Download Palo Alto Networks Certified Network Security Engineer.CertDumps.PCNSE.v7-0.2020-06-28.1e.128q.vcex

Download Exam

File Info

Exam Palo Alto Networks Certified Network Security Engineer
Number PCNSE
File Name Palo Alto Networks Certified Network Security Engineer.CertDumps.PCNSE.v7-0.2020-06-28.1e.128q.vcex
Size 3.73 Mb
Posted June 28, 2020
Downloads 1
Download Palo Alto Networks Certified Network Security Engineer.CertDumps.PCNSE.v7-0.2020-06-28.1e.128q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Purchase

Coupon: MASTEREXAM
With discount: 20%



 
 



Demo Questions

Question 1

A customer wants to set up a VLAN interface for a Layer 2 Ethernet port. 
Which two mandatory options are used to configure a VLAN interface? (Choose two.)

  • A: Virtual router
  • B: Security zone
  • C: ARP entries
  • D: Netflow Profile

Correct Answer: AB




Question 2

An administrator pushes a new configuration from Panorama to a pair of firewalls that are configured as an active/passive HA pair. 
Which NGFW receives the configuration from Panorama?

  • A: The passive firewall, which then synchronizes to the active firewall
  • B: The active firewall, which then synchronizes to the passive firewall
  • C: Both the active and passive firewalls, which then synchronize with each other
  • D: Both the active and passive firewalls independently, with no synchronization afterward

Correct Answer: C




Question 3

If a template stack is assigned to a device and the stack includes three templates with overlapping settings, which settings are published to the device when the template stack is pushed?

  • A: The settings assigned to the template that is on top of the stack.
  • B: The administrator will be promoted to choose the settings for that chosen firewall.
  • C: All the settings configured in all templates.
  • D: Depending on the firewall location, Panorama decides with settings to send.

Correct Answer: A




Question 4

Which method will dynamically register tags on the Palo Alto Networks NGFW?

  • A: Restful API or the VMware API on the firewall or on the User-ID agent or the ready-only domain controller (RODC)
  • B: Restful API or the VMware API on the firewall or on the User-ID agent
  • C: XML API or the VMware API on the firewall or on the User-ID agent or the CLI
  • D: XML API or the VM Monitoring agent on the NGFW or on the User-ID agent

Correct Answer: D

Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/policy/register-ip-addresses-and-tags-dynamically




Question 5

An administrator needs to optimize traffic to prefer business-critical applications over non-critical applications. 
QoS natively integrates with which feature to provide service quality?

  • A: Port Inspection
  • B: Certificate revocation
  • C: Content-ID
  • D: App-ID

Correct Answer: D

Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/quality-of-service/qos-concepts/qos-for-applications-and-users#idaed4e749-80b4-4641-a37c-c741aba562e9




Question 6

Refer to the exhibit. 

  

An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the specific server based on the application, where Host A (10.1.1.100) receives HTTP traffic and Host B (10.1.1.101) receives SSH traffic. 
Which two Security policy rules will accomplish this configuration? (Choose two.)

  • A: Untrust (Any) to Untrust (10.1.1.1), web-browsing - Allow
  • B: Untrust (Any) to Untrust (10.1.1.1), ssh - Allow
  • C: Untrust (Any) to DMZ (10.1.1.100), web-browsing - Allow
  • D: Untrust (Any) to DMZ (10.1.1.100), ssh - Allow
  • E: Untrust (Any) to DMZ (10.1.1.100, 10.1.1.101), ssh, web-browsing - Allow

Correct Answer: CD




Question 7

An administrator needs to determine why users on the trust zone cannot reach certain websites. The only information available is shown on the following image.  
Which configuration change should the administrator make? 

  • A:
      
  • B:
      
  • C:
      
  • D:
      
  • E:
      

Correct Answer: B




Question 8

A customer has an application that is being identified as unknown-tcp for one of their custom PostgreSQL database connections. 
Which two configuration options can be used to correctly categorize their custom database application? 
(Choose two.)

  • A: Application Override policy.
  • B: Security policy to identify the custom application.
  • C: Custom application.
  • D: Custom Service object. 

Correct Answer: BC




Question 9

An administrator logs in to the Palo Alto Networks NGFW and reports that the WebUI is missing the Policies tab. 
Which profile is the cause of the missing Policies tab?

  • A: Admin Role
  • B: WebUI
  • C: Authentication
  • D: Authorization

Correct Answer: A




Question 10

An administrator has left a firewall to use the default port for all management services.  
Which three functions are performed by the dataplane? (Choose three.)

  • A: WildFire updates
  • B: NAT
  • C: NTP
  • D: antivirus
  • E: file blocking

Correct Answer: ABC










CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!



HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files