[Oct-2021] Pass Palo Alto Networks PCNSE Exam in First Attempt Guaranteed! [Q71-Q87]

[Oct-2021] Pass Palo Alto Networks PCNSE Exam in First Attempt Guaranteed!

Full PCNSE Practice Test and 337 unique questions with explanations waiting just for you, get it now!

NEW QUESTION 71
View the GlobalProtect configuration screen capture.
What is the purpose of this configuration?

• A. It forces the firewall to perform a dynamic DNS update, which adds the internal gateway's hostname and IP address to the DNS server.
• B. It configures the tunnel address of all internal clients to an IP address range starting at 192.168.10.1.
• C. It enables a client to perform a reverse DNS lookup on 192.168.10.1 to detect that it is an internal client.
• D. It forces an internal client to connect to an internal gateway at IP address 192.168.10.1.

Answer: C

Explanation:
Explanation/Reference:
Reference: https://www.paloaltonetworks.com/documentation/80/globalprotect/globalprotect-admin-guide/ globalprotect-portals/define-the-globalprotect-client-authentication-configurations/define-the-globalprotect- agent-configurations

 

NEW QUESTION 72
Which four NGFW multi-factor authentication factors are supported by PAN-OS@? (Choose four.)

• A. Short message service
• B. Voice
• C. Push
• D. One-Time Password
• E. SSH key
• F. User logon

Answer: A,B,C,D

Explanation:
Explanation
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/authentication/authentication-types/multi-factor-auth

 

NEW QUESTION 73
When configuring a GlobalProtect Portal, what is the purpose of specifying an Authentication Profile?

• A. To enable user authentication to the Portal
• B. To enable Gateway authentication to the Portal
• C. To enable Portal authentication to the Gateway
• D. To enable client machine authentication to the Portal

Answer: A

Explanation:
Explanation/Reference:
Explanation:
The additional options of Browser and Satellite enable you to specify the authentication profile to use for specific scenarios. Select Browser to specify the authentication profile to use to authenticate a user accessing the portal from a web browser with the intent of downloading the GlobalProtect agent (Windows and Mac). Select Satellite to specify the authentication profile to use to authenticate the satellite.
Reference https://www.paloaltonetworks.com/documentation/71/pan-os/web-interface-help/globalprotect/ network-globalprotect-portals

 

NEW QUESTION 74
Which feature prevents the submission of corporate login information into website forms?

• A. Data filtering
• B. User-ID
• C. File blocking
• D. Credential phishing prevention

Answer: D

Explanation:
Reference:
https://www.paloaltonetworks.com/cyberpedia/how-the-next-generation-security-platform-contributes-to-gdpr-co
"Credential phishing prevention works by scanning username and password submissions to websites and comparing those submissions against valid corporate credentials. You can choose what websites you want to either allow, alert on, or block corporate credential submissions to based on the URL category of the website. Alternatively, you can present a page that warns users against submitting credentials to sites classified in certain URL categories. This gives you the opportunity to educate users against reusing corporate credentials, even on legitimate, non-phishing sites. In the event that corporate credentials are compromised, this feature allows you to identify the user who submitted credentials so that you can remediate."

 

NEW QUESTION 75
The GlobalProtect Portal interface and IP address have been configured. Which other value needs to be defined to complete the network settings configuration of GlobalPortect Portal?

• A. Client Certificate
• B. Certificate Profile
• C. Server Certificate
• D. Authentication Profile

Answer: C

Explanation:
Explanation
(https://live.paloaltonetworks.
com/t5/Configuration-Articles/How-to-Configure-GlobalProtect/ta-p/58351)

 

NEW QUESTION 76
Which CLI command displays the current management plan memory utilization?

• A. > show running resource-monitor
• B. > show system resources
• C. > show system info
• D. > debug management-server show

Answer: B

Explanation:
Explanation: https://live.paloaltonetworks.com/t5/Management-Articles/Show-System- Resource-Command-Displays-CPU-Utilization-of-9999/ta-p/58149

 

NEW QUESTION 77
Which two benefits come from assigning a Decryption Profile to a Decryption policy rule with a "No Decrypt" action? (Choose two.)

• A. Block sessions with expired certificates
• B. Block sessions with unsupported cipher suites
• C. Block credential phishing
• D. Block sessions with untrusted issuers
• E. Block sessions with client authentication

Answer: A,D

Explanation:
Explanation/Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/decryption/define-traffic-to- decrypt/create-a-decryption-profile

 

NEW QUESTION 78
Which three split tunnel methods are supported by a GlobalProtect Gateway? (Choose three.)

• A. video streaming application
• B. Client Application Process
• C. Source Domain
• D. Destination Domain
• E. URL Category
• F. Destination user/group

Answer: A,B,D

Explanation:
Explanation/Reference: https://www.paloaltonetworks.com/documentation/81/pan-os/newfeaturesguide/globalprotect- features/split-tunnel-for-public-applications

 

NEW QUESTION 79
When a malware-infected host attempts to resolve a known command-and-control server, the traffic matches a security policy with DNS sinhole enabled, generating a traffic log.
What will be the destination IP Address in that log entry?

• A. The IP Address of the command-and-control server
• B. The IP Address specified in the sinkhole configuration
• C. The IP Address of sinkhole.paloaltonetworks.com
• D. The IP Address of one of the external DNS servers identified in the anti-spyware database

Answer: B

Explanation:
Explanation
https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Verify-DNS-Sinkhole-Function-is-Working/t

 

NEW QUESTION 80
Which client software can be used to connect remote Linux client into a Palo Alto Networks Infrastructure without sacrificing the ability to scan traffic and protect against threats?

• A. GlobalProtect Apple IOS
• B. X-Auth IPsec VPN
• C. GlobalProtect Linux
• D. GlobalProtect SSL

Answer: C

Explanation:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClkiCAC

 

NEW QUESTION 81
An administrator is using Panorama and multiple Palo Alto Networks NGFWs. After upgrading all devices to the latest PAN-OS® software, the administrator enables log forwarding from the firewalls to Panoram A.
Pre-existing logs from the firewalls are not appearing in PanoramA.
Which action would enable the firewalls to send their pre-existing logs to Panorama?

• A. A CLI command will forward the pre-existing logs to Panorama.
• B. Use the import option to pull logs into Panorama.
• C. The log database will need to exported form the firewalls and manually imported into Panorama.
• D. Use the ACC to consolidate pre-existing logs.

Answer: A

Explanation:
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-new-features/management-features/pa-7000-series-firewall-log-forwarding-to-panorama

 

NEW QUESTION 82
How does Panorama prompt VMWare NSX to quarantine an infected VM?

• A. SNMP Server Profile
• B. Syslog Server Profile
• C. HTTP Server Profile
• D. Email Server Profile

Answer: C

 

NEW QUESTION 83
The certificate information displayed in the following image is for which type of certificate?

• A. Forward Trust certificate
• B. Web Server certificate
• C. Public CA signed certificate
• D. Self-Signed Root CA certificate

Answer: C

 

NEW QUESTION 84
Which Security policy rule will allow an admin to block facebook chat but allow Facebook in general?

• A. Deny application facebook on top
• B. Allow application facebook on top
• C. Deny application facebook-chat before allowing application facebook
• D. Allow application facebook before denying application facebook-chat

Answer: C

Explanation:
Reference: https://live.paloaltonetworks.com/t5/Configuration-Articles/Failed-to-Block-Facebook-Chat-Consistently/ta-p/115673

 

NEW QUESTION 85
What are two benefits of nested device groups in Panorama? (Choose two.)

• A. All device groups inherit settings form the Shared group
• B. Reuse of the existing Security policy rules and objects
• C. Requires configuring both function and location for every device
• D. Overwrites local firewall configuration

Answer: A,C

Explanation:
Explanation
https://docs.paloaltonetworks.com/panorama/8-0/panorama-admin/panorama-overview/centralized-firewall-conf

 

NEW QUESTION 86
Given the following diagram:

A VPN connection has been created to allow traffic from the Trust-L3 zone of Site A to reach the Trust-L3 zone of Site B.
Each site is using tunnel.1 in the Untrust-L3 zone for the VPN connection. A static route needs to be added to the default virtual router in the Site A firewall to enable traffic from Site A to reach all workstations in Site B.
Which static route configuration will satisfy the requirement?

• A. Name: Route-to-Site-B
  Destination: 172.16.20.0/24
  Interface: ethernet1/1
  Next Hop: 192.0.0.1
• B. Name: Route-to-Site-B
  Destination: 172.16.20.1/24
  Interface: tunnel.1
  Next Hop: None
• C. Name: Route-to-Site-B
  Destination: 172.16.20.0/24
  Interface: tunnel.1
  Next Hop: None
• D. Name: Route-to-Site-B
  Destination: 172.16.20.0/24
  Interface: none
  Next Hop: 192.0.0.2

Answer: C

Explanation:
https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/vpns/site-to-site-vpn-with-static-routing

 

NEW QUESTION 87
......

Prepare for your Palo Alto Networks certification with the updated Prep4pass PCNSE exam questions: https://drive.google.com/open?id=1EdtgcfirshduAguvJVnrCuNaip4YG-JS

Get Latest PCNSE Dumps Exam Questions in here: https://www.prep4pass.com/PCNSE_exam-braindumps.html