PCNSE

How can packet butter protection be configured?A . at me device level (globally to protect firewall resources and ingress zones, but not at the zone levelB . at the device level (globally) and it enabled globally, at the zone levelC . at the interlace level to protect firewall resourcesD ....

A remote administrator needs access to the firewall on an untrust interlace . Which three options would you configure on an interface Management profile lo secure management access? (Choose three)A . HTTPB . User-IDC . SSHD . HTTPSE . Permitted IP AddressesView AnswerAnswer: B,C,D Explanation: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/networking/configure-interfaces/use-interface-management-profiles-to-restrict-access.html

A security engineer needs firewall management access on a Inside interface. When three settings are required on an SSI/TVS Service Profile to provide secure Wet) Ui authentication? (Choose three.)A . Maximum TLS versionB . Minimum TLV versionC . Encryption AlgorithmD . CertificateE . Authentication AlgorithmView AnswerAnswer: A,B,D

While troubleshooting an SSL Forward Proxy decryption issue which PAN-OS CLI command would you use to check the details of the end-entity certificate that is signed by the Forward Trust Certificate or Forward Untrust Certificate?A . show system setting ssl-decrypt certsB . show systea setting ssl-decrypt certificate-cacheC . show systen...

Which rule type controls end user SSL traffic to external websites?A . SSL Outbound Proxyless InspectionB . SSL Forward ProxyC . SSL Inbound InspectionD . SSH ProxyView AnswerAnswer: C

Which type of interface does a firewall use to forward decrypted traffic to a security chain for inspection?A . Layer 2B . TapC . Layer 3D . Decryption MirrorView AnswerAnswer: C Explanation: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-networking-admin/network-packet-broker/configure-routed-layer-3-security-chains Configure security chain devices with Layer 3 interfaces to connect to the security chain network. These Layer...

Which statement is true regarding a Best Practice Assessment?A . It shows how your current configuration compares to Palo Alto Networks recommendationsB . It runs only on firewallsC . When guided by an authorized sales engineer, it helps determine the areas of greatest risk where you should focus prevention activities.D...

Which configuration task is best for reducing load on the management plane?A . Disable logging on the default deny ruleB . Enable session logging at startC . Disable pre-defined reportsD . Set the URL filtering action to send alertsView AnswerAnswer: A

An administrator needs to evaluate a recent policy change that was committed and pushed to a firewall device group. How should the administrator identify the configuration changes?A . review the configuration logs on the Monitor tabB . click Preview Changes under Push ScopeC . use Test Policy Match to review...

What are three reasons for excluding a site from SSL decryption? (Choose three.)A . the website is not present in EnglishB . unsupported ciphersC . certificate pinningD . unsupported browser versionE . mutual authenticationView AnswerAnswer: B,C,E Explanation: Reasons that sites break decryption technically include pinned certificates, client authentication, incomplete certificate...