PCNSE exam

Refer to the exhibit. Using the above screenshot of the ACC, what is the best method to set a global filter, narrow down Blocked User Activity, and locate the user(s) that could be compromised by a botnet?A . Click the hyperlink for the Zero Access.Gen threat.B . Click the left...

Where can a service route be configured for a specific destination IP?A . Use Network > Virtual Routers, select the Virtual Router > Static Routes > IPv4B . Use Device > Setup > Services > ServicesC . Use Device > Setup > Services > Service Route Configuration > Customize >...

Which GlobalProtect gateway selling is required to enable split-tunneling by access route, destination domain, and application?A . No Direct Access to local networksB . Tunnel modeC . iPSec modeD . Satellite modeView AnswerAnswer: B

Which Panorama feature protects logs against data loss if a Panorama server fails?A . Panorama HA automatically ensures that no logs are lost if a server fails inside the HA Cluster.B . Panorama Collector Group with Log Redundancy ensures that no logs are lost if a server fails inside the...

Which two policy components are required to block traffic in real time using a dynamic user group (DUG)? (Choose two.)A . A Deny policy for the tagged trafficB . An Allow policy for the initial trafficC . A Decryption policy to decrypt the traffic and see the tagD . A...

An engineer configures SSL decryption in order to have more visibility to the internal users' traffic when it is regressing the firewall. Which three types of interfaces support SSL Forward Proxy? (Choose three.)A . High availability (HA)B . Layer 3C . Layer 2D . TapE . Virtual WireView AnswerAnswer: B,...

Which type of policy in Palo Alto Networks firewalls can use Device-ID as a match condition?A . NATB . DOS protectionC . QoSD . Tunnel inspectionView AnswerAnswer: C Explanation: The type of policy in Palo Alto Networks firewalls that can use Device-ID as a match condition is QoS. This is...

Which three external authentication services can the firewall use to authenticate admins into the Palo Alto Networks NGFW without creating administrator account on the firewall? (Choose three.)A . RADIUSB . TACACS+C . KerberosD . LDAPE . SAMLView AnswerAnswer: ABE Explanation: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/firewall-administration/manage-firewall-administrators/administrative-authentication#:~:text=The%20administrative%20accounts%20are%20defined,attributes%20on%20the%20SAML%20server.

An administrator notices that an interface configuration has been overridden locally on a firewall. They require all configuration to be managed from Panorama and overrides are not allowed. What is one way the administrator can meet this requirement?A . Perform a commit force from the CLI of the firewall.B ....

Based on the graphic which statement accurately describes the output shown in the Server Monitoring panel? A . The User-ID agent is connected to a domain controller labeled lab-clientB . The host lab-client has been found by a domain controllerC . The host lab-client has been found by the User-ID...