PCNSE Exam Questions

Total 271 Questions

Last Updated Exam : 16-Dec-2024

Topic 1 : Main Questions pool

If the firewall is configured for credential phishing prevention using the “Domain Credential Filter” method,
which login will be detected as credential theft?


A.

Mapping to the IP address of the logged-in user.


B.

First four letters of the username matching any valid corporate username.


C.

Using the same user’s corporate username and password.


D.

Marching any valid corporate username.





A.
  

Mapping to the IP address of the logged-in user.



Explanation
Reference:
https://www.paloaltonetworks.com/documentation/80/pan-os/newfeaturesguide/content-inspection-features/credentialphishing-
prevention

Which is the maximum number of samples that can be submitted to WildFire per day, based on wildfire subscription?


A.

15,000


B.

10,000


C.

75,00


D.

5,000





B.
  

10,000



Which three firewall states are valid? (Choose three)



A.

Suspended


B.

Passive


C.

Active


D.

Pending


E.

Functional





A.
  

Suspended



B.
  

Passive



C.
  

Active



A web server is hosted in the DMZ, and the server is configured to listen for incoming connections only on
TCP port 8080. A Security policy rule allowing access from the Trustzone to the DMZ zone need to be
configured to enable we browsing access to the server.
Which application and service need to be configured to allow only cleartext web-browsing traffic to thins
server on tcp/8080.


A.

application: web-browsing; service:application-default


B.

application: web-browsing; service: service-https


C.

application: ssl; service: any


D.

application: web-browsing; service: (custom with destination TCP port 8080)





A.
  

application: web-browsing; service:application-default



Which three file types can be forwarded to WildFire for analysis as a part of the basic WildFire service? (Choose three.)


A.

.dll


B.

.exe


C.

.src


D.

.apk


E.

.pdf


F.

.jar





D.
  

.apk



E.
  

.pdf



F.
  

.jar



Which virtual router feature determines if a specific destination IP address is reachable?


A.

Heartbeat Monitoring


B.

Failover


C.

Path Monitoring


D.

Ping-Path





C.
  

Path Monitoring



Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/policy/pbf

Which item enables a firewall administrator to see details about traffic that is currently active through the NGFW?


A.

ACC


B.

System Logs


C.

App Scope


D.

Session Browser





D.
  

Session Browser



Which Panorama administrator types require the configuration of atleast one access domain? (Choose two)


A.

Dynamic


B.

Custom Panorama Admin


C.

Role Based


D.

Device Group


E.

Template Admin





D.
  

Device Group



E.
  

Template Admin



A client has a sensitive application server in theirdata center and is particularly concerned about resource exhaustion because of distributed denial-of-service attacks.
How can the Palo Alto Networks NGFW be configured to specifically protect this server against resource exhaustion originating from multiple IP addresses (DDoS attack)?


A.

Define a custom App-ID to ensure that only legitimate application traffic reaches the server.


B.

Add a Vulnerability Protection Profile to block the attack.


C.

Add QoS Profiles to throttle incoming requests.


D.

Add a DoS Protection Profile with defined session count.





D.
  

Add a DoS Protection Profile with defined session count.



Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/policy/dos-protection-profiles

If an administrator wants to decrypt SMTP traffic and possesses the server’s certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to inspect traffic to the server?


A.

TLS Bidirectional Inspection


B.

SSL Inbound Inspection


C.

SSH Forward Proxy


D.

SMTP Inbound Decryption





B.
  

SSL Inbound Inspection



Reference:
https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/decryption/configure-ssl-inbound-inspection


Page 2 out of 28 Pages
Previous