Paloalto Networks PCNSE Study Guides 2021
Proper study guides for PCNSE Palo Alto Networks Certified Security Engineer (PCNSE)PAN-OS 8.0 certified begins with preparation products which designed to deliver the by making you pass the PCNSE test at your first time. Try the free right now.
Online PCNSE free questions and answers of New Version:
NEW QUESTION 1
An administrator sees several inbound sessions identified as unknown-tcp in the Traffic logs. The administrator determines that these sessions are form external users accessing the company’s proprietary accounting application. The administrator wants to reliably identify this traffic as their accounting application and to scan this traffic for threats.
Which option would achieve this result?
- A. Create a custom App-ID and enable scanning on the advanced tab.
- B. Create an Application Override policy.
- C. Create a custom App-ID and use the “ordered conditions” check box.
- D. Create an Application Override policy and custom threat signature for the application.
Answer: A
NEW QUESTION 2
What must be used in Security Policy Rule that contain addresses where NAT policy applies?
- A. Pre-NAT addresse and Pre-NAT zones
- B. Post-NAT addresse and Post-Nat zones
- C. Pre-NAT addresse and Post-Nat zones
- D. Post-Nat addresses and Pre-NAT zones
Answer: C
NEW QUESTION 3
Which two logs on the firewall will contain authentication-related information useful for troubleshooting purpose (Choose two)
- A. ms.log
- B. traffic.log
- C. system.log
- D. dp-monitor.log
- E. authd.log
Answer: CE
NEW QUESTION 4
In the following image from Panorama, why are some values shown in red?
- A. sg2 session count is the lowest compared to the other managed devices.
- B. us3 has a logging rate that deviates from the administrator-configured thresholds.
- C. uk3 has a logging rate that deviates from the seven-day calculated baseline.
- D. sg2 has misconfigured session thresholds.
Answer: C
NEW QUESTION 5
Which logs enable a firewall administrator to determine whether a session was decrypted?
- A. Correlated Event
- B. Traffic
- C. Decryption
- D. Security Policy
Answer: B
NEW QUESTION 6
Which three settings are defined within the Templates object of Panorama? (Choose three.)
- A. Setup
- B. Virtual Routers
- C. Interfaces
- D. Security
- E. Application Override
Answer: ADE
NEW QUESTION 7
Which URL Filtering Security Profile action togs the URL Filtering category to the URL Filtering log?
- A. Log
- B. Alert
- C. Allow
- D. Default
Answer: B
NEW QUESTION 8
Which is not a valid reason for receiving a decrypt-cert-validation error?
- A. Unsupported HSM
- B. Unknown certificate status
- C. Client authentication
- D. Untrusted issuer
Answer: A
NEW QUESTION 9
To connect the Palo Alto Networks firewall to AutoFocus, which setting must be enabled?
- A. Device>Setup>Services>AutoFocus
- B. Device> Setup>Management >AutoFocus
- C. AutoFocus is enabled by default on the Palo Alto Networks NGFW
- D. Device>Setup>WildFire>AutoFocus
- E. Device>Setup> Management> Logging and Reporting Settings
Answer: B
Explanation: Reference: https://www.paloaHYPERLINK
"https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/getting-started/enable-autofocus-threat-intelligence"ltonetworks.com/documentation/71/pan-os/pan-os/getting-started/enable-autofocus-threat-intelligence
NEW QUESTION 10
Which three split tunnel methods are supported by a globalProtect gateway? (Choose three.)
- A. video streaming application
- B. Client Application Process
- C. Destination Domain
- D. Source Domain
- E. Destination user/group
- F. URL Category
Answer: ABC
NEW QUESTION 11
Which Panorama administrator types require the configuration of at least one access domain? (Choose two)
- A. Dynamic
- B. Custom Panorama Admin
- C. Role Based
- D. Device Group E.Template Admin
Answer: D
NEW QUESTION 12
Which two features does PAN-OS® software use to identify applications? (Choose two)
- A. port number
- B. session number
- C. transaction characteristics
- D. application layer payload
Answer: CD
NEW QUESTION 13
A company has a policy that denies all applications it classifies as bad and permits only application it classifies as good. The firewall administrator created the following security policy on the company's
firewall.
Which interface configuration will accept specific VLAN IDs?
Which two benefits are gained from having both rule 2 and rule 3 presents? (choose two)
- A. A report can be created that identifies unclassified traffic on the network.
- B. Different security profiles can be applied to traffic matching rules 2 and 3.
- C. Rule 2 and 3 apply to traffic on different ports.
- D. Separate Log Forwarding profiles can be applied to rules 2 and 3.
Answer: BD
NEW QUESTION 14
A firewall administrator has completed most of the steps required to provision a standalone Palo Alto Networks Next-Generation Firewall. As a final step, the administrator wants to test one of the security policies.
Which CLI command syntax will display the rule that matches the test?
- A. test security -policy- match source <ip_address> destination <IP_address> destination port <port number> protocol <protocol number
- B. show security rule source <ip_address> destination <IP_address> destination port <port number> protocol <protocol number>
- C. test security rule source <ip_address> destination <IP_address> destination port <port number> protocol <protocol number>
- D. show security-policy-match source <ip_address> destination <IP_address> destination port <port number> protocol <protocol number>test security-policy-match source
Answer: A
Explanation: test security-policy-match source <source IP> destination <destination IP> protocol <protocol number>
https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Test-Which-Security-Policy- Applies-to-a-Traffic-Flow/ta-p/53693
NEW QUESTION 15
A network security engineer has a requirement to allow an external server to access an internal web server. The internal web server must also initiate connections with the external server.
What can be done to simplify the NAT policy?
- A. Configure ECMP to handle matching NAT traffic
- B. Configure a NAT Policy rule with Dynamic IP and Port
- C. Create a new Source NAT Policy rule that matches the existing traffic and enable the Bi-directional option
- D. Create a new Destination NAT Policy rule that matches the existing traffic and enable the Bi- directional option
Answer: C
Explanation: https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/networking/nat-configuration-examples
NEW QUESTION 16
After pushing a security policy from Panorama to a PA-3020 firwall, the firewall administrator notices that traffic logs from the PA-3020 are not appearing in Panorama’s traffic logs. What could be the problem?
- A. A Server Profile has not been configured for logging to this Panorama device.
- B. Panorama is not licensed to receive logs from this particular firewall.
- C. The firewall is not licensed for logging to this Panorama device.
- D. None of the firwwall's policies have been assigned a Log Forwarding profile
Answer: D
NEW QUESTION 17
A web server is hosted in the DMZ, and the server is configured to listen for incoming connections only on TCP port 8080. A Security policy rule allowing access from the Trust zone to the DMZ zone need to be configured to enable we browsing access to the server.
Which application and service need to be configured to allow only cleartext web-browsing traffic to thins server on tcp/8080.
- A. application: web-browsing; service: application-default
- B. application: web-browsing; service: service-https
- C. application: ssl; service: any
- D. application: web-browsing; service: (custom with destination TCP port 8080)
Answer: A
NEW QUESTION 18
Which feature prevents the submission of corporate login information into website forms?
- A. Data filtering
- B. User-ID
- C. File blocking
- D. Credential phishing prevention
Answer: D
Explanation: Reference: https://www.paloaltonetworks.com/cyberpedia/how-the-next-generation-security-platform-contributes-to-gdpr-compliance
100% Valid and Newest Version PCNSE Questions & Answers shared by 2passeasy, Get Full Dumps HERE: https://www.2passeasy.com/dumps/PCNSE/ (New 255 Q&As)