File Info
| Exam | Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 9-0 |
| Number | PCNSE9 |
| File Name | Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 9-0.CertDumps.PCNSE9.2020-05-29.1e.20q.vcex |
| Size | 949 Kb |
| Posted | May 29, 2020 |
| Downloads | 41 |
| Download | Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 9-0.CertDumps.PCNSE9.2020-05-29.1e.20q.vcex |
How to open VCEX & EXAM Files?
Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.
Coupon: MASTEREXAM
With discount: 20%
Demo Questions
Which two actions would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL Forward Proxy? (Choose two.)
- A: Create a no-decrypt Decryption Policy rule.
- B: Configure an EDL to pull IP addresses of known sites resolved from a CRL.
- C: Create a Dynamic Address Group for untrusted sites
- D: Create a Security Policy rule with vulnerability Security Profile attached.
- E: Enable the "Block sessions with untrusted issuers" setting.
Correct Answer: AD
Which two features does PAN-OS® software use to identify applications? (Choose two)
- A: port number
- B: session number
- C: transaction characteristics
- D: application layer payload
Correct Answer: CD
The certificate information displayed in the following image is for which type of certificate?
Exhibit:
- A: Forward Trust certificate
- B: Self-Signed Root CA certificate
- C: Web Server certificate
- D: Public CA signed certificate
Correct Answer: B
A global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck near the User-ID agent server. Which solution in PAN-OS® software would help in this case?
- A: Application override
- B: Redistribution of user mappings
- C: Virtual Wire mode
- D: Content inspection
Correct Answer: B
When configuring a GlobalProtect Portal, what is the purpose of specifying an
Authentication Profile?
- A: To enable Gateway authentication to the Portal
- B: To enable Portal authentication to the Gateway
- C: To enable user authentication to the Portal
- D: To enable client machine authentication to the Portal
Correct Answer: C
Reference:
https://www.paloaltonetworks.com/documentation/71/pan-os/web-interfacehelp/globalprotect/network-globalpr
A customer wants to combine multiple Ethernet interfaces into a single virtual interface using link aggregation. Which two formats are correct for naming aggregate interfaces? (Choose two.)
- A: ae.8
- B: aggregate.1
- C: ae.1
- D: aggregate.8
Correct Answer: AC
View the GlobalProtect configuration screen apture.
What is the purpose of this configuration?
- A: It configures the tunnel address of all internal clients to an IP address range starting at 192.168.10.1.
- B: It forces an internal client to connect to an internal gateway at IP address 192.168.10.1.
- C: It enables a client to perform a reverse DNS lookup on 192.168.10.1 to detect that it is an internal client.
- D: It forces the firewall to perform a dynamic DNS update, which adds the internal gateway’s hostname and IP address to the DNS server.
Correct Answer: C
Which CLI command can be used to export the tcpdump capture?
- A: scp export tcpdump from mgmt.pcap to <[email protected]:path>
- B: scp extract mgmt-pcap from mgmt.pcap to <[email protected]:path>
- C: scp export mgmt-pcap from mgmt.pcap to <[email protected]:path>
- D: download mgmt.-pcap
Correct Answer: C
In High Availability, which information is transferred via the HA data link?
- A: session information
- B: heartbeats
- C: HA state information
- D: User-ID information
Correct Answer: A
Which three user authentication services can be modified to provide the Palo Alto Networks NGFW with both usernames and role names? (Choose three.)
- A: TACACS+
- B: Kerberos
- C: PAP
- D: LDAP
- E: SAML
- F: RADIUS
Correct Answer: AEF
