PCNSE V8

A network security administrator has an environment with multiple forms of authentication. There is a network access control system in place that authenticates and restricts access for wireless users, multiple Windows domain controllers, and an MDM solution for company-provided smartphones. All of these devices have their authentication events logged. Given...

Which GlobalProtect gateway selling is required to enable split-tunneling by access route, destination domain, and application?A . No Direct Access to local networks B. Tunnel mode C. iPSec mode D. Satellite modeView AnswerAnswer: B Explanation: To enable split-tunneling by access route, destination domain, and application, you need to configure a...

Which DoS Protection Profile detects and prevents session exhaustion attacks against specific destinations?A . Resource Protection B. TCP Port Scan Protection C. Packet Based Attack Protection D. Packet Buffer ProtectionView AnswerAnswer: A Explanation: According to the documentation, resource protection detects and prevents session exhaustion attacks against specific destinations. This type...

A firewall administrator wants to avoid overflowing the company syslog server with traffic logs. What should the administrator do to prevent the forwarding of DNS traffic logs to syslog?A . Disable logging on security rules allowing DNS. B. Go to the Log Forwarding profile used to forward traffic logs to...

Which type of policy in Palo Alto Networks firewalls can use Device-ID as a match condition?A . NAT B. DOS protection C. QoS D. Tunnel inspectionView AnswerAnswer: A

An administrator wants to grant read-only access to all firewall settings, except administrator accounts, to a new-hire colleague in the IT department. Which dynamic role does the administrator assign to the new-hire colleague?A . Device administrator (read-only) B. System administrator (read-only) C. Firewall administrator (read-only) D. Superuser (read-only)View AnswerAnswer: A

Which time determines how long the passive firewall will wait before taking over as the active firewall alter losing communications with the HA peer? A . Heartbeat Interval B. Additional Master Hold Up Time C. Promotion Hold Time D. Monitor Fall Hold Up TimeView AnswerAnswer: C Explanation: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/high-availability/ha-concepts/ha-timers

The UDP-4501 protocol-port is used between which two GlobalProtect components?A . GlobalProtect app and GlobalProtect gateway B. GlobalProtect portal and GlobalProtect gateway C. GlobalProtect app and GlobalProtect satellite D. GlobalProtect app and GlobalProtect portalView AnswerAnswer: A Explanation: UDP 4501 Used for IPSec tunnel connections between GlobalProtect apps and gateways. https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall-administration/reference-port-number-usage/ports-used-for-globalprotect.html

A company requires that a specific set of ciphers be used when remotely managing their Palo Alto Networks appliances. Which profile should be configured in order to achieve this?A . SSH Service profile B. SSL/TLS Service profile C. Decryption profile D. Certificate profileView AnswerAnswer: A

An engineer is designing a deployment of multi-vsys firewalls. What must be taken into consideration when designing the device group structure?A . Multiple vsys and firewalls can be assigned to a device group, and a multi-vsys firewall must have all its vsys in a single device group. B. Only one...