option.

D.

Move the NAT rule 6 DMZ server 2 above NAT rule 5 DMZ server 1.

Which two components are required to configure certificate-based authentication to the web UI when firewall access is needed on a trusted interface? (Choose two.)

A.

Server certificate

B.

Certificate Profile

C.

CA certificate

D.

SSL/TLS Service Profile

Which feature of Panorama allows an administrator to create a single network configuration that can be reused repeatedly for large-scale deployments even if values of configured objects, such as routes and interface addresses, change?

A.

the 'Shared' device group

B.

template stacks

C.

a device group

D.

template variables