PCNSE

An administrator is defining protection settings on the Palo Alto Networks NGFW to guard against resource exhaustion. When platform utilization is considered, which steps must the administrator take to configure and apply packet buffer protection?A . Enable and configure the Packet Buffer protection thresholds.Enable Packet Buffer Protection per ingress zone.B...

Which Zone Pair and Rule Type will allow a successful connection for a user on the internet zone to a web server hosted in the DMZ zone? The web server is reachable using a destination Nat policy in the Palo Alto Networks firewall.A . Zone Pair: Source Zone: Internet Destination...

A customer wants to set up a VLAN interface for a Layer 2 Ethernet port. Which two mandatory options are used to configure a VLAN interface? (Choose two.)A . Virtual routerB . Security zoneC . ARP entriesD . Netflow ProfileView AnswerAnswer: A,B Explanation: Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/network/network-interfaces/pa-7000-series- layer-2-interface#idd2bcaacc-54b9-4ec9-a1dd-8064499f5b9d

During the packet flow process, which two processes are performed in application identification? (Choose two.)A . Pattern based application identificationB . Application override policy matchC . Application changed from content inspectionD . Session application identified.View AnswerAnswer: A,B Explanation: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVHCA0 http://live.paloaltonetworks.com//t5/image/serverpage/image-id/12862i950F549C7D4E6309

A web server is hosted in the DMZ and the server is configured to listen for incoming connections on TCP port 443. A Security policies rules allowing access from the Trust zone to the DMZ zone needs to be configured to allow web-browsing access. The web server hosts its contents...

Which version of GlobalProtect supports split tunneling based on destination domain, client process, and HTTP/HTTPS video streaming application?A . GlobalProtect version 4.0 with PAN-OS 8.1B . GlobalProtect version 4.1 with PAN-OS 8.1C . GlobalProtect version 4.1 with PAN-OS 8.0D . GlobalProtect version 4.0 with PAN-OS 8.0View AnswerAnswer: B

An administrator logs in to the Palo Alto Networks NGFW and reports that the WebUI is missing the Policies tab. Which profile is the cause of the missing Policies tab?A . Admin RoleB . WebUIC . AuthenticationD . AuthorizationView AnswerAnswer: A

A customer wants to set up a site-to-site VPN using tunnel interfaces? Which two formats are correct for naming tunnel interfaces? (Choose two.)A . Vpn-tunnel.1024B . vpn-tunne.1C . tunnel 1025D . tunnel. 1View AnswerAnswer: C,D

A bootstrap USB flash drive has been prepared using a Windows workstation to load the initial configuration of a Palo Alto Networks firewall that was previously being used in a lab. The USB flash drive was formatted using file system FAT32 and the initial configuration is stored in a file...

An administrator sees several inbound sessions identified as unknown-tcp in the Traffic logs. The administrator determines that these sessions are form external users accessing the company’s proprietary accounting application. The administrator wants to reliably identify this traffic as their accounting application and to scan this traffic for threats. Which option...