PCNSE V10

Which User-ID mapping method should be used in a high-security environment where all IP address-to-user mappings should always be explicitly known?A . PAN-OS integrated User-ID agentB . GlobalProtectC . Windows-based User-ID agentD . LDAP Server Profile configurationView AnswerAnswer: B Explanation: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/user-id/user-id-concepts/user-mapping/globalprotect.html GlobalProtect is a VPN solution that provides secure remote...

The decision to upgrade PAN-OS has been approved. The engineer begins the process by upgrading the Panorama servers, but gets an error when attempting the install. When performing an upgrade on Panorama to PAN-OS. what is the potential cause of a failed install?A . Outdated pluginsB . Global Protect agent...

An engineer is designing a deployment of multi-vsys firewalls. What must be taken into consideration when designing the device group structure?A . Only one vsys or one firewall can be assigned to a device group, and a multi-vsys firewall can have each vsys in a different device group.B . Multiple...

Review the screenshot of the Certificates page. An administrator for a small LLC has created a series of certificates as shown, to use for a planned Decryption roll out. The administrator has also installed the self-signed root certificate in all client systems. When testing, they noticed that every time a...

Why would a traffic log list an application as "not-applicable”?A . The firewall denied the traffic before the application match could be performed.B . The TCP connection terminated without identifying any application dataC . There was not enough application data after the TCP connection was establishedD . The application is...

Review the information below. A firewall engineer creates a U-NAT rule to allow users in the trust zone access to a server in the same zone by using an external, public NAT IP for that server. Given the rule below, what change should be made to make sure the NAT...

A network administrator is trying to prevent domain username and password submissions to phishing sites on some allowed URL categories Which set of steps does the administrator need to take in the URL Filtering profile to prevent credential phishing on the firewall?A . Choose the URL categories in the User...

During the implementation of SSL Forward Proxy decryption, an administrator imports the company's Enterprise Root CA and Intermediate CA certificates onto the firewall. The company's Root and Intermediate CA certificates are also distributed to trusted devices using Group Policy and GlobalProtect. Additional device certificates and/or Subordinate certificates requiring an Enterprise...

Phase two of a VPN will not establish a connection. The peer is using a policy-based VPN configuration. What part of the configuration should the engineer verify?A . IKE Crypto ProfileB . Security policyC . Proxy-IDsD . PAN-OS versionsView AnswerAnswer: C Explanation: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClbXCAS https://live.paloaltonetworks.com/t5/general-topics/phase-2-tunnel-is-not-up/td-p/424789

Which operation will impact the performance of the management plane?A . Decrypting SSL sessionsB . Generating a SaaS Application reportC . Enabling DoS protectionD . Enabling packet buffer protectionView AnswerAnswer: B Explanation: TIPS & TRICKS: REDUCING MANAGEMENT PLANE LOAD: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSvCAK TIPS & TRICKS: REDUCING MANAGEMENT PLANE LOAD―PART 2: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClU4CAK