PCNSE exam

An organization conducts research on the benefits of leveraging the Web Proxy feature of PAN-OS 11.0. What are two benefits of using an explicit proxy method versus a transparent proxy method? (Choose two.)A . No client configuration is required for explicit proxy, which simplifies the deployment complexity.B . Explicit proxy...

An engineer reviews high availability (HA) settings to understand a recent HA failover event. Review the screenshot below. Which timer determines the frequency at which the HA peers exchange messages in the form of an ICMP (ping)A . Hello IntervalB . Promotion Hold TimeC . Heartbeat IntervalD . Monitor Fail...

Which two statements correctly describe Session 380280? (Choose two.) A . The session went through SSL decryption processing.B . The session has ended with the end-reason unknown.C . The application has been identified as web-browsing.D . The session did not go through SSL decryption processing.View AnswerAnswer: A, C

Refer to the exhibit. Based on the screenshots above what is the correct order in which the various rules are deployed to firewalls inside the DATACENTER_DG device group?A . shared pre-rules DATACENTER DG pre rules rules configured locally on the firewall shared post-rules DATACENTER_DG post-rules DATACENTER.DG default rulesB . shared...

Which protocol is supported by GlobalProtect Clientless VPN?A . FTPB . RDPC . SSHD . HTTPSView AnswerAnswer: D Explanation: Virtual Desktop Infrastructure (VDI) and Virtual Machine (VM) environments, such as Citrix XenApp and XenDesktop or VMWare Horizon and Vcenter, support access natively through HTML5. You can RDP, VNC, or SSH...

A firewall engineer reviews the PAN-OS GlobalProtect application and sees that it implicitly uses web-browsing and depends on SSL. When creating a new rule, what is needed to allow the application to resolve dependencies?A . Add SSL and web-browsing applications to the same rule.B . Add web-browsing application to the...

An engineer is deploying multiple firewalls with common configuration in Panorama. What are two benefits of using nested device groups? (Choose two.)A . Inherit settings from the Shared groupB . Inherit IPSec crypto profilesC . Inherit all Security policy rules and objectsD . Inherit parent Security policy rules and objectsView...

Which three external authentication services can the firewall use to authenticate admins into the Palo Alto Networks NGFW without creating administrator account on the firewall? (Choose three.)A . RADIUSB . TACACS+C . KerberosD . LDAPE . SAMLView AnswerAnswer: ABE Explanation: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/firewall-administration/manage-firewall-administrators/administrative-authentication#:~:text=The%20administrative%20accounts%20are%20defined,attributes%20on%20the%20SAML%20server.

Which log type would provide information about traffic blocked by a Zone Protection profile?A . Data FilteringB . IP-TagC . TrafficD . ThreatView AnswerAnswer: D Explanation: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClhzCACD is the correct answer because the threat log type would provide information about traffic blocked by a Zone Protection profile. This is because...

What is the best definition of the Heartbeat Interval?A . The interval in milliseconds between hello packetsB . The frequency at which the HA peers check link or path availabilityC . The frequency at which the HA peers exchange pingD . The interval during which the firewall will remain active...