Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Paloalto Networks PCNSE - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

Paloalto Networks PCNSE Premium Access     Download Demo    
Page: 9 / 12
Total 346 questions

A firewall engineer is investigating high dataplane CPU utilization. To decrease the load on this CPU, what should be reduced?

A.

The amount of decrypted traffic

B.

The timeout value for admin sessions

C.

The number of mapped User-ID groups

D.

The number of permitted IP addresses on the management interface

When backing up and saving configuration files, what is achieved using only the firewall and is not available in Panorama?

A.

Export device state

B.

Load configuration version

C.

Load named configuration snapshot

D.

Save candidate config

Forwarding of which two log types is configured in Objects -> Log Forwarding? (Choose two)

A.

GlobalProtect

B.

Authentication

C.

User-ID

D.

WildFire

An administrator wants to use LDAP, TACACS+, and Kerberos as external authentication services for authenticating users. What should the administrator be aware of regarding the authentication sequence, based on the Authentication profile in the order Kerberos LDAP, and TACACS+?

A.

The firewall evaluates the profiles in the alphabetical order the Authentication profiles have been named until one profile successfully authenticates the user.

B.

The firewall evaluates the profiles in top-to-bottom order until one Authentication profile successfully authenticates the user.

C.

The priority assigned to the Authentication profile defines the order of the sequence.

D.

If the authentication times cut for the firs: Authentication profile in the authentication sequence, no further authentication attempts will be made.

An administrator has been tasked with configuring decryption policies,

Which decryption best practice should they consider?

A.

Consider the local, legal, and regulatory implications and how they affect which traffic can be decrypted.

B.

Decrypt all traffic that traverses the firewall so that it can be scanned for threats.

C.

Place firewalls where administrators can opt to bypass the firewall when needed.

D.

Create forward proxy decryption rules without Decryption profiles for unsanctioned applications.

An engineer is troubleshooting a traffic-routing issue.

What is the correct packet-flow sequence?

A.

PBF > Zone Protection Profiles > Packet Buffer Protection

B.

BGP > PBF > NAT

C.

PBF > Static route > Security policy enforcement

D.

NAT > Security policy enforcement > OSPF

An engineer needs to configure a standardized template for all Panorama-managed firewalls. These settings will be configured on a template named "Global" and will be included in all template stacks.

Which three settings can be configured in this template? (Choose three.)

A.

Log Forwarding profile

B.

SSL decryption exclusion

C.

Email scheduler

D.

Login banner

E.

Dynamic updates

ln a security-first network, what is the recommended threshold value for apps and threats to be dynamically updated?

A.

1 to 4 hours

B.

6 to 12 hours

C.

24 hours

D.

36 hours

Which two scripting file types require direct upload to the Advanced WildFire portal/API for analysis? (Choose two.)

A.

Ps1

B.

Perl

C.

Python

D.

VBS

An administrator pushes a new configuration from Panorama to a par of firewalls that are configured as an active/passive HA pair. Which NGFW receives the from Panorama?

A.

The active firewall which then synchronizes to the passive firewall

B.

The passive firewall, which then synchronizes to the active firewall

C.

Both the active and passive firewalls which then synchronize with each other

D.

Both the active and passive firewalls independently, with no synchronization afterward