PCNSE V2

An administrator needs to build Security rules in a Device Group that allow traffic to specific users and groups defined in Active Directory What must be configured in order to select users and groups for those rules from Panorama?A . The Security rules must be targeted to a firewall in...

A network administrator wants to use a certificate for the SSL/TLS Service Profile. Which type of certificate should the administrator use?A . certificate authority (CA) certificate B. client certificate C. machine certificate D. server certificateView AnswerAnswer: D Explanation: Use only signed certificates, not CA certificates, in SSL/TLS service profiles. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/certificate-management/configure-an-ssltls-service-profile.html

An existing NGFW customer requires direct interne! access offload locally at each site and iPSec connectivity to all branches over public internet. One requirement is mat no new SD-WAN hardware be introduced to the environment. What is the best solution for the customer?A . Configure a remote network on PAN-OS...

A network security administrator has an environment with multiple forms of authentication. There is a network access control system in place that authenticates and restricts access for wireless users, multiple Windows domain controllers, and an MDM solution for company-provided smartphones. All of these devices have their authentication events logged. Given...

An administrator is required to create an application-based Security policy rule to allow Evernote. The Evernote application implicitly uses SSL and web browsing. What is the minimum the administrator needs to configure in the Security rule to allow only Evernote?A . Add the Evernote application to the Security policy rule,...

What best describes the HA Promotion Hold Time?A . the time that is recommended to avoid an HA failover due to the occasional flapping of neighboring devices B. the time that is recommended to avoid a failover when both firewalls experience the same link/path monitor failure simultaneously C. the time...

Refer to the exhibit. Based on the screenshots above what is the correct order in which the various rules are deployed to firewalls inside the DATACENTER_DG device group?A . shared pre-rules DATACENTER DG pre rules rules configured locally on the firewall shared post-rules DATACENTER_DG post-rules DATACENTER.DG default rules B. shared...

A firewall administrator has been tasked with ensuring that all Panorama-managed firewalls forward traffic logs to Panorama. In which section is this configured?A . Panorama > Managed Devices B. Monitor > Logs > Traffic C. Device Groups > Objects > Log Forwarding D. Templates > Device > Log SettingsView AnswerAnswer:...

Which statement accurately describes service routes and virtual systems?A . Virtual systems that do not have specific service routes configured inherit the global service and service route settings for the firewall. B. Virtual systems can only use one interface for all global service and service routes of the firewall. C....

When configuring forward error correction (FEC) for PAN-OS SD-WAN, an administrator would turn on the feature inside which type of SD-WAN profile?A . Certificate profile B. Path Quality profile C. SD-WAN Interface profile D. Traffic Distribution profileView AnswerAnswer: C