PCNSE exam

In a security-first network what is the recommended threshold value for content updates to be dynamically updated?A . 1 to 4 hoursB . 6 to 12 hoursC . 24 hoursD . 36 hoursView AnswerAnswer: B Explanation: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/threat-prevention/best-practices-for-content-and-threat-content-updates/best-practices-security-first.html Schedule content updates so that they download-and-install automatically. Then, set a Threshold that...

To ensure that a Security policy has the highest priority, how should an administrator configure a Security policy in the device group hierarchy?A . Add the policy in the shared device group as a pre-ruleB . Reference the targeted device's templates in the target device groupC . Add the policy...

An administrator has purchased WildFire subscriptions for 90 firewalls globally. What should the administrator consider with regards to the WildFire infrastructure?A . To comply with data privacy regulations, WildFire signatures and verdicts are not shared globally.B . Palo Alto Networks owns and maintains one global cloud and four WildFire regional...

A customer is replacing its legacy remote-access VPN solution Prisma Access has been selected as the replacement During onboarding, the following options and licenses were selected and enabled: The customer wants to forward to a Splunk SIEM the logs that are generated by users that are connected to Prisma Access...

An enterprise has a large Palo Alto Networks footprint that includes onsite firewalls and Prisma Access for mobile users, which is managed by Panorama. The enterprise already uses GlobalProtect with SAML authentication to obtain iP-to-user mapping information However information Security wants to use this information in Prisma Access for policy...

Which action disables Zero Touch Provisioning (ZTP) functionality on a ZTP firewall during the onboarding process?A . performing a local firewall commitB . removing the firewall as a managed device in PanoramaC . performing a factory reset of the firewallD . removing the Panorama serial number from the ZTP serviceView...

Which GlobalProtect gateway setting is required to enable split-tunneling by access route, destination domain, and application?A . No Direct Access to local networksB . Satellite modeC . Tunnel modeD . IPSec modeView AnswerAnswer: A Explanation: https://docs.paloaltonetworks.com/globalprotect/9-1/globalprotect-admin/globalprotect-gateways/split-tunnel-traffic-on-globalprotect-gateways/configure-a-split-tunnel-based-on-the-access-route.html

PBF can address which two scenarios? (Select Two)A . forwarding all traffic by using source port 78249 to a specific egress interfaceB . providing application connectivity the primary circuit failsC . enabling the firewall to bypass Layer 7 inspectionD . routing FTP to a backup ISP link to save bandwidth...

in a template you can configure which two objects? (Choose two.)A . SD WAN path quality profileB . application groupC . IPsec tunnelD . Monitor profileView AnswerAnswer: A,C

An administrator plans to deploy 15 firewalls to act as GlobalProtect gateways around the world Panorama will manage the firewalls. The firewalls will provide access to mobile users and act as edge locations to on-premises infrastructure. The administrator wants to scale the configuration out quickly and wants all of the...