PCNSE V10

With the default TCP and UDP settings on the firewall, what will be the identified application in the following session? A . IncompleteB . unknown-tcpC . Insufficient-dataD . not-applicableView AnswerAnswer: D Explanation: Traffic didnt match any other policies and so landed at the implicit "deny all" policy. If it's deny...

Which log type would provide information about traffic blocked by a Zone Protection profile?A . Data FilteringB . IP-TagC . TrafficD . ThreatView AnswerAnswer: D Explanation: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClhzCAC D is the correct answer because the threat log type would provide information about traffic blocked by a Zone Protection profile. This is...

Which GloDalProtecI gateway setting is required to enable split-tunneting by access route, destination domain and application?A . Tunnel modeB . Satellite modeC . IPSec modeD . No Direct Access to local networksView AnswerAnswer: A Explanation: https://docs.paloaltonetworks.com/globalprotect/9-1/globalprotect-admin/globalprotect-gateways/split-tunnel-traffic-on-globalprotect-gateways/configure-a-split-tunnel-based-on-the-domain-and-application

An administrator Just enabled HA Heartbeat Backup on two devices However, the status on tie firewall's dashboard is showing as down High Availability. What could an administrator do to troubleshoot the issue?A . Go to Device > High Availability> General > HA Pair Settings > Setup and configuring the peer...

A firewall engineer creates a destination static NAT rule to allow traffic from the internet to a webserver hosted behind the edge firewall. The pre-NAT IP address of the server is 153.6 12.10, and the post-NAT IP address is 192.168.10.10. Refer to the routing and interfaces information below. What should...

After importing a pre-configured firewall configuration to Panorama, what step is required to ensure a commit/push is successful without duplicating local configurations?A . Ensure Force Template Values is checked when pushing configuration.B . Push the Template first, then push Device Group to the newly managed firewall.C . Perform the Export...

Given the following snippet of a WildFire submission log, did the end user successfully download a file?A . No, because the URL generated an alert.B . Yes, because both the web-browsing application and the flash file have the 'alert" action.C . Yes, because the final action is set to "allow.''D...

An administrator troubleshoots an issue that causes packet drops. Which log type will help the engineer verify whether packet buffer protection was activated?A . Data FilteringB . ConfigurationC . ThreatD . TrafficView AnswerAnswer: C Explanation: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNGFCA4

A company wants to add threat prevention to the network without redesigning the network routing. What are two best practice deployment modes for the firewall? (Choose two.)A . VirtualWireB . Layer3C . TAPD . Layer2View AnswerAnswer: AD Explanation: A and D are the best practice deployment modes for the firewall...

You are auditing the work of a co-worker and need to verify that they have matched the Palo Alto Networks Best Practices for Anti-Spyware Profiles. For which three severity levels should single-packet captures be enabled to meet the Best Practice standard? (Choose three.)A . LowB . HighC . CriticalD ....