Download Palo Alto Networks Certified Security Engineer.PassLeader.PCNSE.v22-041.2022-07-23.1e.401q.vcex

Download Exam

File Info

Exam Palo Alto Networks Certified Network Security Engineer
Number PCNSE
File Name Palo Alto Networks Certified Security Engineer.PassLeader.PCNSE.v22-041.2022-07-23.1e.401q.vcex
Size 26.86 Mb
Posted July 23, 2022
Downloads 7
Download Palo Alto Networks Certified Security Engineer.PassLeader.PCNSE.v22-041.2022-07-23.1e.401q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.


With discount: 20%


Demo Questions

Question 1

A wants to enable Application Override. Given the following screenshot:
Which two statements are true if Source and Destination traffic match the Application Override policy? (Choose two)


  • A: Traffic that matches "rtp-base" will bypass the App-ID and Content-ID engines.
  • B: Traffic will be forced to operate over UDP Port 16384.
  • C: Traffic utilizing UDP Port 16384 will now be identified as "rtp-base".
  • D: Traffic utilizing UDP Port 16384 will bypass the App-ID and Content-ID engines.

Correct Answer: CD

An application override policy is changes how the Palo Alto Networks firewall classifies network traffic into applications. An application override with a custom application prevents the session from being processed by the App-ID engine, which is a Layer-7 inspection.

Question 2

Which three fields can be included in a pcap filter? (Choose three)

  • A: Egress interface
  • B: Source IP
  • C: Rule number
  • D: Destination IP
  • E: Ingress interface

Correct Answer: BDE

Question 3

What are three possible verdicts that WildFire can provide for an analyzed sample? (Choose three)

  • A: Clean
  • B: Bengin
  • C: Adware
  • D: Suspicious
  • E: Grayware
  • F: Malware

Correct Answer: BEF

The WildFire verdicts are: Benign, Grayware, Malware.

Question 4

A logging infrastructure may need to handle more than 10,000 logs per second.
Which two options support a dedicated log collector function? (Choose two)

  • A: Panorama virtual appliance on ESX(i) only
  • B: M-500
  • C: M-100 with Panorama installed
  • D: M-100

Correct Answer: BD

Question 5

What are three valid method of user mapping? (Choose three)

  • A: Syslog
  • B: XML API
  • C: 802.1X
  • D: WildFire
  • E: Server Monitoring

Correct Answer: ABE

Question 6

A network security engineer is asked to provide a report on bandwidth usage. Which tab in the ACC provides the information needed to create the report?

  • A: Blocked Activity
  • B: Bandwidth Activity
  • C: Threat Activity
  • D: Network Activity

Correct Answer: D

The Network Activity tab of the Application Command Center (ACC) displays an overview of traffic and user activity on your network including:
Top applications in use
Top users who generate traffic (with a drill down into the bytes, content, threats or URLs accessed by the user)
Most used security rules against which traffic matches occur 
In addition, you can also view network activity by source or destination zone, region, or IP address, ingress or egress interfaces, and GlobalProtect host information such as the operating systems of the devices most commonly used on the network.

Question 7

Which three options does the WF-500 appliance support for local analysis? (Choose three)

  • A: E-mail links
  • B: APK files
  • C: jar files
  • D: PNG files
  • E: Portable Executable (PE) files

Correct Answer: ACE


Question 8

After pushing a security policy from Panorama to a PA-3020 firewall, the firewall administrator notices that traffic logs from the PA-3020 are not appearing in Panorama's traffic logs. What could be the problem?

  • A: A Server Profile has not been configured for logging to this Panorama device.
  • B: Panorama is not licensed to receive logs from this particular firewall.
  • C: The firewall is not licensed for logging to this Panorama device.
  • D: None of the firewall's policies have been assigned a Log Forwarding profile

Correct Answer: D

In order to see entries in the Panorama Monitor > Traffic or Monitor > Log screens, a profile must be created on the Palo Alto Networks device (or pushed from Panorama) to forward log traffic to Panorama.
1. Go to Policies > Security and open the Options for a rule.
2. Under Log Setting, select New for Log Forwarding to create a new forwarding profile:



Question 9

A critical US-CERT notification is published regarding a newly discovered botnet. The malware is very evasive and is not reliably detected by endpoint antivirus software. Furthermore, SSL is used to tunnel malicious traffic to command-and-control servers on the internet and SSL Forward Proxy Decryption is not enabled.
Which component once enabled on a perimeter firewall will allow the identification of existing infected hosts in an environment?

  • A: Anti-Spyware profiles applied outbound security policies with DNS Query action set to sinkhole
  • B: File Blocking profiles applied to outbound security policies with action set to alert
  • C: Vulnerability Protection profiles applied to outbound security policies with action set to block
  • D: Antivirus profiles applied to outbound security policies with action set to alert

Correct Answer: A

Starting with PAN-OS 6.0, DNS sinkhole is an action that can be enabled in Anti-Spyware profiles. A DNS sinkhole can be used to identify infected hosts on a protected network using DNS traffic in environments where the firewall can see the DNS query to a malicious URL.
The DNS sinkhole enables the Palo Alto Networks device to forge a response to a DNS query for a known malicious domain/URL and causes the malicious domain name to resolve to a definable IP address (fake IP) that is given to the client. If the client attempts to access the fake IP address and there is a security rule in place that blocks traffic to this IP, the information is recorded in the logs.

Question 10

Which two statements are correct for the out-of-box configuration for Palo Alto Networks NGFWs? (Choose two)

  • A: The devices are pre-configured with a virtual wire pair out the first two interfaces.
  • B: The devices are licensed and ready for deployment.
  • C: The management interface has an IP address of and allows SSH and HTTPSconnections.
  • D: A default bidirectional rule is configured that allows Untrust zone traffic to go to the Trust zone.
  • E: The interfaces are pingable.

Correct Answer: AC





You can buy ProfExam with a 20% discount!


Use ProfExam Simulator to open VCEX and EXAM files