Download Palo Alto Networks.PCNSE.PassLeader.2022-09-06.487q.vcex

Download Exam

File Info

Exam Palo Alto Networks Certified Network Security Engineer
Number PCNSE
File Name Palo Alto Networks.PCNSE.PassLeader.2022-09-06.487q.vcex
Size 33 MB
Posted Sep 06, 2022
Download Palo Alto Networks.PCNSE.PassLeader.2022-09-06.487q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase

Coupon: MASTEREXAM
With discount: 20%





Demo Questions

Question 1

A company.com wants to enable Application Override. Given the following screenshot:
Which two statements are true if Source and Destination traffic match the Application Override policy? (Choose two)
    


  1. Traffic that matches "rtp-base" will bypass the App-ID and Content-ID engines.
  2. Traffic will be forced to operate over UDP Port 16384.
  3. Traffic utilizing UDP Port 16384 will now be identified as "rtp-base".
  4. Traffic utilizing UDP Port 16384 will bypass the App-ID and Content-ID engines.
Correct answer: CD
Explanation:
An application override policy is changes how the Palo Alto Networks firewall classifies network traffic into applications. An application override with a custom application prevents the session from being processed by the App-ID engine, which is a Layer-7 inspection.https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Create-an-Application-Override-Policy/ta-p/60044
An application override policy is changes how the Palo Alto Networks firewall classifies network traffic into applications. An application override with a custom application prevents the session from being processed by the App-ID engine, which is a Layer-7 inspection.
https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Create-an-Application-Override-Policy/ta-p/60044



Question 2

Which three fields can be included in a pcap filter? (Choose three)


  1. Egress interface
  2. Source IP
  3. Rule number
  4. Destination IP
  5. Ingress interface
Correct answer: BDE
Explanation:
https://knowledgebase.paloaltonetworks.com/servlet/rtaImage?eid=ka10g000000U0KT&feoid=00N0g000003VPSv&refid=0EM0g000001Ja97
https://knowledgebase.paloaltonetworks.com/servlet/rtaImage?eid=ka10g000000U0KT&feoid=00N0g000003VPSv&refid=0EM0g000001Ja97



Question 3

What are three possible verdicts that WildFire can provide for an analyzed sample? (Choose three)


  1. Clean
  2. Bengin
  3. Adware
  4. Suspicious
  5. Grayware
  6. Malware
Correct answer: BEF
Explanation:
The WildFire verdicts are: Benign, Grayware, Malware.https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/monitoring/log-severity-levels-and-wildfire-verdicts
The WildFire verdicts are: Benign, Grayware, Malware.
https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/monitoring/log-severity-levels-and-wildfire-verdicts



Question 4

A logging infrastructure may need to handle more than 10,000 logs per second.
Which two options support a dedicated log collector function? (Choose two)


  1. Panorama virtual appliance on ESX(i) only
  2. M-500
  3. M-100 with Panorama installed
  4. M-100
Correct answer: BD



Question 5

What are three valid method of user mapping? (Choose three)


  1. Syslog
  2. XML API
  3. 802.1X
  4. WildFire
  5. Server Monitoring
Correct answer: ABE
Explanation:
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/user-id/map-ip-addresses-to-users.html#id61f141da-8b89-49c9-b34a-ed11b434d1db
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/user-id/map-ip-addresses-to-users.html#id61f141da-8b89-49c9-b34a-ed11b434d1db



Question 6

A host attached to ethernet1/3 cannot access the internet. The default gateway is attached to ethernet1/4. After troubleshooting. It is determined that traffic cannot pass from the ethernet1/3 to ethernet1/4. What can be the cause of the problem?


  1. DHCP has been set to Auto.
  2. Interface ethernet1/3 is in Layer 2 mode and interface ethernet1/4 is in Layer 3 mode.
  3. Interface ethernet1/3 and ethernet1/4 are in Virtual Wire Mode.
  4. DNS has not been properly configured on the firewall
Correct answer: B
Explanation:
In a Layer 2 deployment, the firewall provides switching between two or more interfaces. Each group of interfaces must be assigned to a VLAN object in order for the firewall to switch between them.In a Layer 3 deployment, the firewall routes traffic between ports. An IP address must be assigned to each interface and a virtual router must be defined to route the traffic. Choose this option when routing is required.https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/getting-started/basic-interface-deployments
In a Layer 2 deployment, the firewall provides switching between two or more interfaces. Each group of interfaces must be assigned to a VLAN object in order for the firewall to switch between them.
In a Layer 3 deployment, the firewall routes traffic between ports. An IP address must be assigned to each interface and a virtual router must be defined to route the traffic. Choose this option when routing is required.
https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/getting-started/basic-interface-deployments



Question 7

The IT department has received complaints abou VoIP call jitter when the sales staff is making or receiving calls. QoS is enabled on all firewall interfaces, but there is no QoS policy written in the rulebase. The IT manager wants to find out what traffic is causing the jitter in real time when a user reports the jitter.
Which feature can be used to identify, in real time, the applications taking up the most bandwidth?


  1. QoS Statistics
  2. Applications Report
  3. Application Command Center (ACC)
  4. QoS Log
Correct answer: C
Explanation:
Network ActivityDisplays an overview of traffic and user activity on your network including:Top applications in useTop users who generate traffic (with a drill down into the bytes, content, threats or URLs accessed by the user)Most used security rules against which traffic matches occurIn addition, you can also view network activity by source or destination zone, region, or IP address, ingress or egress interfaces, and GlobalProtect host information such as the operating systems of the devices most commonly used on the network.https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/monitoring/use-the-application-command-center/ acc-tabs.html#id36db6852-3120-48bd-9887-2d370c01f8d5
Network Activity
Displays an overview of traffic and user activity on your network including:
Top applications in use
Top users who generate traffic (with a drill down into the bytes, content, threats or URLs accessed by the user)
Most used security rules against which traffic matches occur
In addition, you can also view network activity by source or destination zone, region, or IP address, ingress or egress interfaces, and GlobalProtect host information such as the operating systems of the devices most commonly used on the network.
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/monitoring/use-the-application-command-center/ acc-tabs.html#id36db6852-3120-48bd-9887-2d370c01f8d5



Question 8

A network security engineer is asked to provide a report on bandwidth usage. Which tab in the ACC provides the information needed to create the report?


  1. Blocked Activity
  2. Bandwidth Activity
  3. Threat Activity
  4. Network Activity
Correct answer: D
Explanation:
The Network Activity tab of the Application Command Center (ACC) displays an overview of traffic and user activity on your network including:Top applications in useTop users who generate traffic (with a drill down into the bytes, content, threats or URLs accessed by the user)Most used security rules against which traffic matches occur In addition, you can also view network activity by source or destination zone, region, or IP address, ingress or egress interfaces, and GlobalProtect host information such as the operating systems of the devices most commonly used on the network.https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/monitoring/acc-tabs.html
The Network Activity tab of the Application Command Center (ACC) displays an overview of traffic and user activity on your network including:
Top applications in use
Top users who generate traffic (with a drill down into the bytes, content, threats or URLs accessed by the user)
Most used security rules against which traffic matches occur 
In addition, you can also view network activity by source or destination zone, region, or IP address, ingress or egress interfaces, and GlobalProtect host information such as the operating systems of the devices most commonly used on the network.
https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/monitoring/acc-tabs.html



Question 9

Which three options does the WF-500 appliance support for local analysis? (Choose three)


  1. E-mail links
  2. APK files
  3. jar files
  4. PNG files
  5. Portable Executable (PE) files
Correct answer: ACE
Explanation:
    
    



Question 10

Company.com has an in-house application that the Palo Alto Networks device doesn't identify correctly. A Threat Management Team member has mentioned that this in-house application is very sensitive and all traffic being identified needs to be inspected by the Content-ID engine.
Which method should company.com use to immediately address this traffic on a Palo Alto Networks device?


  1. Create a custom Application without signatures, then create an Application Override policy thatincludes the source, Destination, Destination Port/Protocol and Custom Application of the traffic.
  2. Wait until an official Application signature is provided from Palo Alto Networks.
  3. Modify the session timer settings on the closest referanced application to meet the needs of thein-house application
  4. Create a Custom Application with signatures matching unique identifiers of the in-houseapplication traffic
Correct answer: D
Explanation:
Create a Custom Application with a signature and attach it to a security policy, or create a custom application and define an application override policy--A custom application allows you to customize the definition of the internal application--its characteristics, category and sub-category,risk, port, timeout--and exercise granular policy control in order to minimize the range of unidentified traffic on your network. Creating a custom application also allows you to correctly identify the application in the ACC and traffic logs and is useful in auditing/reporting on the applications on your network. For a custom application you can specify a signature and a pattern that uniquely identifies the application and attach it to a security policy that allows or denies the application.Alternatively, if you would like the firewall to process the custom application using fast path (Layer-4 inspection instead of using App-ID for Layer-7 inspection), you can reference the custom application in an application override policy rule. An application override with a custom application will prevent the session from being processed by the App-ID engine, which is a Layer-7 inspection. Instead it forces the firewall to handle the session as a regular stateful inspection firewall at Layer-4, and thereby saves application processing time.For example, if you build a custom application that triggers on a host header www.mywebsite.com, the packets are first identified as web-browsing and then are matched as your custom application (whose parent application is web-browsing). Because the parent application is web-browsing, the custom application is inspected at Layer-7 and scanned for content and vulnerabilities.If you define an application override, the firewall stops processing at Layer-4. The custom application name is assigned to the session to help identify it in the logs, and the traffic is not scanned for threats.https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/app-id/manage-custom-or-unknown-applications.html#id74b58a78-164f-4dc5-aa4e-31ce62f2af0d
Create a Custom Application with a signature and attach it to a security policy, or create a custom application and define an application override policy--A custom application allows you to customize the definition of the internal application--its characteristics, category and sub-category,
risk, port, timeout--and exercise granular policy control in order to minimize the range of unidentified traffic on your network. Creating a custom application also allows you to correctly identify the application in the ACC and traffic logs and is useful in auditing/reporting on the applications on your network. For a custom application you can specify a signature and a pattern that uniquely identifies the application and attach it to a security policy that allows or denies the application.
Alternatively, if you would like the firewall to process the custom application using fast path (Layer-4 inspection instead of using App-ID for Layer-7 inspection), you can reference the custom application in an application override policy rule. An application override with a custom application will prevent the session from being processed by the App-ID engine, which is a Layer-7 inspection. Instead it forces the firewall to handle the session as a regular stateful inspection firewall at Layer-4, and thereby saves application processing time.
For example, if you build a custom application that triggers on a host header www.mywebsite.com, the packets are first identified as web-browsing and then are matched as your custom application (whose parent application is web-browsing). Because the parent application is web-browsing, the custom application is inspected at Layer-7 and scanned for content and vulnerabilities.
If you define an application override, the firewall stops processing at Layer-4. The custom application name is assigned to the session to help identify it in the logs, and the traffic is not scanned for threats.
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/app-id/manage-custom-or-unknown-applications.html#id74b58a78-164f-4dc5-aa4e-31ce62f2af0d









CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!

Get Now!


HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files