Palo Alto Networks PCNSE

Palo Alto Networks Certified Network Security

Engineer
Palo Alto Networks PCNSE Dumps Available Here at:
https://www.certification-questions.com/palo-alto-networks-exam/pcnse-dumps.html

Enrolling now you will get access to 445 questions in a unique set of
PCNSE dumps

DRAG DROP
An engineer is troubleshooting traffic routing through the virtual router. The firewall uses multiple
routing protocols, and the engineer is trying to determine routing priority Match the default
Administrative Distances for each routing protocol.

[PIC-3-2391921712]

Explanation:

Question 1
DRAG DROP
An engineer is troubleshooting traffic routing through the virtual router. The firewall uses multiple
routing protocols, and the engineer is trying to determine routing priority Match the default
Administrative Distances for each routing protocol.

https://www.certification-questions.com
Palo Alto Networks PCNSE

Explanation:

Options:

A.

Answer: A

An engineer needs to permit XML API access to a firewall for automation on a network segment that
is routed through a Layer 3 subinterface on a Palo Alto Networks firewall. However this network

segment cannot access the dedicated management interface due to the Security policy
Without changing the existing access to the management interface how can the engineer fulfill this
request?

Question 2
An engineer needs to permit XML API access to a firewall for automation on a network segment that
is routed through a Layer 3 subinterface on a Palo Alto Networks firewall. However this network

https://www.certification-questions.com
Palo Alto Networks PCNSE

segment cannot access the dedicated management interface due to the Security policy
Without changing the existing access to the management interface how can the engineer fulfill this
request?

Options:

A. Enable HTTPS in an Interface Management profile on the subinterface

B. Add the network segment's IP range to the Permitted IP Addresses list

C. Specify the subinterface as a management interface in Setup > Device > Interfaces

D. Configure a service route for HTTP to use the subinterface

Answer: A

Explanation:

Explanation:

A Panorama administrator configures a new zone and uses the zone in a new Security policy.
After the administrator commits the configuration to Panorama, which device-group commit push
operation should the administrator use to ensure that the push is successful?

Question 3
A Panorama administrator configures a new zone and uses the zone in a new Security policy.
After the administrator commits the configuration to Panorama, which device-group commit push
operation should the administrator use to ensure that the push is successful?

Options:

A. force template values

B. merge with candidate config

C. specify the template as a reference template

D. include device and network templates

Answer: D

Explanation:

Explanation:

An administrator cannot see any Traffic logs from the Palo Alto Networks NGFW in Panorama reports.
The configuration problem seems to be on the firewall. Which settings if configured incorrectly most
likely would stop only Traffic logs from being sent from the NGFW to Panorama?
A)

https://www.certification-questions.com
Palo Alto Networks PCNSE

[PIC-4-1987379897]

B)

[PIC-5-3446159453]

C)

[PIC-6-1847646508]

D)

[PIC-7-1249216047]

Question 4
An administrator cannot see any Traffic logs from the Palo Alto Networks NGFW in Panorama reports.
The configuration problem seems to be on the firewall. Which settings if configured incorrectly most
likely would stop only Traffic logs from being sent from the NGFW to Panorama?
A)

https://www.certification-questions.com
Palo Alto Networks PCNSE

B)

C)

https://www.certification-questions.com
Palo Alto Networks PCNSE

D)

Options:

A. Option A

B. Option B

C. Option C

D. Option D

https://www.certification-questions.com
Palo Alto Networks PCNSE

Answer: B

Explanation:

Explanation:

A network administrator configured a site-to-site VPN tunnel where the peer device will act as
initiator None of the peer addresses are known What can the administrator configure to establish the
VPN connection1?

Question 5
A network administrator configured a site-to-site VPN tunnel where the peer device will act as
initiator None of the peer addresses are known What can the administrator configure to establish the
VPN connection1?

Options:

A. Set up certificate authentication

B. Enable Passive Mode

C. Use the Dynamic IP address type

D. Configure the peer address as an FQDN

Answer: C

Explanation:

Explanation:

A network security engineer wants to prevent resource-consumption issues on the firewall.

Which strategy is consistent with decryption best practices to ensure consistent performance?

Question 6
A network security engineer wants to prevent resource-consumption issues on the firewall.
Which strategy is consistent with decryption best practices to ensure consistent performance?

Options:

A. Use RSA in a Decryption profile tor higher-priority and higher-risk traffic, and use less
processor-

intensive decryption methods for lower-risk traffic

B. Use PFS in a Decryption profile for higher-priority and higher-risk traffic, and use less
processor-

https://www.certification-questions.com
Palo Alto Networks PCNSE

intensive decryption methods for tower-risk traffic

C. Use Decryption profiles to downgrade processor-intensive ciphers to ciphers that are less

processor-intensive

D. Use Decryption profiles to drop traffic that uses processor-intensive ciphers

Answer: B

Explanation:

Explanation:

What can you use with Global Protect to assign user-specific client certificates to each GlobalProtect
user?

Question 7
What can you use with Global Protect to assign user-specific client certificates to each GlobalProtect
user?

Options:

A. SSL/TLS Service profile

B. Certificate profile

C. SCEP

D. OCSP Responder

Answer: C

Explanation:

Explanation:

[PIC-8-3316708584]

In the screenshot above which two pieces ot information can be determined from the ACC
configuration shown? (Choose two )

Question 8

https://www.certification-questions.com
Palo Alto Networks PCNSE

In the screenshot above which two pieces ot information can be determined from the ACC
configuration shown? (Choose two )

Options:

A. The Network Activity tab will display all applications, including FTP.

B. Threats with a severity of "high" are always listed at the top of the Threat Name list

C. Insecure-credentials, brute-force and protocol-anomaly are all a part of the vulnerability Threat

Type

D. The ACC has been filtered to only show the FTP application

Answer: A, C

Explanation:

Explanation:

An administrator needs to assign a specific DNS server to one firewall within a device group. Where

https://www.certification-questions.com
Palo Alto Networks PCNSE

would the administrator go to edit a template variable at the device level?

Question 9
An administrator needs to assign a specific DNS server to one firewall within a device group. Where
would the administrator go to edit a template variable at the device level?

Options:

A. Variable CSV export under Panorama > templates

B. PDF Export under Panorama > templates

C. Manage variables under Panorama > templates

D. Managed Devices > Device Association

Answer: B

Explanation:

Explanation:

When configuring forward error correction (FEC) for PAN-OS SD-WAN, an administrator would turn
on the feature inside which type of SD-WAN profile?

Question 10
When configuring forward error correction (FEC) for PAN-OS SD-WAN, an administrator would turn
on the feature inside which type of SD-WAN profile?

Options:

A. Certificate profile

B. Path Quality profile

C. SD-WAN Interface profile

D. Traffic Distribution profile

Answer: C

Explanation:

Explanation:

Would you like to see more? Don't miss our PCNSE PDF
file at:

https://www.certification-questions.com
Palo Alto Networks PCNSE

https://www.certification-questions.com/palo-alto-networks-pdf/pcnse-pdf.html

https://www.certification-questions.com