Download Palo Alto Networks Certified Network Security Engineer.Testking.PCNSE.2018-11-18.1e.79q.vcex

Download Exam

File Info

Exam Palo Alto Networks Certified Network Security Engineer
Number PCNSE
File Name Palo Alto Networks Certified Network Security Engineer.Testking.PCNSE.2018-11-18.1e.79q.vcex
Size 1.22 Mb
Posted November 18, 2018
Downloads 74
Download Palo Alto Networks Certified Network Security Engineer.Testking.PCNSE.2018-11-18.1e.79q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase

Coupon: MASTEREXAM
With discount: 20%



 
 


Demo Questions

Question 1

Which method will dynamically register tags on the Palo Alto Networks NGFW?

  • A: Restful API or the VMWare API on the firewall or on the User-ID agent or the read-only domain controller (RODC)
  • B: Restful API or the VMware API on the firewall or on the User-ID agent
  • C: XML-API or the VMware API on the firewall or on the User-ID agent or the CLI
  • D: XML API or the VM Monitoring agent on the NGFW or on the User-ID agent

Correct Answer: D

Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/policy/register-ip-addresses-and-tags-dynamically




Question 2

How does an administrator schedule an Applications and Threats dynamic update while delaying installation of the update for a certain amount of time?

  • A: Configure the option for “Threshold”.
  • B: Disable automatic updates during weekdays.
  • C: Automatically “download only” and then install Applications and Threats later, after the administrator approves the update.
  • D: Automatically “download and install” but with the “disable new applications” option used.

Correct Answer: C




Question 3

Decrypted packets from the website https://www.microsoft.com will appear as which application  and service within the Traffic log?

  • A: web-browsing and 443
  • B: SSL and 80
  • C: SSL and 443
  • D: web-browsing and 80

Correct Answer: B




Question 4

Which PAN-OS® policy must you configure to force a user to provide additional credentials before he is allowed to access an internal application that contains highly-sensitive business data?

  • A: Security policy
  • B: Decryption policy
  • C: Authentication policy
  • D: Application Override policy

Correct Answer: C




Question 5

A Security policy rule is configured with a Vulnerability Protection Profile and an action of ‘Deny”. 
Which action will this cause configuration on the matched traffic?

  • A: The configuration is invalid. The Profile Settings section will be grayed out when the Action is set to “Deny”.
  • B: The configuration will allow the matched session unless a vulnerability signature is detected. The “Deny” action will supersede the per-severity defined actions defined in the associated Vulnerability Protection Profile.
  • C: The configuration is invalid. It will cause the firewall to skip this Security policy rule. A warning will be displayed during a commit. 
  • D: The configuration is valid. It will cause the firewall to deny the matched sessions. Any configured Security Profiles have no effect if the Security policy rule action is set to “Deny.”

Correct Answer: B




Question 6

A user’s traffic traversing a Palo Alto Networks NGFW sometimes can reach http://www.company.com. At other times the session times out. The NGFW has been configured with a PBF rule that the user’s traffic matches when it goes to http://www.company.com.
How can the firewall be configured automatically disable the PBF rule if the next hop goes down?

  • A: Create and add a Monitor Profile with an action of Wait Recover in the PBF rule in question.
  • B: Create and add a Monitor Profile with an action of Fail Over in the PBF rule in question.
  • C: Enable and configure a Link Monitoring Profile for the external interface of the firewall.
  • D: Configure path monitoring for the next hop gateway on the default route in the virtual router.

Correct Answer: D




Question 7

What are two benefits of nested device groups in Panorama? (Choose two.)

  • A: Reuse of the existing Security policy rules and objects
  • B: Requires configuring both function and location for every device
  • C: All device groups inherit settings form the Shared group
  • D: Overwrites local firewall configuration

Correct Answer: BC




Question 8

Which Captive Portal mode must be configured to support MFA authentication?

  • A: NTLM
  • B: Redirect
  • C: Single Sign-On
  • D: Transparent

Correct Answer: B

Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/authentication/configure-multi-factor-authentication




Question 9

An administrator needs to implement an NGFW between their DMZ and Core network. EIGRP Routing between the two environments is required.  
Which interface type would support this business requirement? 

  • A: Virtual Wire interfaces to permit EIGRP routing to remain between the Core and DMZ
  • B: Layer 3 or Aggregate Ethernet interfaces, but configuring EIGRP on subinterfaces only
  • C: Tunnel interfaces to terminate EIGRP routing on an IPsec tunnel (with the GlobalProtect License to support LSVPN and EIGRP protocols)
  • D: Layer 3 interfaces, but configuring EIGRP on the attached virtual router

Correct Answer: B




Question 10

Which method does an administrator use to integrate all non-native MFA platforms in PAN-OS® software?

  • A: Okta
  • B: DUO
  • C: RADIUS
  • D: PingID

Correct Answer: C










CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!

Get Now!


HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files