Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Paloalto Networks PCNSE - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

Paloalto Networks PCNSE Premium Access     Download Demo    
Page: 1 / 12
Total 346 questions

What would allow a network security administrator to authenticate and identify a user with a new BYOD-type device that is not joined to the corporate domain?

A.

an Authentication policy with 'unknown' selected in the Source User field

B.

an Authentication policy with 'known-user' selected in the Source User field

C.

a Security policy with 'known-user' selected in the Source User field

D.

a Security policy with 'unknown' selected in the Source User field

How does Panorama prompt VMWare NSX to quarantine an infected VM?

A.

HTTP Server Profile

B.

Syslog Server Profile

C.

Email Server Profile

D.

SNMP Server Profile

What should an engineer consider when setting up the DNS proxy for web proxy?

A.

A secondary DNS server in the DNS proxy is optional, and configuration commit to the firewall will succeed with only one DNS server.

B.

A maximum of two FQDNs can be mapped to an IP address in the static entries for DNS proxy.

C.

DNS timeout for web proxy can be configured manually, and it should be set to the highest value possible.

D.

Adjust the UDP queries for the DNS proxy to allow both DNS servers to be tried within 20 seconds.

A firewall engineer reviews the PAN-OS GlobalProtect application and sees that it implicitly uses web-browsing and depends on SSL.

When creating a new rule, what is needed to allow the application to resolve dependencies?

A.

Add SSL and web-browsing applications to the same rule.

B.

Add web-browsing application to the same rule.

C.

Add SSL application to the same rule.

D.

SSL and web-browsing must both be explicitly allowed.

An administrator plans to install the Windows-Based User-ID Agent.

What type of Active Directory (AD) service account should the administrator use?

A.

Dedicated Service Account

B.

System Account

C.

Domain Administrator

D.

Enterprise Administrator

To ensure that a Security policy has the highest priority, how should an administrator configure a Security policy in the device group hierarchy?

A.

Add the policy to the target device group and apply a master device to the device group.

B.

Reference the targeted device's templates in the target device group.

C.

Clone the security policy and add it to the other device groups.

D.

Add the policy in the shared device group as a pre-rule

Which feature of Panorama allows an administrator to create a single network configuration that can be reused repeatedly for large-scale deployments even if values of configured objects, such as routes and interface addresses, change?

A.

the 'Shared' device group

B.

template stacks

C.

a device group

D.

template variables

An engineer configures a specific service route in an environment with multiple virtual systems instead of using the inherited global service route configuration.

What type of service route can be used for this configuration?

A.

IPv6 Source or Destination Address

B.

Destination-Based Service Route

C.

IPv4 Source Interface

D.

Inherit Global Setting

The firewall is not downloading IP addresses from MineMeld. Based, on the image, what most likely is wrong?

A.

A Certificate Profile that contains the client certificate needs to be selected.

B.

The source address supports only files hosted with an ftp://

.

C.

External Dynamic Lists do not support SSL connections.

D.

A Certificate Profile that contains the CA certificate needs to be selected.

Phase two of a VPN will not establish a connection. The peer is using a policy-based VPN configuration.

What part of the configuration should the engineer verify?

A.

IKE Crypto Profile

B.

Security policy

C.

Proxy-IDs

D.

PAN-OS versions