Download Palo Alto Networks Certified Network Security Engineer.CertDumps.PCNSE.v7-0.2020-06-08.1e.91q.vcex

Download Exam

File Info

Exam Palo Alto Networks Certified Network Security Engineer
Number PCNSE
File Name Palo Alto Networks Certified Network Security Engineer.CertDumps.PCNSE.v7-0.2020-06-08.1e.91q.vcex
Size 2.13 Mb
Posted June 08, 2020
Downloads 26
Download Palo Alto Networks Certified Network Security Engineer.CertDumps.PCNSE.v7-0.2020-06-08.1e.91q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Purchase

Coupon: MASTEREXAM
With discount: 20%



 
 



Demo Questions

Question 1

A client is concerned about resource exhaustion because of denial-of-service attacks against their DNS servers. 
Which option will protect the individual servers?

  • A: Enable packet buffer protection on the Zone Protection Profile.
  • B: Apply an Anti-Spyware Profile with DNS sinkholing.
  • C: Use the DNS App-ID with application-default.
  • D: Apply a classified DoS Protection Profile.

Correct Answer: A




Question 2

Which three options are supported in HA Lite? (Choose three.)

  • A: Virtual link
  • B: Active/passive deployment
  • C: Synchronization of IPsec security associations
  • D: Configuration synchronization
  • E: Session synchronization

Correct Answer: BCD

Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/device/device-high-availability/ha-lite




Question 3

Which CLI command enables an administrator to view details about the firewall including uptime, PAN-OS® version, and serial number?

  • A: debug system details
  • B: show session info
  • C: show system info
  • D: show system details

Correct Answer: C

Reference: https://live.paloaltonetworks.com/t5/Learning-Articles/Quick-Reference-Guide-Helpful-Commands/ta-p/56511




Question 4

During the packet flow process, which two processes are performed in application identification? (Choose two.)

  • A: Pattern based application identification
  • B: Application override policy match
  • C: Application changed from content inspection
  • D: Session application identified.

Correct Answer: BD




Question 5

The certificate information displayed in the following image is for which type of certificate? 

  

  • A: Forward Trust certificate
  • B: Self-Signed Root CA certificate
  • C: Web Server certificate
  • D: Public CA signed certificate

Correct Answer: B




Question 6

Which three steps will reduce the CPU utilization on the management plane? (Choose three.)

  • A: Disable SNMP on the management interface.
  • B: Application override of SSL application.
  • C: Disable logging at session start in Security policies.
  • D: Disable predefined reports.
  • E: Reduce the traffic being decrypted by the firewall.

Correct Answer: CDE




Question 7

Which feature must you configure to prevent users from accidentally submitting their corporate credentials to a phishing website?

  • A: URL Filtering profile 
  • B: Zone Protection profile
  • C: Anti-Spyware profile
  • D: Vulnerability Protection profile

Correct Answer: A

Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/threat-prevention/prevent-credential-phishing




Question 8

If an administrator does not possess a website’s certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to inspect traffic when users browse to HTTP(S) websites?

  • A: SSL Forward Proxy
  • B: SSL Inbound Inspection
  • C: TLS Bidirectional proxy
  • D: SSL Outbound Inspection

Correct Answer: B




Question 9

An administrator sees several inbound sessions identified as unknown-tcp in the Traffic logs. The administrator determines that these sessions are form external users accessing the company’s proprietary accounting application. The administrator wants to reliably identify this traffic as their accounting application and to scan this traffic for threats. 
Which option would achieve this result?

  • A: Create a custom App-ID and enable scanning on the advanced tab.
  • B: Create an Application Override policy.
  • C: Create a custom App-ID and use the “ordered conditions” check box. 
  • D: Create an Application Override policy and a custom threat signature for the application.

Correct Answer: A




Question 10

The administrator has enabled BGP on a virtual router on the Palo Alto Networks NGFW, but new routes do not seem to be populating the virtual router. 
Which two options would help the administrator troubleshoot this issue? (Choose two.)

  • A: View the System logs and look for the error messages about BGP.
  • B: Perform a traffic pcap on the NGFW to see any BGP problems.
  • C: View the Runtime Stats and look for problems with BGP configuration.
  • D: View the ACC tab to isolate routing issues.

Correct Answer: CD










CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!



HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files