PCNSE Exam Questions

Total 271 Questions

Last Updated Exam : 16-Dec-2024

Topic 1 : Main Questions pool

The administrator has enabled BGP on a virtual router on the Palo Alto Networks NGFW, but new routes do
not seem to be populating the virtual router.
Which two options would help the administrator troubleshoot this issue? (Choose two.)


A.

View the System logs and look for the error messages about BGP.


B.

Perform a traffic pcap on the NGFW to see any BGP problems.


C.

View the Runtime Stats and look for problems with BGP configuration.


D.

View the ACC tab to isolate routing issues.





C.
  

View the Runtime Stats and look for problems with BGP configuration.



D.
  

View the ACC tab to isolate routing issues.



Which menu item enables a firewall administrator to see details about traffic that is currently active through the NGFW?


A.

App Scope


B.

ACC


C.

Session Browser


D.

System Logs





C.
  

Session Browser



An administrator has users accessing network resources through Citrix XenApp 7 x. Which User-ID mapping solution will map multiple users who are using Citrix to connect to the network and access resources?


A.

Client Probing


B.

Terminal Services agent


C.

GlobalProtect


D.

Syslog Monitoring





B.
  

Terminal Services agent



An administrator wants to upgrade an NGFW from PAN-OS® 7 .1. 2 to PAN-OS® 8 .0.2 The firewall is not a part of an HA pair. What needs to be updated first?


A.

XML Agent


B.

Applications and Threats


C.

WildFire


D.

PAN-OS® Upgrade Agent





B.
  

Applications and Threats



Which logs enable a firewall administrator to determine whether a session was decrypted?


A.

Correlated Event


B.

Traffic


C.

Decryption


D.

Security Policy





B.
  

Traffic



VPN traffic intended for an administrator’s Palo Alto Networks NGFW is being maliciously intercepted and
retransmitted by the interceptor. When creating a VPN tunnel, which protection profile can be enabled to prevent this malicious behavior?


A.

Zone Protection


B.

DoS Protection


C.

Web Application


D.

Replay





A.
  

Zone Protection



An administrator has been asked to create 100 virtual firewalls in a local, on-premise lab environment (not in“the cloud”). Bootstrapping is the most expedient way to perform this task.
Which option describes deployment of a bootstrap package in an on-premise virtual environment?


A.

Use config-drive on a USB stick.


B.

Use an S3 bucket with an ISO.


C.

Create and attach a virtual hard disk (VHD).


D.

Use a virtual CD-ROM with an ISO.





D.
  

Use a virtual CD-ROM with an ISO.



Reference:
https://www.paloaltonetworks.com/documentation/71/pan-os/newfeaturesguide/management-features/bootstrappingfirewalls-
for-rapid-deployment.html

A customer has an applicationthat is being identified as unknown-top for one of their custom PostgreSQL
database connections. Which two configuration options can be used to correctly categorize their custom
database application? (Choose two.)


A.

Application Override policy.


B.

Securitypolicy to identify the custom application.


C.

Custom application.


D.

Custom Service object.





B.
  

Securitypolicy to identify the custom application.



D.
  

Custom Service object.



The firewall determines if a packet is the first packet of a new session or if a packet is part of an existing
session using which kind of match?


A.

5-tuple match


B.

Source IP Address, Destination IP Address, Source Port, Destination Port, Protocol


C.

7-tuple match


D.

Source IP Address, Destination IP Address, Source Port, Destination Port ,Source User, URLCategory
and Source Security Zone.


E.

6-tuple match
Source IP Address, Destination IP Address, Source Port, Destination Port, Protocol and Source Security
Zone


F.

9-tuple match


G.

Source IP Address, Destination IP Address, Source Port, Destination Port, Source User, Source Security
Zone, Destination Security Zone, Application and URL Category





A.
  

5-tuple match



Which processing order will be enabled when a Panorama administrator selects the setting “Objects defined in ancestors will take higher precedence?”


A.

Descendant objects will take precedence over other descendant objects.


B.

Descendant objects will take precedence over ancestor objects.


C.

Ancestor objects will have precedence over descendant objects.


D.

Ancestor objects will have precedence over other ancestor objects.





C.
  

Ancestor objects will have precedence over descendant objects.



Reference:
https://www.paloaltonetworks.com/documentation/71/pan-os/web-interface-help/device/device-setup-management


Page 5 out of 28 Pages
Previous