Download Palo Alto Networks.PCNSE.ExamLabs.2019-12-04.92q.vcex

Download Exam

File Info

Exam Palo Alto Networks Certified Network Security Engineer
Number PCNSE
File Name Palo Alto Networks.PCNSE.ExamLabs.2019-12-04.92q.vcex
Size 3 MB
Posted Dec 04, 2019
Download Palo Alto Networks.PCNSE.ExamLabs.2019-12-04.92q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase

Coupon: MASTEREXAM
With discount: 20%





Demo Questions

Question 1

Which CLI command is used to simulate traffic going through the firewall and determine which Security policy rule, NAT translation, static route, or PBF rule will be triggered by the traffic?


  1. check
  2. find
  3. test
  4. sim
Correct answer: C
Explanation:
Reference: http://www.shanekillen.com/2014/02/palo-alto-useful-cli-commands.html
Reference: http://www.shanekillen.com/2014/02/palo-alto-useful-cli-commands.html



Question 2

An administrator has been asked to configure a Palo Alto Networks NGFW to provide protection against worms and trojans. 
Which Security Profile type will protect against worms and trojans?


  1. Anti-Spyware
  2. Instruction Prevention
  3. File Blocking
  4. Antivirus
Correct answer: D
Explanation:
Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/policy/security-profiles
Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/policy/security-profiles



Question 3

An administrator pushes a new configuration from Panorama to a pair of firewalls that are configured as an active/passive HA pair. 
Which NGFW receives the configuration from Panorama?


  1. The Passive firewall, which then synchronizes to the active firewall
  2. The active firewall, which then synchronizes to the passive firewall
  3. Both the active and passive firewalls, which then synchronize with each other
  4. Both the active and passive firewalls independently, with no synchronization afterward
Correct answer: C



Question 4

When configuring a GlobalProtect Portal, what is the purpose of specifying an Authentication Profile?


  1. To enable Gateway authentication to the Portal
  2. To enable Portal authentication to the Gateway
  3. To enable user authentication to the Portal
  4. To enable client machine authentication to the Portal
Correct answer: C
Explanation:
The additional options of Browser and Satellite enable you to specify the authentication profile to use for specific scenarios. Select Browser to specify the authentication profile to use to authenticate a user accessing the portal from a web browser with the intent of downloading the GlobalProtect agent (Windows and Mac). Select Satellite to specify the authentication profile to use to authenticate the satellite. Reference https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/globalprotect/network-globalprotect-portals
The additional options of Browser and Satellite enable you to specify the authentication profile to use for specific scenarios. Select Browser to specify the authentication profile to use to authenticate a user accessing the portal from a web browser with the intent of downloading the GlobalProtect agent (Windows and Mac). Select Satellite to specify the authentication profile to use to authenticate the satellite. 
Reference https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/globalprotect/network-globalprotect-portals



Question 5

If a template stack is assigned to a device and the stack includes three templates with overlapping settings, which settings are published to the device when the template stack is pushed?


  1. The settings assigned to the template that is on top of the stack.
  2. The administrator will be promoted to choose the settings for that chosen firewall.
  3. All the settings configured in all templates.
  4. Depending on the firewall location, Panorama decides with settings to send.
Correct answer: A



Question 6

How does an administrator schedule an Applications and Threats dynamic update while delaying installation of the update for a certain amount of time?


  1. Configure the option for “Threshold”.
  2. Disable automatic updates during weekdays.
  3. Automatically “download only” and then install Applications and Threats later, after the administrator approves the update.
  4. Automatically “download and install” but with the “disable new applications” option used.
Correct answer: C



Question 7

An administrator encountered problems with inbound decryption. Which option should the administrator investigate as part of triage?


  1. Security policy rule allowing SSL to the target server
  2. Firewall connectivity to a CRL
  3. Root certificate imported into the firewall with “Trust” enabled
  4. Importation of a certificate from an HSM
Correct answer: A
Explanation:
Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/decryption/configure-ssl-inbound-inspection
Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/decryption/configure-ssl-inbound-inspection



Question 8

Which two virtualization platforms officially support the deployment of Palo Alto Networks VM-Series firewalls? (Choose two.)


  1. Red Hat Enterprise Virtualization (RHEV)
  2. Kernel Virtualization Module (KVM)
  3. Boot Strap Virtualization Module (BSVM)
  4. Microsoft Hyper-V
Correct answer: BD
Explanation:
Reference: https://www.paloaltonetworks.com/products/secure-the-network/virtualized-next-generation-firewall/vm-series
Reference: https://www.paloaltonetworks.com/products/secure-the-network/virtualized-next-generation-firewall/vm-series



Question 9

Decrypted packets from the website https://www.microsoft.com will appear as which application  and service within the Traffic log?


  1. web-browsing and 443
  2. SSL and 80
  3. SSL and 443
  4. web-browsing and 80
Correct answer: B



Question 10

A user’s traffic traversing a Palo Alto Networks NGFW sometimes can reach http://www.company.com. At other times the session times out. The NGFW has been configured with a PBF rule that the user’s traffic matches when it goes to http://www.company.com.
How can the firewall be configured automatically disable the PBF rule if the next hop goes down?


  1. Create and add a Monitor Profile with an action of Wait Recover in the PBF rule in question.
  2. Create and add a Monitor Profile with an action of Fail Over in the PBF rule in question.
  3. Enable and configure a Link Monitoring Profile for the external interface of the firewall.
  4. Configure path monitoring for the next hop gateway on the default route in the virtual router.
Correct answer: D









CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!

Get Now!


HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files