PCNSE exam

The firewall determines if a packet is the first packet of a new session or if a packet is part of an existing session using which kind of match?A . 6-tuple match: Source IP Address, Destination IP Address, Source port, Destination Port, Protocol, and Source Security ZoneB . 5-tuple match:...

Which virtual router feature determines if a specific destination IP address is reachable?A . Heartbeat MonitoringB . FailoverC . Path MonitoringD . Ping-PathView AnswerAnswer: C Explanation: Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/policy/pbf

An administrator has users accessing network resources through Citrix XenApp 7 x. Which User-ID mapping solution will map multiple users who are using Citrix to connect to the network and access resources?A . Client ProbingB . Terminal Services agentC . GlobalProtectD . Syslog MonitoringView AnswerAnswer: B

Which Security policy rule will allow an admin to block facebook chat but allow Facebook in general?A . Deny application facebook-chat before allowing application facebookB . Deny application facebook on topC . Allow application facebook on topD . Allow application facebook before denying application facebook-chatView AnswerAnswer: A Explanation: Reference: https://live.paloaltonetworks.com/t5/Configuration-Articles/Failed-to-Block-Facebook-Chat-Consistently/ta-p/115673

A bootstrap USB flash drive has been prepared using a Windows workstation to load the initial configuration of a Palo Alto Networks firewall that was previously being used in a lab. The USB flash drive was formatted using file system FAT32 and the initial configuration is stored in a file...

Which CLI command is used to simulate traffic going through the firewall and determine which Security policy rule, NAT translation, static route, or PBF rule will be triggered by the traffic?A . checkB . findC . testD . simView AnswerAnswer: C Explanation: Reference: http://www.shanekillen.com/2014/02/palo-alto-useful-cli-commands.html

An administrator needs to upgrade a Palo Alto Networks NGFW to the most current version of PAN-OS® software. The firewall has internet connectivity through an Ethernet interface, but no internet connectivity from the management interface. The Security policy has the default security rules and a rule that allows all web-browsing...

An administrator has been asked to configure a Palo Alto Networks NGFW to provide protection against external hosts attempting to exploit a flaw in an operating system on an internal system. Which Security Profile type will prevent this attack?A . Vulnerability ProtectionB . Anti-SpywareC . URL FilteringD . AntivirusView AnswerAnswer:...

A client has a sensitive application server in their data center and is particularly concerned about session flooding because of denial of-service attacks. How can the Palo Alto Networks NGFW be configured to specifically protect this server against session floods originating from a single IP address?A . Define a custom...

Which method does an administrator use to integrate all non-native MFA platforms in PAN-OS® software?A . OktaB . DUOC . RADIUSD . PingIDView AnswerAnswer: C Explanation: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/authentication/authentication-types/multi-factor-authentication