PCNSE V10

To ensure that a Security policy has the highest priority, how should an administrator configure a Security policy in the device group hierarchy?A . Add the policy to the target device group and apply a master device to the device group.B . Reference the targeted device's templates in the target...

Refer to the exhibit. Based on the screenshots above, and with no configuration inside the Template Stack itself, what access will the device permit on its Management port?A . The firewall will allow HTTP Telnet, HTTPS, SSH, and Ping from IP addresses defined as $permitted-subnet-1.B . The firewall will allow...

A network security administrator has been tasked with deploying User-ID in their organization. What are three valid methods of collecting User-ID information in a network? (Choose three.)A . Windows User-ID agentB . GlobalProtectC . XMLAPID . External dynamic listE . Dynamic user groupsView AnswerAnswer: ABC Explanation: User-ID is a feature...

Which protocol is supported by GlobalProtect Clientless VPN?A . FTPB . RDPC . SSHD . HTTPSView AnswerAnswer: D Explanation: Virtual Desktop Infrastructure (VDI) and Virtual Machine (VM) environments, such as Citrix XenApp and XenDesktop or VMWare Horizon and Vcenter, support access natively through HTML5. You can RDP, VNC, or SSH...

Information Security is enforcing group-based policies by using security-event monitoring on Windows User-ID agents for IP-to-User mapping in the network. During the rollout, Information Security identified a gap for users authenticating to their VPN and wireless networks. Root cause analysis showed that users were authenticating via RADIUS and that authentication...

An administrator is troubleshooting why video traffic is not being properly classified. If this traffic does not match any QoS classes, what default class is assigned?A . 1B . 2C . 3D . 4View AnswerAnswer: D Explanation: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/quality-of-service/qos-concepts/qos- classes

Which two profiles should be configured when sharing tags from threat logs with a remote User-ID agent? (Choose two.)A . Log IngestionB . HTTPC . Log ForwardingD . LDAPView AnswerAnswer: BC Explanation: >Threat logs, create a log forwarding profile to define how you want the firewall or Panorama to handle...

Which User-ID mapping method should be used in a high-security environment where all IP address-to-user mappings should always be explicitly known?A . PAN-OS integrated User-ID agentB . GlobalProtectC . Windows-based User-ID agentD . LDAP Server Profile configurationView AnswerAnswer: B Explanation: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/user-id/user-id-concepts/user-mapping/globalprotect.html GlobalProtect is a VPN solution that provides secure remote...

The decision to upgrade PAN-OS has been approved. The engineer begins the process by upgrading the Panorama servers, but gets an error when attempting the install. When performing an upgrade on Panorama to PAN-OS. what is the potential cause of a failed install?A . Outdated pluginsB . Global Protect agent...

An engineer is designing a deployment of multi-vsys firewalls. What must be taken into consideration when designing the device group structure?A . Only one vsys or one firewall can be assigned to a device group, and a multi-vsys firewall can have each vsys in a different device group.B . Multiple...