Download Palo Alto Networks Certified Network Security Engineer.prep4sure.PCNSE.2020-02-21.1e.92q.vcex

Question 1

Which CLI command is used to simulate traffic going through the firewall and determine which Security policy rule, NAT translation, static route, or PBF rule will be triggered by the traffic?

• A: check
• B: find
• C: test
• D: sim

Correct Answer: C

Question 2

A customer wants to set up a VLAN interface for a Layer 2 Ethernet port. 
Which two mandatory options are used to configure a VLAN interface? (Choose two.)

• A: Virtual router
• B: Security zone
• C: ARP entries
• D: Netflow Profile

Correct Answer: AB

Question 3

An administrator has been asked to configure a Palo Alto Networks NGFW to provide protection against worms and trojans. 
Which Security Profile type will protect against worms and trojans?

• A: Anti-Spyware
• B: Instruction Prevention
• C: File Blocking
• D: Antivirus

Correct Answer: D

Question 4

An administrator has been asked to configure active/passive HA for a pair of Palo Alto Networks NGFWs. The administrator assigns priority 100 to the active firewall. 
Which priority is correct for the passive firewall?

• A: 0
• B: 99
• C: 1
• D: 255

Correct Answer: D

Question 5

An administrator pushes a new configuration from Panorama to a pair of firewalls that are configured as an active/passive HA pair. 
Which NGFW receives the configuration from Panorama?

• A: The passive firewall, which then synchronizes to the active firewall
• B: The active firewall, which then synchronizes to the passive firewall
• C: Both the active and passive firewalls, which then synchronize with each other
• D: Both the active and passive firewalls independently, with no synchronization afterward

Correct Answer: C

Question 6

Refer to the exhibit. 

  

An administrator cannot see any of the Traffic logs from the Palo Alto Networks NGFW on Panorama reports. The configuration problem seems to be on the firewall. Which settings, if configured incorrectly, most likely would stop only Traffic logs from being sent from the firewall to Panorama?

• A:
  
    
• B:
  
    
• C:
  
    
• D:
  
    

Correct Answer: D

Question 7

Which method will dynamically register tags on the Palo Alto Networks NGFW?

• A: Restful API or the VMware API on the firewall or on the User-ID agent or the ready-only domain controller (RODC)
• B: Restful API or the VMware API on the firewall or on the User-ID agent
• C: XML API or the VMware API on the firewall or on the User-ID agent or the CLI
• D: XML API or the VM Monitoring agent on the NGFW or on the User-ID agent

Correct Answer: D

Question 8

To connect the Palo Alto Networks firewall to AutoFocus, which setting must be enabled?

• A: Device>Setup>Services>AutoFocus
• B: Device> Setup>Management >AutoFocus
• C: AutoFocus is enabled by default on the Palo Alto Networks NGFW
• D: Device>Setup>WildFire>AutoFocus
• E: Device>Setup> Management> Logging and Reporting Settings

Correct Answer: B

Question 9

An administrator encountered problems with inbound decryption. Which option should the administrator investigate as part of triage?

• A: Security policy rule allowing SSL to the target server
• B: Firewall connectivity to a CRL
• C: Root certificate imported into the firewall with “Trust” enabled
• D: Importation of a certificate from an HSM

Correct Answer: A

Question 10

Which two virtualization platforms officially support the deployment of Palo Alto Networks VM-Series firewalls? (Choose two.)

• A: Red Hat Enterprise Virtualization (RHEV)
• B: Kernel Virtualization Module (KVM)
• C: Boot Strap Virtualization Module (BSVM)
• D: Microsoft Hyper-V

Correct Answer: BD