Best Quality Palo Alto Networks PCNSE Exam Questions Prep4pass Realistic Practice Exams [2021]
Critical Information To Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 10.0 Pass the First Time
NEW QUESTION 79
When using the predefined default profile, the policy will inspect for viruses on the decoders. Match each decoder with its default action.
Answer options may be used more than once or not at all.
Answer:
Explanation:
NEW QUESTION 80
View the GlobalProtect configuration screen capture.
What is the purpose of this configuration?
- A. It forces the firewall to perform a dynamic DNS update, which adds the internal gateway's hostname and IP address to the DNS server.
- B. It configures the tunnel address of all internal clients to an IP address range starting at 192.168.10.1.
- C. It enables a client to perform a reverse DNS lookup on 192.168.10.1 to detect that it is an internal client.
- D. It forces an internal client to connect to an internal gateway at IP address 192.168.10.1.
Answer: C
Explanation:
Explanation/Reference:
Reference: https://www.paloaltonetworks.com/documentation/80/globalprotect/globalprotect-admin-guide/ globalprotect-portals/define-the-globalprotect-client-authentication-configurations/define-the-globalprotect- agent-configurations
NEW QUESTION 81
Which two events trigger the operation of automatic commit recovery? (Choose two.)
- A. when a firewall performs a local commit
- B. when a firewall HA pair fails over
- C. when an aggregate Ethernet interface component fails
- D. when Panorama pushes a configuration
Answer: B,C
NEW QUESTION 82
Which two options prevent the firewall from capturing traffic passing through it? (Choose two.)
- A. The firewall's DP CPU is higher than 50%.
- B. The traffic does not match the packet capture filter.
- C. The firewall is in multi-vsys mode.
- D. The traffic is offloaded.
Answer: B,D
Explanation:
Explanation/Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/monitoring/take-packet- captures/disable-hardware-offload
NEW QUESTION 83
An administrator is configuring an IPSec VPN to a Cisco ASA at the administrator's home and experiencing issues completing the connection. the following is the output from the command:
What could be the cause of this problem?
- A. The Proxy IDs on the Palo Alto Networks Firewall do not match the setting on the ASA.
- B. The shared secrets do not match between the Palo Alto Networks Firewall and the ASA.
- C. The public IP addresses do not match for both the Palo Alto Networks Firewall and the ASA.
- D. The dead peer detection settings do not match between the Palo Alto Networks Firewall and the ASA.
Answer: C
NEW QUESTION 84
Which three rule types are available when defining policies in Panorama? (Choose three.)
- A. Default Rules
- B. Post Rules
- C. Stealth Rules
- D. Pre Rules
- E. Clean Up Rules
Answer: A,B,D
Explanation:
https://www.paloaltonetworks.com/documentation/71/pan-os/web-interface-help/panorama-web-interface/defining-policies-on-panorama
NEW QUESTION 85
Which method does an administrator use to integrate all non-native MFA platforms in PAN- OS software?
- A. Okta
- B. PingID
- C. RADIUS
- D. DUO
Answer: C
NEW QUESTION 86
Refer to the exhibit.
An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the specific server based on the application, where Host A (10.1.1.100) receives HTTP traffic and HOST B (10.1.1.101) receives SSH traffic.) Which two security policy rules will accomplish this configuration? (Choose two.)
- A. Untrust (Any) to DMZ (10.1.1.1), web-browsing -Allow
- B. Untrust (Any) to DMZ (10.1.1.100.10.1.1.101), ssh, web-browsing -Allow
- C. Untrust (Any) to DMZ (10.1.1.1), ssh -Allow
- D. Untrust (Any) to Untrust (10.1.1.1), web-browsing -Allow
- E. Untrust (Any) to Untrust (10.1.1.1), ssh -Allow
Answer: A,C
Explanation:
Explanation
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/networking/nat/nat-configuration-examples/destinat
NEW QUESTION 87
The administrator has enabled BGP on a virtual router on the Palo Alto Networks NGFW, but new routes do not seem to be populating the virtual router.
Which two options would help the administrator troubleshoot this issue? (Choose two.)
- A. View the System logs and look for the error messages about BGP.
- B. View the ACC tab to isolate routing issues.
- C. Perform a traffic pcap on the NGFW to see any BGP problems.
- D. View the Runtime Stats and look for problems with BGP configuration.
Answer: A,D
NEW QUESTION 88
How would an administrator monitor/capture traffic on the management interface of the Palo Alto Networks NGFW?
- A. Use the debug dataplane packet-diag set capture stage management file command.
- B. Enable all four stages of traffic capture (TX, RX, DROP, Firewall).
- C. Use the tcpdump command.
- D. Use the debug dataplane packet-diag set capture stage firewall file command.
Answer: C
Explanation:
Reference:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/monitoring/take-packet-captures/take-a-packet-capture-on-the-management-interface.html
NEW QUESTION 89
View the GlobalProtect configuration screen capture.
What is the purpose of this configuration?
- A. It enables a client to perform a reverse DNS lookup on 192.168.10.1 to detect that it is an internal client.
- B. It forces the firewall to perform a dynamic DNS update, which adds the internal gateway's hostname and IP address to the DNS server.
- C. It configures the tunnel address of all internal clients to an IP address range starting at 192.168.10.1.
- D. It forces an internal client to connect to an internal gateway at IP address 192.168.10.1.
Answer: D
Explanation:
Reference:
https://www.paloaltonetworks.com/documentation/80/globalprotect/globalprotect-admin-guide/globalprotect-por the-globalprotect-client-authentication-configurations/define-the-globalprotect-agent-configurations
"Select this option to allow the GlobalProtect agent to determine if it is inside the enterprise network.
This option applies only to endpoints that are configured to communicate with internal gateways.When the user attempts to log in, the agent does a reverse DNS lookup of an internal host using the specified Hostname to the specified IP Address. The host serves as a reference point that is reachable if the endpoint is inside the enterprise network. If the agent finds the host, the endpoint is inside the network and the agent connects to an internal gateway; if the agent fails to find the internal host, the endpoint is outside the network and the agent establishes a tunnel to one of the external gateways"
NEW QUESTION 90
Based on the following image,
what is the correct path of root, intermediate, and end-user certificate?
- A. Palo Alto Networks > Symantec > VeriSign
- B. VeriSign > Palo Alto Networks > Symantec
- C. VeriSign > Symantec > Palo Alto Networks
- D. Symantec > VeriSign > Palo Alto Networks
Answer: D
NEW QUESTION 91
A customer has an application that is being identified as unknown-top for one of their custom PostgreSQL database connections.
Which two configuration options can be used to correctly categorize their custom database application?
(Choose two.)
- A. Custom application.
- B. Application Override policy.
- C. Security policy to identify the custom application.
- D. Custom Service object.
Answer: A,C
NEW QUESTION 92 
What will be the source address in the ICMP packet?
- A. 10.30.0.93
- B. 192.168.93.1
- C. 10.46.72.93
- D. 10.46.64.94
Answer: D
NEW QUESTION 93
During SSL decryption which three factors affect resource consumption1? (Choose three )
- A. transaction size
- B. applications that use non-standard ports
- C. TLS protocol version
- D. certificate issuer
- E. key exchange algorithm
Answer: A,C,E
Explanation:
https://docs.paloaltonetworks.com/best-practices/8-1/decryption-best-practices/decryption-best-practices/plan-ssl-decryption-best-practice-deployment.html
NEW QUESTION 94
An administrator just submitted a newly found piece of spyware for WildFire analysis.
The spyware monitors behavior without the user's knowledge.
What is the expected verdict from WildFire?
- A. Malware
- B. Grayware
- C. Spyware
- D. Phishing
Answer: B
NEW QUESTION 95
Which two events trigger the operation of automatic commit recovery? (Choose two.)
- A. when a firewall HA pair fails over
- B. when a firewall performs a local commit
- C. when an aggregate Ethernet interface component fails
- D. when Panorama pushes a configuration
Answer: B,D
NEW QUESTION 96
Which CLI command displays the current management plane memory utilization?
- A. > show running resource-monitor
- B. > show system resources
- C. > show system info
- D. > debug management-server show
Answer: B
Explanation:
https://live.paloaltonetworks.com/t5/Learning-Articles/How-to-Interpret-show-system-resources/ta-p/59364
"The command show system resources gives a snapshot of Management Plane (MP) resource utilization including memory and CPU. This is similar to the 'top' command in Linux." https://live.paloaltonetworks.com/t5/Learning-Articles/How-to-Interpret-show-system-resources/ta-p/59364
NEW QUESTION 97
Which feature prevents the submission of corporate login information into website forms?
- A. Data filtering
- B. User-ID
- C. File blocking
- D. Credential phishing prevention
Answer: D
Explanation:
Reference: https://www.paloaltonetworks.com/cyberpedia/how-the-next-generation-security- platform-contributes-to-gdpr-compliance
NEW QUESTION 98
......
PCNSE EXAM DUMPS WITH GUARANTEED SUCCESS: https://www.prep4pass.com/PCNSE_exam-braindumps.html
Best Quality Palo Alto Networks PCNSE Exam Questions: https://drive.google.com/open?id=1lhZmRvp3WlKn97sTaQs7xIPldLDdQlqt
