PCNSE V6

When planning to configure SSL Froward Proxy on a PA 5260, a user asks how SSL decryption can be implemented using phased approach in alignment with Palo Alto Networks best practices What should you recommend?A . Enable SSL decryption for known malicious source IP addresses B. Enable SSL decryption for...

Which feature of Panorama allows an administrator to create a single network configuration that can be reused repeatedly for large-scale deployments even if values of configured objects, such as routes and interface addresses, change?A . Template stacks B. Template variables C. The Shared device group D. A device groupView AnswerAnswer:...

How would an administrator monitor/capture traffic on the management interface of the Palo Alto Networks NGFW?A . Use the debug dataplane packet-diag set capture stage firewall file command. B. Enable all four stages of traffic capture (TX, RX, DROP, Firewall). C. Use the debug dataplane packet-diag set capture stage management...

Where is Palo Alto Networks Device Telemetry data stored on a firewall with a device certificate installed?A . Cortex Data Lake B. Panorama C. On Palo Alto Networks Update Servers D. M600 Log CollectorsView AnswerAnswer: A Explanation: The Device Telemetry data is stored on Cortex Data Lake3, which is a...

When using SSH keys for CLI authentication for firewall administration, which method is used for authorization?A . Local B. LDAP C. Kerberos D. RadiusView AnswerAnswer: A Explanation: When using SSH keys for CLI authentication for firewall administration, the method used for authorization is local. This is described in the Palo...

A firewall engineer reviews the PAN-OS GlobalProtect application and sees that it implicitly uses web-browsing and depends on SSL. When creating a new rule, what is needed to allow the application to resolve dependencies?A . Add SSL and web-browsing applications to the same rule. B. Add web-browsing application to the...

What happens, by default, when the GlobalProtect app fails to establish an IPSec tunnel to the GlobalProtect gateway?A . It stops the tunnel-establishment processing to the GlobalProtect gateway immediately. B. It tries to establish a tunnel to the GlobalProtect gateway using SSL/TLS. C. It keeps trying to establish an IPSec...

Which source is the most reliable for collecting User-ID user mapping?A . GlobalProtect B. Microsoft Active Directory C. Microsoft Exchange D. Syslog ListenerView AnswerAnswer: A Explanation: User-ID is a feature that enables you to identify and control users on your network based on their usernames instead of their IP addresses1....

Information Security is enforcing group-based policies by using security-event monitoring on Windows User-ID agents for IP-to-User mapping in the network. During the rollout, Information Security identified a gap for users authenticating to their VPN and wireless networks. Root cause analysis showed that users were authenticating via RADIUS and that authentication...

An ISP manages a Palo Alto Networks firewall with multiple virtual systems for its tenants. Where on this firewall can the ISP configure unique service routes for different tenants?A . Setup > Services > Virtual Systems > Set Location > Service Route Configuration > Inherit Global Service Route Configuration B....