PCNSE V4

What would allow a network security administrator to authenticate and identify a user with a new BYOD-type device that is not joined to the corporate domain'?A . a Security policy with 'known-user" selected in the Source User field B. an Authentication policy with 'unknown' selected in the Source User field...

You need to allow users to access the office-suite applications of their choice. How should you configure the firewall to allow access to any office-suite application?A . Create an Application Group and add Office 365, Evernote Google Docs and Libre Office B. Create an Application Group and add business-systems to...

A user at an external system with the IP address 65.124.57.5 queries the DNS server at 4. 2.2.2 for the IP address of the web server, www,xyz.com. The DNS server returns an address of 172.16.15.1 In order to reach Ire web server, which Security rule and NAT rule must be...

What are three reasons for excluding a site from SSL decryption? (Choose three.)A . the website is not present in English B. unsupported ciphers C. certificate pinning D. unsupported browser version E. mutual authenticationView AnswerAnswer: B,C,E Explanation: Reasons that sites break decryption technically include pinned certificates, client authentication, incomplete certificate...

A customer wants to set up a VLAN interface for a Layer 2 Ethernet port. Which two mandatory options are used to configure a VLAN interface? (Choose two.)A . Virtual router B. Security zone C. ARP entries D. Netflow ProfileView AnswerAnswer: A,B Explanation: Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/network/network-interfaces/pa-7000-series- layer-2-interface#idd2bcaacc-54b9-4ec9-a1dd-8064499f5b9d https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRqCAK VLAN interface is...

During the process of developing a decryption strategy and evaluating which websites are required for corporate users to access, several sites have been identified that cannot be decrypted due to technical reasons. In this case, the technical reason is unsupported ciphers. Traffic to these sites will therefore be blocked if...

Which statement best describes the Automated Commit Recovery feature?A . It performs a connectivity check between the firewall and Panorama after every configuration commit on the firewall. It reverts the configuration changes on the firewall if the check fails. B. It restores the running configuration on a firewall and Panorama...

In SSL Forward Proxy decryption, which two certificates can be used for certificate signing? (Choose two.)A . wildcard server certificate B. enterprise CA certificate C. client certificate D. server certificate E. self-signed CA certificateView AnswerAnswer: B,E Explanation: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/decryption/configure-ssl-forward-proxy.html

An administrator device-group commit push is tailing due to a new URL category How should the administrator correct this issue?A . verify that the URL seed Tile has been downloaded and activated on the firewall B. change the new category action to alert" and push the configuration again C. update...

What is a key step in implementing WildFire best practices?A . In a mission-critical network, increase the WildFire size limits to the maximum value. B. Configure the firewall to retrieve content updates every minute. C. In a security-first network, set the WildFire size limits to the minimum value. D. Ensure...