PCNSE V5

What are three reasons for excluding a site from SSL decryption? (Choose three.)A . the website is not present in English B. unsupported ciphers C. certificate pinning D. unsupported browser version E. mutual authenticationView AnswerAnswer: B,C,E Explanation: Reasons that sites break decryption technically include pinned certificates, client authentication, incomplete certificate...

An engineer needs to configure SSL Forward Proxy to decrypt traffic on a PA-5260. The engineer uses a forward trust certificate from the enterprise PKI that expires December 31, 2025. The validity date on the PA-generated certificate is taken from what?A . The trusted certificate B. The server certificate C....

the firewall's device group as post-rules How will the rule order populate once pushed to the firewall?A . shared device group policies, firewall device group policies. local policies. B. firewall device group policies, local policies. shared device group policies C. shared device group policies. local policies, firewall device group policies...

What is a correct statement regarding administrative authentication using external services with a local authorization method?A . Prior to PAN-OS 10.2. an administrator used the firewall to manage role assignments, but access domains have not been supported by this method. B. Starting with PAN-OS 10.2. an administrator needs to configure...

While analyzing the Traffic log, you see that some entries show "unknown-tcp" in the Application column What best explains these occurrences?A . A handshake took place, but no data packets were sent prior to the timeout. B. A handshake took place; however, there were not enough packets to identify the...

A network security administrator has an environment with multiple forms of authentication. There is a network access control system in place that authenticates and restricts access for wireless users, multiple Windows domain controllers, and an MDM solution for company-provided smartphones. All of these devices have their authentication events logged. Given...

An administrator is using Panorama to manage me and suspects an IKE Crypto mismatch between peers, from the firewalls to Panorama. However, pre-existing logs from the firewalls are not appearing in Panorama. Which action should be taken to enable the firewalls to send their pre-existing logs to Panorama?A . Export...

Which benefit do policy rule UUlDs provide?A . An audit trail across a policy's lifespan B. Functionality for scheduling policy actions C. The use of user IP mapping and groups in policies D. Cloning of policies between device-groupsView AnswerAnswer: A

What is considered the best practice with regards to zone protection?A . Review DoS threat activity (ACC > Block Activity) and look for patterns of abuse B. Use separate log-forwarding profiles to forward DoS and zone threshold event logs separately from other threat logs C. If the levels of zone...

After importing a pre-configured firewall configuration to Panorama, what step is required to ensure a commit/push is successful without duplicating local configurations?A . Ensure Force Template Values is checked when pushing configuration. B. Push the Template first, then push Device Group to the newly managed firewal. C. Perform the Export...