Improve PCNSE Cram 2021

Testking PCNSE Questions are updated and all PCNSE answers are verified by experts. Once you have completely prepared with our PCNSE exam prep kits you will be ready for the real PCNSE exam without a problem. We have Refresh Paloalto-Networks PCNSE dumps study guide. PASSED PCNSE First attempt! Here What I Did.

Check PCNSE free dumps before getting the full version:

NEW QUESTION 1
Palo Alto Networks maintains a dynamic database of malicious domains.
Which two Security Platform components use this database to prevent threats? (Choose two)

  • A. Brute-force signatures
  • B. BrightCloud Url Filtering
  • C. PAN-DB URL Filtering
  • D. DNS-based command-and-control signatures

Answer: CD

NEW QUESTION 2
Refer to the exhibit.
PCNSE dumps exhibit
An administrator cannot see any of the Traffic logs from the Palo Alto Networks NGFW on Panorama. The configuration problem seems to be on the firewall side. Where is the best place on the Palo Alto Networks NGFW to check whether the configuration is correct?
A)
PCNSE dumps exhibit
B)
PCNSE dumps exhibit
C)
PCNSE dumps exhibit
D)
PCNSE dumps exhibit

  • A. Option A
  • B. Option B
  • C. Option C
  • D. Option D

Answer: D

NEW QUESTION 3
An administrator has left a firewall to use the default port for all management services. Which three
functions are performed by the dataplane? (Choose three.)

  • A. WildFire updates
  • B. NAT
  • C. NTP
  • D. antivirus E.File blocking

Answer: ABC

NEW QUESTION 4
An administrator using an enterprise PKI needs to establish a unique chain of trust to ensure mutual authentication between Panorama and the managed firewalls and Log Collectors.
How would the administrator establish the chain of trust?

  • A. Use custom certificates
  • B. Enable LDAP or RADIUS integration
  • C. Set up multi-factor authentication
  • D. Configure strong password authentication

Answer: A

Explanation:
Reference:
https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/panorama-overview/plan-your-panorama-deployment

NEW QUESTION 5
In High Availability, which information is transferred via the HA data link?

  • A. session information
  • B. heartbeats
  • C. HA state information
  • D. User-ID information

Answer: A

Explanation:
Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/high-availability/ha-links-and-backup-links

NEW QUESTION 6
What are two benefits of nested device groups in Panorama? (Choose two.)

  • A. Reuse of the existing Security policy rules and objects
  • B. Requires configuring both function and location for every device
  • C. All device groups inherit settings form the Shared group
  • D. Overwrites local firewall configuration

Answer: BC

NEW QUESTION 7
Which three options are supported in HA Lite? (Choose three.)

  • A. Virtual link
  • B. Active/passive deployment
  • C. Synchronization of IPsec security associations
  • D. Configuration synchronization
  • E. Session synchronization

Answer: BCD

Explanation:
Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/device/device-high-availability/ha-lite

NEW QUESTION 8
A distributed log collection deployment has dedicated log Collectors. A developer needs a device to send logs to Panorama instead of sending logs to the Collector Group.
What should be done first?

  • A. Remove the cable from the management interface, reload the log Collector and then re-connect that cable
  • B. Contact Palo Alto Networks Support team to enter kernel mode commands to allow adjustments
  • C. remove the device from the Collector Group
  • D. Revert to a previous configuration

Answer: C

NEW QUESTION 9
Which URL Filtering Security Profile action logs the URL Filtering category to the URL Filtering log?

  • A. Log
  • B. Alert
  • C. Allow
  • D. Default

Answer: B

Explanation:
https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/url-filtering/url-filtering- profile-actions

NEW QUESTION 10
Which Palo Alto Networks VM-Series firewall is supported for VMware NSX?

  • A. VM-100
  • B. VM-200
  • C. VM-1000-HV
  • D. VM-300

Answer: C

NEW QUESTION 11
A company is upgrading its existing Palo Alto Networks firewall from version 7.0.1 to 7.0.4.
Which three methods can the firewall administrator use to install PAN-OS 8.0.4 across the enterprise?( Choose three)

  • A. Download PAN-OS 8.0.4 files from the support site and install them on each firewall after manually uploading.
  • B. Download PAN-OS 8.0.4 to a USB drive and the firewall will automatically update after the USB drive is inserted in the firewall.
  • C. Push the PAN-OS 8.0.4 updates from the support site to install on each firewall.
  • D. Push the PAN-OS 8.0.4 update from one firewall to all of the other remaining after updating one firewall.
  • E. Download and install PAN-OS 8.0.4 directly on each firewall.
  • F. Download and push PAN-OS 8.0.4 from Panorama to each firewall.

Answer: ACF

NEW QUESTION 12
What is the purpose of the firewall decryption broker?

  • A. Decrypt SSL traffic a then send it as cleartext to a security chain of inspection tools
  • B. Force decryption of previously unknown cipher suites
  • C. Inspection traffic within IPsec tunnel
  • D. Reduce SSL traffic to a weaker cipher before sending it to a security chain of inspection tools

Answer: A

NEW QUESTION 13
Which three firewall states are valid? (Choose three.)

  • A. Active
  • B. Functional
  • C. Pending
  • D. Passive
  • E. Suspended

Answer: ADE

Explanation:
Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/high-availability/ha-firewall-states

NEW QUESTION 14
If a template stack is assigned to a device and the stack includes three templates with overlapping settings, which settings are published to the device when the template stack is pushed?

  • A. The settings assigned to the template that is on top of the stack.
  • B. The administrator will be promoted to choose the settings for that chosen firewall.
  • C. All the settings configured in all templates.
  • D. Depending on the firewall location, Panorama decides with settings to send.

Answer: B

Explanation:
Reference:
https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/manage-firewalls/manage-templates-and-template-stacks/configure-a-template-stack

NEW QUESTION 15
Which GlobalProtect Client connect method requires the distribution and use of machine certificates?

  • A. User-logon (Always on)
  • B. At-boot
  • C. On-demand
  • D. Pre-logon

Answer: D

NEW QUESTION 16
Several offices are connected with VPNs using static IPv4 routes. An administrator has been tasked with implementing OSPF to replace static routing.
Which step is required to accomplish this goal?

  • A. Assign an IP address on each tunnel interface at each site
  • B. Enable OSPFv3 on each tunnel interface and use Area ID 0.0.0.0
  • C. Assign OSPF Area ID 0.0.0.0 to all Ethernet and tunnel interfaces
  • D. Create new VPN zones at each site to terminate each VPN connection

Answer: C

NEW QUESTION 17
An administrator needs to upgrade an NGFW to the most current version of PAN-OS® software. The following is occurring:
•Firewall has Internet connectivity through e1/1.
•Default security rules and security rules allowing all SSL and web-browsing traffic to and from any zone.
•Service route is configured, sourcing update traffic from e1/1.
•A communication error appears in the System logs when updates are performed.
•Download does not complete.
What must be configured to enable the firewall to download the current version of PAN-OS software?

  • A. DNS settings for the firewall to use for resolution
  • B. scheduler for timed downloads of PAN-OS software
  • C. static route pointing application PaloAlto-updates to the update servers
  • D. Security policy rule allowing PaloAlto-updates as the application

Answer: D

NEW QUESTION 18
Several offices are connected with VPNs using static IPV4 routes. An administrator has been tasked with implementing OSPF to replace static routing.
Which step is required to accoumplish this goal?

  • A. Assign an IP address on each tunnel interface at each site
  • B. Enable OSPFv3 on each tunnel interface and use Area ID 0.0.0.0
  • C. Assign OSPF Area ID 0.0.0.0 to all Ethernet and tunnel interfaces
  • D. Create new VPN zones at each site to terminate each VPN connection

Answer: C

NEW QUESTION 19
Which three rule types are available when defining policies in Panorama? (Choose three.)

  • A. Pre Rules
  • B. Post Rules
  • C. Default Rules
  • D. Stealth Rules
  • E. Clean Up Rules

Answer: ABC

Explanation:
https://www.paloaltonetwoHYPERLINK "https://www.paloaltonetworks.com/documentation/71/pan-os/web-interface-help/panorama- web-interface/defining-policies-on-panorama"rks.com/documentation/71/pan-os/web-
interHYPERLINK "https://www.paloaltonetworks.com/documentation/71/pan-os/web-interface- help/panorama-web-interface/defining-policies-on-panorama"face-help/panorama-web- interface/defining-policies-on-panorama

NEW QUESTION 20
How is the Forward Untrust Certificate used?

  • A. It issues certificates encountered on the Untrust security zone when clients attempt to connect to a site that has be decrypted/
  • B. It is used when web servers request a client certificate.
  • C. It is presented to clients when the server they are connecting to is signed by a certificate authority that is not trusted by firewall.
  • D. It is used for Captive Portal to identify unknown users.

Answer: C

NEW QUESTION 21
DRAG DROP
When using the predefined default profile, the policy will inspect for viruses on the decoders. Match each decoder with its default action.
Answer options may be used more than once or not at all.
PCNSE dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
PCNSE dumps exhibit

NEW QUESTION 22
What must be used in Security Policy Rule that contain addresses where NAT policy applies?

  • A. Pre-NAT addresse and Pre-NAT zones
  • B. Post-NAT addresse and Post-Nat zones
  • C. Pre-NAT addresse and Post-Nat zones
  • D. Post-Nat addresses and Pre-NAT zones

Answer: C

NEW QUESTION 23
A customer wants to combine multiple Ethernet interfaces into a single virtual interface using link aggregation. Which two formats are correct for naming aggregate interfaces? (Choose two.)

  • A. ae.8
  • B. aggregate.1
  • C. ae.1
  • D. aggregate.8

Answer: AC

NEW QUESTION 24
When configuring a GlobalProtect Portal, what is the purpose of specifying an Authentication Profile?

  • A. To enable Gateway authentication to the Portal
  • B. To enable Portal authentication to the Gateway
  • C. To enable user authentication to the Portal
  • D. To enable client machine authentication to the Portal

Answer: C

Explanation:
The additional options of Browser and Satellite enable you to specify the authentication profile to use for specific scenarios. Select Browser to specify the authentication profile to use to authenticate a user accessing the portal from a web browser with the intent of downloading the GlobalProtect agent (Windows and Mac). Select Satellite to specify the authentication profile to use to authenticate the satellite.
Reference https://www.paloaltonetworks.com/documentation/71/pan-os/web-interface-help/globalprotect/network-globalprotect-portals

NEW QUESTION 25
The GlobalProtect Portal interface and IP address have been configured. Which other value needs to be defined to complete the network settings configuration of GlobalPortect Portal?

  • A. Server Certificate
  • B. Client Certificate
  • C. Authentication Profile
  • D. Certificate Profile

Answer: A

Explanation:
(https://live.paloaltonetworks.HYPERLINK "https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-GlobalProtect/ta-p/58351"com/t5/Configuration-Articles/How-to- Configure-GlobalProtect/ta-p/58351)

NEW QUESTION 26
Which method will dynamically register tags on the Palo Alto Networks NGFW?

  • A. Restful API or the VMWare API on the firewall or on the User-ID agent or the read-only domain controller (RODC)
  • B. Restful API or the VMware API on the firewall or on the User-ID agent
  • C. XML-API or the VMware API on the firewall or on the User-ID agent or the CLI
  • D. XML API or the VM Monitoring agent on the NGFW or on the User-ID agent

Answer: D

Explanation:
Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/policy/register-ip-addresses-and-tags-dynamically

NEW QUESTION 27
Which is the maximum number of samples that can be submitted to WildFire per day, based on wildfire subscription?

  • A. 15,000
  • B. 10,000
  • C. 75,00
  • D. 5,000

Answer: B

NEW QUESTION 28
Which authentication source requires the installation of Palo Alto Networks software, other than PAN-OS 7x, to obtain a username-to-IP-address mapping?

  • A. Microsoft Active Directory
  • B. Microsoft Terminal Services
  • C. Aerohive Wireless Access Point
  • D. Palo Alto Networks Captive Portal

Answer: B

NEW QUESTION 29
......

P.S. Easily pass PCNSE Exam with 255 Q&As Certleader Dumps & pdf Version, Welcome to Download the Newest Certleader PCNSE Dumps: https://www.certleader.com/PCNSE-dumps.html (255 New Questions)