PCNSE exam

What are two common reasons to use a "No Decrypt" action to exclude traffic from SSL decryption? (Choose two.)A . the website matches a category that is not allowed for most usersB . the website matches a high-risk categoryC . the web server requires mutual authenticationD . the website matches...

A client has a sensitive application server in their data center and is particularly concerned about resource exhaustion because of distributed denial-of-service attacks. How can the Palo Alto Networks NGFW be configured to specifically protect this server against resource exhaustion originating from multiple IP addresses (DDoS attack)?A . Define a...

In a firewall, which three decryption methods are valid? (Choose three)A . SSL Inbound InspectionB . SSL Outbound Proxyless InspectionC . SSL Inbound ProxyD . Decryption MirrorE . SSH ProxyView AnswerAnswer: A,D,E

A firewall is configured with SSL Forward Proxy decryption and has the following four enterprise certificate authorities (Cas) i. Enterprise-Trusted-CA; which is verified as Forward Trust Certificate (The CA is also installed in the trusted store of the end-user browser and system) ii. Enterpnse-Untrusted-CA, which is verified as Forward Untrust...

An administrator has enabled OSPF on a virtual router on the NGFW. OSPF is not adding new routes to the virtual router . Which two options enable the administrator to troubleshoot this issue? (Choose two.)A . View Runtime Stats in the virtual router.B . View System logs.C . Add a...

Which option would an administrator choose to define the certificate and protocol that Panorama and its managed devices use for SSL/TLS services?A . Configure a Decryption Profile and select SSL/TLS services.B . Set up SSL/TLS under Polices > Service/URL Category>Service.C . Set up Security policy rule to allow SSL communication.D...

Which operation will impact the performance of the management plane?A . WildFire SubmissionsB . DoS ProtectionC . decrypting SSL SessionsD . Generating a SaaS Application Report.View AnswerAnswer: D Explanation: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSvCAK Decrypting SSL Sessions is a dataplane task.DoS Protection is a Dataplane task.Wildfire submissions is a Dataplane task.Generating a SaaS Application...

An administrator is considering upgrading the Palo Alto Networks NGFW and central management Panorama version What is considered best practice for this scenario?A . Perform the Panorama and firewall upgrades simultaneouslyB . Upgrade the firewall first wait at least 24 hours and then upgrade the Panorama versionC . Upgrade Panorama...

An administrator has 750 firewalls. The administrator's central-management Panorama instance deploys dynamic updates to the firewalls. The administrator notices that the dynamic updates from Panorama do not appear on some of the firewalls. If Panorama pushes the configuration of a dynamic update schedule to managed firewalls, but the configuration does...

Which two statements correctly identify the number of Decryption Broker security chains that are supported on a pair of decryption-forwarding interfaces'? (Choose two)A . A single transparent bridge security chain is supported per pair of interfacesB . L3 security chains support up to 32 security chainsC . L3 security chains...