PCNSE

When overriding a template configuration locally on a firewall, what should you consider?A . Only Panorama can revert the overrideB . Panorama will lose visibility into the overridden configurationC . Panorama will update the template with the overridden valueD . The firewall template will show that it is out of...

Which benefit do policy rule UUIDs provide?A . functionality for scheduling policy actionsB . the use of user IP mapping and groups in policiesC . cloning of policies between device-groupsD . an audit trail across a policy's lifespanView AnswerAnswer: D Explanation: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/management-features/universally-unique-identifiers-for-policy-rules.html

What happens, by default, when the GlobalProtect app fails to establish an IPSec tunnel to the GlobalProtect gateway?A . It keeps trying to establish an IPSec tunnel to the GlobalProtect gatewayB . It stops the tunnel-establishment processing to the GlobalProtect gateway immediatelyC . It tries to establish a tunnel to...

Which value in the Application column indicates UDP traffic that did not match an App-ID signature?A . not-applicableB . incompleteC . unknown-ipD . unknown-udpView AnswerAnswer: D Explanation: To safely enable applications you must classify all traffic, across all ports, all the time. With App-ID, the only applications that are typically...

An administrator is considering upgrading the Palo Alto Networks NGFW and central management Panorama version What is considered best practice for this scenario?A . Perform the Panorama and firewall upgrades simultaneouslyB . Upgrade the firewall first wait at least 24 hours and then upgrade the Panorama versionC . Upgrade Panorama...

Which action disables Zero Touch Provisioning (ZTP) functionality on a ZTP firewall during the onboarding process?A . performing a local firewall commitB . removing the firewall as a managed device in PanoramaC . performing a factory reset of the firewallD . removing the Panorama serial number from the ZTP serviceView...

An administrator plans to deploy 15 firewalls to act as GlobalProtect gateways around the world Panorama will manage the firewalls. The firewalls will provide access to mobile users and act as edge locations to on-premises infrastructure. The administrator wants to scale the configuration out quickly and wants all of the...

What are three reasons for excluding a site from SSL decryption? (Choose three.)A . the website is not present in EnglishB . unsupported ciphersC . certificate pinningD . unsupported browser versionE . mutual authenticationView AnswerAnswer: B,C,E Explanation: Reasons that sites break decryption technically include pinned certificates, client authentication, incomplete certificate...

When you import the configuration of an HA pair into Panorama, how do you prevent the import from affecting ongoing traffic?A . Disable HAB . Disable the HA2 linkC . Disable config syncD . Set the passive link state to 'shutdown.-View AnswerAnswer: C Explanation: Updated reference: https://docs.paloaltonetworks.com/panorama/10-1/panorama-admin/manage-firewalls/transition-a-firewall-to-panorama-management/migrate-a-firewall-ha-pair-to-panorama-management.html Step 2 is...

A company needs to preconfigure firewalls to be sent to remote sites with the least amount of preconfiguration Once deployed each firewall must establish secure tunnels back to multiple regional data centers to include the future regional data centers Which VPN preconfigured configuration would adapt to changes when deployed to...