PCNSE exam

Which GloDalProtecI gateway setting is required to enable split-tunneting by access route, destination domain and application?A . Tunnel modeB . Satellite modeC . IPSec modeD . No Direct Access to local networksView AnswerAnswer: A Explanation: https://docs.paloaltonetworks.com/globalprotect/9-1/globalprotect-admin/globalprotect-gateways/split-tunnel-traffic-on-globalprotect-gateways/configure-a-split-tunnel-based-on-the-domain-and-application

An administrator Just enabled HA Heartbeat Backup on two devices However, the status on tie firewall's dashboard is showing as down High Availability. What could an administrator do to troubleshoot the issue?A . Go to Device > High Availability> General > HA Pair Settings > Setup and configuring the peer...

A firewall engineer creates a destination static NAT rule to allow traffic from the internet to a webserver hosted behind the edge firewall. The pre-NAT IP address of the server is 153.6 12.10, and the post-NAT IP address is 192.168.10.10. Refer to the routing and interfaces information below. What should...

After importing a pre-configured firewall configuration to Panorama, what step is required to ensure a commit/push is successful without duplicating local configurations?A . Ensure Force Template Values is checked when pushing configuration.B . Push the Template first, then push Device Group to the newly managed firewall.C . Perform the Export...

Given the following snippet of a WildFire submission log, did the end user successfully download a file?A . No, because the URL generated an alert.B . Yes, because both the web-browsing application and the flash file have the 'alert" action.C . Yes, because the final action is set to "allow.''D...

An administrator troubleshoots an issue that causes packet drops. Which log type will help the engineer verify whether packet buffer protection was activated?A . Data FilteringB . ConfigurationC . ThreatD . TrafficView AnswerAnswer: C Explanation: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNGFCA4

A company wants to add threat prevention to the network without redesigning the network routing. What are two best practice deployment modes for the firewall? (Choose two.)A . VirtualWireB . Layer3C . TAPD . Layer2View AnswerAnswer: AD Explanation: A and D are the best practice deployment modes for the firewall...

You are auditing the work of a co-worker and need to verify that they have matched the Palo Alto Networks Best Practices for Anti-Spyware Profiles. For which three severity levels should single-packet captures be enabled to meet the Best Practice standard? (Choose three.)A . LowB . HighC . CriticalD ....

A security engineer needs firewall management access on a trusted interface. Which three settings are required on an SSL/TLS Service Profile to provide secure Web UI authentication? (Choose three.)A . Minimum TLS versionB . CertificateC . Encryption AlgorithmD . Maximum TLS versionE . Authentication AlgorithmView AnswerAnswer: ABD Explanation: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/certificate-management/configure-an-ssltls-service-profile

A network security administrator wants to begin inspecting bulk user HTTPS traffic flows egressing out of the internet edge firewall. Which certificate is the best choice to configure as an SSL Forward Trust certificate?A . A self-signed Certificate Authority certificate generated by the firewallB . A Machine Certificate for the...