PCNSE

A customer is replacing their legacy remote access VPN solution The current solution is in place to secure internet egress and provide access to resources located in the main datacenter for the connected clients. Prisma Access has been selected to replace the current remote access VPN solution. During onboarding the...

A standalone firewall with local objects and policies needs to be migrated into Panorama. What procedure should you use so Panorama is fully managing the firewall?A . Use the "import Panorama configuration snapshot" operation, then perform a device-group commit push with "include device and network templates"B . Use the "import...

Which two statements are true about DoS Protection and Zone Protection Profiles? (Choose two).A . Zone Protection Profiles protect ingress zonesB . Zone Protection Profiles protect egress zonesC . DoS Protection Profiles are packet-based, not signature-basedD . DoS Protection Profiles are linked to Security policy rulesView AnswerAnswer: A,D Explanation: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/zone-protection-and-dos-protection/zone-defense/zone-protection-profiles

Refer to the exhibit. Which certificate can be used as the Forward Trust certificate?A . Domain Sub-CAB . Domain-Root-CertC . Certificate from Default Trusted Certificate AuthoritiesD . Forward-TrustView AnswerAnswer: A

A traffic log might list an application as "not-applicable" for which two reasons'? (Choose two )A . The firewall did not install the sessionB . The TCP connection terminated without identifying any application dataC . The firewall dropped a TCP SYN packetD . There was not enough application data after...

The manager of the network security team has asked you to help configure the company's Security Profiles according to Palo Alto Networks best practice As part of that effort, the manager has assigned you the Vulnerability Protection profile for the internet gateway firewall Which action and packet-capture setting for items...

An administrator needs to gather information about the CPU utilization on both the management plane and the data plane Where does the administrator view the desired data?A . Monitor > UtilizationB . Resources Widget on the DashboardC . Support > ResourcesD . Application Command and Control CenterView AnswerAnswer: A

When deploying PAN-OS SD-WAN, which routing protocol can you use to build a routing overlay?A . OSPFv3B . BGPC . OSPFD . RIPView AnswerAnswer: C

As a best practice, which URL category should you target first for SSL decryption*?A . Online Storage and BackupB . High RiskC . Health and MedicineD . Financial ServicesView AnswerAnswer: B Explanation: https://docs.paloaltonetworks.com/best-practices/10-0/decryption-best-practices/decryption-best-practices/plan-ssl-decryption-best-practice-deployment.html Phase in decryption. Plan to decrypt the riskiest traffic first (URL Categories most likely to harbor malicious...

A remote administrator needs access to the firewall on an untrust interlace. Which three options would you configure on an interface Management profile lo secure management access? (Choose three)A . HTTPB . User-IDC . SSHD . HTTPSE . Permitted IP AddressesView AnswerAnswer: B,C,D Explanation: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/networking/configure-interfaces/use-interface-management-profiles-to-restrict-access.html