PCNSE

Which two statements correctly identify the number of Decryption Broker security chains that are supported on a pair of decryption-forwarding interfaces'? (Choose two)A . A single transparent bridge security chain is supported per pair of interfacesB . L3 security chains support up to 32 security chainsC . L3 security chains...

What is considered the best practice with regards to zone protection?A . Review DoS threat activity (ACC > Block Activity) and look for patterns of abuseB . Use separate log-forwarding profiles to forward DoS and zone threshold event logs separately from other threat logsC . If the levels of zone...

Use the image below. If the firewall has the displayed link monitoring configuration what will cause a failover?A . ethernet1/3 and ethernet1/6 going downB . ethernet1/3 going downC . ethernet1/6 going downD . ethernet1/3 or ethernet1/6 going downView AnswerAnswer: A Explanation: Link Monitoring Failure Condition is All / Link Group...

Which statement is true regarding a Best Practice Assessment?A . It shows how your current configuration compares to Palo Alto Networks recommendationsB . It runs only on firewallsC . When guided by an authorized sales engineer, it helps determine the areas of greatest risk where you should focus prevention activities.D...

Which GlobalProtect gateway setting is required to enable split-tunneling by access route, destination domain, and application?A . No Direct Access to local networksB . Satellite modeC . Tunnel modeD . IPSec modeView AnswerAnswer: A Explanation: https://docs.paloaltonetworks.com/globalprotect/9-1/globalprotect-admin/globalprotect-gateways/split-tunnel-traffic-on-globalprotect-gateways/configure-a-split-tunnel-based-on-the-access-route.html

A network administrator wants to use a certificate for the SSL/TLS Service Profile. Which type of certificate should the administrator use?A . certificate authority (CA) certificateB . client certificateC . machine certificateD . server certificateView AnswerAnswer: D Explanation: Use only signed certificates, not CA certificates, in SSL/TLS service profiles. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/certificate-management/configure-an-ssltls-service-profile.html

An administrator needs to build Security rules in a Device Group that allow traffic to specific users and groups defined in Active Directory What must be configured in order to select users and groups for those rules from Panorama?A . The Security rules must be targeted to a firewall in...

The UDP-4501 protocol-port is used between which two GlobalProtect components?A . GlobalProtect app and GlobalProtect gatewayB . GlobalProtect portal and GlobalProtect gatewayC . GlobalProtect app and GlobalProtect satelliteD . GlobalProtect app and GlobalProtect portalView AnswerAnswer: A Explanation: UDP 4501 Used for IPSec tunnel connections between GlobalProtect apps and gateways. https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall-administration/reference-port-number-usage/ports-used-for-globalprotect.html

Which GlobalProtect component must be configured to enable Chentless VPN?A . GlobalProtect satelliteB . GlobalProtect appC . GlobalProtect portalD . GlobalProtect gatewayView AnswerAnswer: C Explanation: Creating the GlobalProtect portal is as simple as letting it know if you have accessed it already. A new gateway for accessing the GlobalProtect portal...

Which statement accurately describes service routes and virtual systems?A . Virtual systems can only use one interface for all global service and service routes of the firewallB . The interface must be used for traffic to the required external servicesC . Virtual systems that do not have specific service routes...