Download Palo Alto Networks.PCNSE9.CertDumps.2020-05-29.20q.vcex

Download Exam

File Info

Exam Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 9-0
Number PCNSE9
File Name Palo Alto Networks.PCNSE9.CertDumps.2020-05-29.20q.vcex
Size 949 KB
Posted May 29, 2020
Download Palo Alto Networks.PCNSE9.CertDumps.2020-05-29.20q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase

Coupon: MASTEREXAM
With discount: 20%





Demo Questions

Question 1

Which two actions would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL Forward Proxy? (Choose two.)


  1. Create a no-decrypt Decryption Policy rule.
  2. Configure an EDL to pull IP addresses of known sites resolved from a CRL.
  3. Create a Dynamic Address Group for untrusted sites
  4. Create a Security Policy rule with vulnerability Security Profile attached.
  5. Enable the "Block sessions with untrusted issuers" setting.
Correct answer: AD



Question 2

Which two features does PAN-OS® software use to identify applications? (Choose two)


  1. port number
  2. session number
  3. transaction characteristics
  4. application layer payload
Correct answer: CD
Explanation:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/app-id/application-levelgateways#
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/app-id/application-levelgateways#



Question 3

The certificate information displayed in the following image is for which type of certificate?
Exhibit:


  1. Forward Trust certificate
  2. Self-Signed Root CA certificate
  3. Web Server certificate
  4. Public CA signed certificate
Correct answer: B



Question 4

A global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck near the User-ID agent server. Which solution in PAN-OS® software would help in this case?


  1. Application override
  2. Redistribution of user mappings
  3. Virtual Wire mode
  4. Content inspection
Correct answer: B



Question 5

When configuring a GlobalProtect Portal, what is the purpose of specifying an
Authentication Profile?


  1. To enable Gateway authentication to the Portal
  2. To enable Portal authentication to the Gateway
  3. To enable user authentication to the Portal
  4. To enable client machine authentication to the Portal
Correct answer: C
Explanation:
The additional options of Browser and Satellite enable you to specify the authentication profile to use for specific scenarios. Select Browser to specify the authentication profile to use to authenticate a user accessing the portal from a web browser with the intent of downloading the GlobalProtect agent (Windows and Mac). Select Satellite to specify the authentication profile to use to authenticate the satellite.Reference:https://www.paloaltonetworks.com/documentation/71/pan-os/web-interfacehelp/globalprotect/network-globalpr
The additional options of Browser and Satellite enable you to specify the authentication profile to use for specific scenarios. Select Browser to specify the authentication profile to use to authenticate a user accessing the portal from a web browser with the intent of downloading the GlobalProtect agent (Windows and Mac). Select Satellite to specify the authentication profile to use to authenticate the satellite.
Reference:
https://www.paloaltonetworks.com/documentation/71/pan-os/web-interfacehelp/globalprotect/network-globalpr



Question 6

A customer wants to combine multiple Ethernet interfaces into a single virtual interface using link aggregation. Which two formats are correct for naming aggregate interfaces? (Choose two.)


  1. ae.8
  2. aggregate.1
  3. ae.1
  4. aggregate.8
Correct answer: AC



Question 7

View the GlobalProtect configuration screen apture.
 
What is the purpose of this configuration?


  1. It configures the tunnel address of all internal clients to an IP address range starting at 192.168.10.1.
  2. It forces an internal client to connect to an internal gateway at IP address 192.168.10.1.
  3. It enables a client to perform a reverse DNS lookup on 192.168.10.1 to detect that it is an internal client.
  4. It forces the firewall to perform a dynamic DNS update, which adds the internal gateway’s hostname and IP address to the DNS server.
Correct answer: C



Question 8

Which CLI command can be used to export the tcpdump capture?


  1. scp export tcpdump from mgmt.pcap to <username@host:path>
  2. scp extract mgmt-pcap from mgmt.pcap to <username@host:path>
  3. scp export mgmt-pcap from mgmt.pcap to <username@host:path>
  4. download mgmt.-pcap
Correct answer: C



Question 9

In High Availability, which information is transferred via the HA data link?


  1. session information
  2. heartbeats
  3. HA state information
  4. User-ID information
Correct answer: A



Question 10

Which three user authentication services can be modified to provide the Palo Alto Networks NGFW with both usernames and role names? (Choose three.)


  1. TACACS+
  2. Kerberos
  3. PAP
  4. LDAP
  5. SAML
  6. RADIUS
Correct answer: AEF
Explanation:
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/firewalladministration/manage-firewall-administra
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/firewalladministration/manage-firewall-administra









CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!

Get Now!


HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files