Palo Alto Networks Certified Network Security Engineer - PCNSE Exam Questions
QUESTION NO: 1
An administrator needs to evaluate a recent policy change that was committed and pushed to a firewall device group. How should the administrator identify the configuration changes?
An administrator needs to evaluate a recent policy change that was committed and pushed to a firewall device group. How should the administrator identify the configuration changes?
Correct Answer: B
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 2
A threat intelligence team has requested more than a dozen Short signatures to be deployed on all perimeter Palo Alto Networks firewalls. How does the firewall engineer fulfill this request with the least time to implement?
A threat intelligence team has requested more than a dozen Short signatures to be deployed on all perimeter Palo Alto Networks firewalls. How does the firewall engineer fulfill this request with the least time to implement?
Correct Answer: A
QUESTION NO: 3
A network engineer has discovered that asymmetric routing is causing a Palo Alto Networks firewall to drop traffic. The network architecture cannot be changed to correct this.
Which two actions can be taken on the firewall to allow the dropped traffic permanently? (Choose two.)
A network engineer has discovered that asymmetric routing is causing a Palo Alto Networks firewall to drop traffic. The network architecture cannot be changed to correct this.
Which two actions can be taken on the firewall to allow the dropped traffic permanently? (Choose two.)
Correct Answer: C,D
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 4
A firewall engineer is tasked with defining signatures for a custom application. Which two sources can the engineer use to gather information about the application patterns'? (Choose two.)
A firewall engineer is tasked with defining signatures for a custom application. Which two sources can the engineer use to gather information about the application patterns'? (Choose two.)
Correct Answer: A,B
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 5
In which two scenarios would it be necessary to use Proxy IDs when configuring site-to-site VPN Tunnels?
(Choose two.)
In which two scenarios would it be necessary to use Proxy IDs when configuring site-to-site VPN Tunnels?
(Choose two.)
Correct Answer: B,C
QUESTION NO: 6
As a best practice, which URL category should you target first for SSL decryption?
As a best practice, which URL category should you target first for SSL decryption?
Correct Answer: B
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 7
A new firewall has the Threat Prevention subscription, but the Antivirus does not appear in Dynamic Updates.
What must occur to have Antivirus signatures update?
A new firewall has the Threat Prevention subscription, but the Antivirus does not appear in Dynamic Updates.
What must occur to have Antivirus signatures update?
Correct Answer: A
QUESTION NO: 8
Which three firewall multi-factor authentication factors are supported by PAN-OS? (Choose three.)
Which three firewall multi-factor authentication factors are supported by PAN-OS? (Choose three.)
Correct Answer: B,C,D
QUESTION NO: 9
A network administrator notices a false-positive state after enabling Security profiles. When the administrator checks the threat prevention logs, the related signature displays the following:
threat type: spyware category: dns-c2 threat ID: 1000011111
Which set of steps should the administrator take to configure an exception for this signature?
A network administrator notices a false-positive state after enabling Security profiles. When the administrator checks the threat prevention logs, the related signature displays the following:
threat type: spyware category: dns-c2 threat ID: 1000011111
Which set of steps should the administrator take to configure an exception for this signature?
Correct Answer: A
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 10
A network security administrator wants to inspect HTTPS traffic from users as it egresses through a firewall to the Internet/Untrust zone from trusted network zones.
The security admin wishes to ensure that if users are presented with invalid or untrusted security certificates, the user will see an untrusted certificate warning.
What is the best choice for an SSL Forward Untrust certificate?
A network security administrator wants to inspect HTTPS traffic from users as it egresses through a firewall to the Internet/Untrust zone from trusted network zones.
The security admin wishes to ensure that if users are presented with invalid or untrusted security certificates, the user will see an untrusted certificate warning.
What is the best choice for an SSL Forward Untrust certificate?
Correct Answer: B
QUESTION NO: 11
Which two scripting file types require direct upload to the Advanced WildFire portal/API for analysis?
(Choose two.)
Which two scripting file types require direct upload to the Advanced WildFire portal/API for analysis?
(Choose two.)
Correct Answer: A,C
QUESTION NO: 12
Which protocol is supported by GlobalProtect Clientless VPN?
Which protocol is supported by GlobalProtect Clientless VPN?
Correct Answer: B
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 13
ln a security-first network, what is the recommended threshold value for apps and threats to be dynamically updated?
ln a security-first network, what is the recommended threshold value for apps and threats to be dynamically updated?
Correct Answer: C
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
