PCNSE V8

What is a key step in implementing WildFire best practices?A . In a mission-critical network, increase the WildFire size limits to the maximum value. B. Configure the firewall to retrieve content updates every minute. C. In a security-first network, set the WildFire size limits to the minimum value. D. Ensure...

Which configuration task is best for reducing load on the management plane?A . Disable logging on the default deny rule B. Enable session logging at start C. Disable pre-defined reports D. Set the URL filtering action to send alertsView AnswerAnswer: A

A network security administrator wants to enable Packet-Based Attack Protection in a Zone Protection profile. What are two valid ways to enable Packet-Based Attack Protection? (Choose two.)A . ICMP Drop B. TCP Drop C. TCP Port Scan Block D. SYN Random Early DropView AnswerAnswer: A,B

What happens, by default, when the GlobalProtect app fails to establish an IPSec tunnel to the GlobalProtect gateway?A . It stops the tunnel-establishment processing to the GlobalProtect gateway immediately. B. It tries to establish a tunnel to the GlobalProtect gateway using SSL/TLS. C. It keeps trying to establish an IPSec...

An administrator accidentally closed the commit window/screen before the commit was finished. Which two options could the administrator use to verify the progress or success of that commit task? (Choose two.) A. System Logs B. Task Manager C. Traffic Logs D. Configuration LogsView AnswerAnswer: A,B Explanation: A. System Logs: The...

A customer is replacing their legacy remote access VPN solution The current solution is in place to secure only internet egress for the connected clients Prisma Access has been selected to replace the current remote access VPN solution During onboarding the following options and licenses were selected and enabled -...

An engineer must configure a new SSL decryption deployment. Which profile or certificate is required before any traffic that matches an SSL decryption rule is decrypted?A . There must be a certificate with both the Forward Trust option and Forward Untrust option selected. B. A Decryption profile must be attached...

A company wants to install a PA-3060 firewall between two core switches on a VLAN trunk link. They need to assign each VLAN to its own zone and to assign untagged (native) traffic to its own zone which options differentiates multiple VLAN into separate zones? A. Create V-Wire objects with...

A network administrator wants to deploy SSL Forward Proxy decryption. What two attributes should a forward trust certificate have? (Choose two.)A . A subject alternative name B. A private key C. A server certificate D. A certificate authority (CA) certificateView AnswerAnswer: B,D Explanation: When deploying SSL Forward Proxy decryption, a...

A firewall administrator notices that many Host Sweep scan attacks are being allowed through the firewall sourced from the outside zone. What should the firewall administrator do to mitigate this type of attack?A . Create a DOS Protection profile with SYN Flood protection enabled and apply it to all rules...