PCNSE V6

An administrator is configuring SSL decryption and needs 10 ensure that all certificates for both SSL Inbound inspection and SSL Forward Proxy are installed properly on the firewall. When certificates are being imported to the firewall for these purposes, which three certificates require a private key? (Choose three.)A . Forward...

An administrator creates an application-based security policy rule and commits the change to the firewall. Which two methods should be used to identify the dependent applications for the respective rule? (Choose two.)A . Use the show predefined xpath <value> command and review the output. B. Review the App Dependency application...

Which GlobalProtect gateway selling is required to enable split-tunneling by access route, destination domain, and application?A . No Direct Access to local networks B. Tunnel mode C. iPSec mode D. Satellite modeView AnswerAnswer: B Explanation: To enable split-tunneling by access route, destination domain, and application, you need to configure a...

Where can an administrator see both the management-plane and data-plane CPU utilization in the WebUI?A . System Resources widget B. System Logs widget C. Session Browser D. General Information widgetView AnswerAnswer: A Explanation: The System Resources widget of the Exadata WebUI, displays a real-time overview of the various resources like...

An engineer is tasked with configuring SSL forward proxy for traffic going to external sites. Which of the following statements is consistent with SSL decryption best practices? A. The forward trust certificate should not be stored on an HSM. B. The forward untrust certificate should be signed by a certificate...

An administrator accidentally closed the commit window/screen before the commit was finished. Which two options could the administrator use to verify the progress or success of that commit task? (Choose two.) A. System Logs B. Task Manager C. Traffic Logs D. Configuration LogsView AnswerAnswer: A,B Explanation: A. System Logs: The...

An engineer troubleshooting a VPN issue needs to manually initiate a VPN tunnel from the CLI. Which CLI command can the engineer use?A . test vpn flow B. test vpn Ike―sa C. test vpn tunnel D. test vpn gatewayView AnswerAnswer: D Explanation: The engineer can use the test vpn gateway...

Which DoS Protection Profile detects and prevents session exhaustion attacks against specific destinations?A . Resource Protection B. TCP Port Scan Protection C. Packet Based Attack Protection D. Packet Buffer ProtectionView AnswerAnswer: A Explanation: According to the documentation, resource protection detects and prevents session exhaustion attacks against specific destinations. This type...

Which time determines how long the passive firewall will wait before taking over as the active firewall alter losing communications with the HA peer? A . Heartbeat Interval B. Additional Master Hold Up Time C. Promotion Hold Time D. Monitor Fall Hold Up TimeView AnswerAnswer: C Explanation: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/high-availability/ha-concepts/ha-timers

The following objects and policies are defined in a device group hierarchy A. Address Objects -Shared Address1 -Shared Address2 -Branch Address1 Policies -Shared Policy1 -Branch Policy1 B. Address Objects -Shared Address1 -Shared Address2 -Branch Address1 -DC Address1 Policies -Shared Policy1 -Shared Policy2 -Branch Policy1 C. Address Objects -Shared Address 1...