Paloalto Networks PCNSE Exam Questions and Answers 2021

We offers . "Palo Alto Networks Certified Security Engineer (PCNSE)PAN-OS 8.0", also known as PCNSE exam, is a Paloalto Networks Certification. This set of posts, Passing the PCNSE exam with , will help you answer those questions. The covers all the knowledge points of the real exam. 100% real and revised by experts!

Free PCNSE Demo Online For Microsoft Certifitcation:

A network administrator uses Panorama to push security polices to managed firewalls at branch offices. Which policy type should be configured on Panorama if the administrators at the branch office sites to override these products?

  • A. Pre Rules
  • B. Post Rules
  • C. Explicit Rules
  • D. Implicit Rules

Answer: A

How does Panorama prompt VMWare NSX to quarantine an infected VM?

  • A. HTTP Server Profile
  • B. Syslog Server Profile
  • C. Email Server Profile
  • D. SNMP Server Profile

Answer: A

Which option enables a Palo Alto Networks NGFW administrator to schedule Application and Threat updates while applying only new content-IDs to traffic?

  • A. Select download-and-install.
  • B. Select download-and-install, with "Disable new apps in content update" selected.
  • C. Select download-only.
  • D. Select disable application updates and select "Install only Threat updates"

Answer: C

Which feature can provide NGFWs with User-ID mapping information?

  • A. Web Captcha
  • B. Native 802.1q authentication
  • C. GlobalProtect
  • D. Native 802.1x authentication

Answer: C

NEW QUESTION 5 has an in-house application that the Palo Alto Networks device doesn't identify correctly. A Threat Management Team member has mentioned that this in-house application is very sensitive and all traffic being identified needs to be inspected by the Content-ID engine.
Which method should use to immediately address this traffic on a Palo Alto Networks device?

  • A. Create a custom Application without signatures, then create an Application Override policy that includes the source, Destination, Destination Port/Protocol and Custom Application of the traffic.
  • B. Wait until an official Application signature is provided from Palo Alto Networks.
  • C. Modify the session timer settings on the closest referanced application to meet the needs of the in-house application
  • D. Create a Custom Application with signatures matching unique identifiers of the in-house application traffic

Answer: D

An administrator has been asked to configure active/passive HA for a pair of Palo Alto Networks NGFWs. The administrator assigns priority 100 to the active firewall.
Which priority is correct for the passive firewall?

  • A. 99
  • B. 1
  • C. 255


Explanation: Reference: (page 9)

People are having intermittent quality issues during a live meeting via web application.

  • A. Use QoS profile to define QoS Classes
  • B. Use QoS Classes to define QoS Profile
  • C. Use QoS Profile to define QoS Classes and a QoS Policy
  • D. Use QoS Classes to define QoS Profile and a QoS Policy

Answer: C

Which two interface types can be used when configuring GlobalProtect Portal?(Choose two)

  • A. Virtual Wire
  • B. Loopback
  • C. Layer 3
  • D. Tunnel

Answer: BC

Palo Alto Networks maintains a dynamic database of malicious domains.
Which two Security Platform components use this database to prevent threats? (Choose two)

  • A. Brute-force signatures
  • B. BrightCloud Url Filtering
  • C. PAN-DB URL Filtering
  • D. DNS-based command-and-control signatures

Answer: CD

An administrator accidentally closed the commit window/screen before the commit was finished. Which two options could the administrator use to verify the progress or success of that commit task? (Choose two.)
PCNSE dumps exhibit
PCNSE dumps exhibit

  • A. Exhibit A
  • B. Exhibit B
  • C. Exhibit C
  • D. Exhibit D

Answer: AD

The firewall determines if a packet is the first packet of a new session or if a packet is part of an existing session using which kind of match?

  • A. 5-tuple matchSource IP Address, Destination IP Address, Source Port, Destination Port, Protocol
  • B. 7-tuple matchSource IP Address, Destination IP Address, Source Port, Destination Port ,Source User, URL Category and Source Security Zone.
  • C. 6-tuple matchSource IP Address, Destination IP Address, Source Port, Destination Port, Protocol and Source Security Zone
  • D. 9-tuple matchSource IP Address, Destination IP Address, Source Port, Destination Port, Source User, Source Security Zone, Destination Security Zone, Application and URL Category

Answer: A

An administrator has configured a QoS policy rule and a QoS profile that limits the maximum allowable bandwidth for the YouTube application. However , YouTube is consuming more than the maximum bandwidth allotment configured.
Which configuration step needs to be configured to enable QoS?

  • A. Enable QoS Data Filtering Profile
  • B. Enable QoS monitor
  • C. Enable Qos interface
  • D. Enable Qos in the interface Management Profile.

Answer: C

Which option is part of the content inspection process?

  • A. Packet forwarding process
  • B. SSL Proxy re-encrypt
  • C. IPsec tunnel encryption
  • D. Packet egress process

Answer: A

Refer to the exhibit.
PCNSE dumps exhibit
An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the specific server based on the application, where Host A ( receives HTTP traffic and HOST B ( receives SSH traffic.)
Which two security policy rules will accomplish this configuration? (Choose two.)

  • A. Untrust (Any) to Untrust (, web-browsing -Allow
  • B. Untrust (Any) to Untrust (, ssh -Allow
  • C. Untrust (Any) to DMZ (, web-browsing -Allow
  • D. Untrust (Any) to DMZ (, ssh –Allow
  • E. Untrust (Any) to DMZ (, ssh, web-browsing -Allow

Answer: CD

Which Public Key infrastructure component is used to authenticate users for GlobalProtect when the Connect Method is set to pre-logon?

  • A. Certificate revocation list
  • B. Trusted root certificate
  • C. Machine certificate
  • D. Online Certificate Status Protocol

Answer: C

Which three function are found on the dataplane of a PA-5050? (Choose three)

  • A. Protocol Decoder
  • B. Dynamic routing
  • C. Management
  • D. Network Processing
  • E. Signature Match

Answer: BDE

A wants to enable Application Override. Given the following screenshot:
PCNSE dumps exhibit
Which two statements are true if Source and Destination traffic match the Application Override policy? (Choose two)

  • A. Traffic that matches "rtp-base" will bypass the App-ID and Content-ID engines.
  • B. Traffic will be forced to operate over UDP Port 16384.
  • C. Traffic utilizing UDP Port 16384 will now be identified as "rtp-base".
  • D. Traffic utilizing UDP Port 16384 will bypass the App-ID and Content-ID engines.

Answer: AC

Which feature can provide NGFWs with User-ID mapping information?

  • A. GlobalProtect
  • B. Web Captcha
  • C. Native 802.1q authentication
  • D. Native 802.1x authentication

Answer: A

Thanks for reading the newest PCNSE exam dumps! We recommend you to try the PREMIUM Certstest PCNSE dumps in VCE and PDF here: (255 Q&As Dumps)