PCNSE exam

To protect your firewall and network from single source denial of service (DoS) attacks that can overwhelm its packet buffer and cause legitimate traffic to drop, you can configure.A . BGP (Border Gateway Protocol)B . PBP (Packet Buffer Protection)C . PGP (Packet Gateway Protocol)D . PBP (Protocol Based Protection)View AnswerAnswer:...

An administrator accidentally closed the commit window/screen before the commit was finished. Which two options could the administrator use to verify the progress or success of that commit task? (Choose two.) A . Exhibit AB . Exhibit BC . Exhibit CD . Exhibit DView AnswerAnswer: A,D

Which DoS protection mechanism detects and prevents session exhaustion attacks?A . Packet Based Attack ProtectionB . Flood ProtectionC . Resource ProtectionD . TCP Port Scan ProtectionView AnswerAnswer: C Explanation: Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/policy/dos-protection-profiles

An administrator just submitted a newly found piece of spyware for WildFire analysis. The spyware passively monitors behavior without the user’s knowledge. What is the expected verdict from WildFire?A . GraywareB . MalwareC . SpywareD . PhishingView AnswerAnswer: A Explanation: Wildfire verdictions are as follow1-Begnin2-Greyware3-Mallicious4-Phishing https://www.paloaltonetworks.com/documentation/80/wildfire/wf_admin/wildfire-overview/wildfire-concepts/verdicts

An administrator is defining protection settings on the Palo Alto Networks NGFW to guard against resource exhaustion. When platform utilization is considered, which steps must the administrator take to configure and apply packet buffer protection?A . Enable and configure the Packet Buffer protection thresholds.Enable Packet Buffer Protection per ingress zone.B...

Which Zone Pair and Rule Type will allow a successful connection for a user on the internet zone to a web server hosted in the DMZ zone? The web server is reachable using a destination Nat policy in the Palo Alto Networks firewall.A . Zone Pair: Source Zone: Internet Destination...

A customer wants to set up a VLAN interface for a Layer 2 Ethernet port. Which two mandatory options are used to configure a VLAN interface? (Choose two.)A . Virtual routerB . Security zoneC . ARP entriesD . Netflow ProfileView AnswerAnswer: A,B Explanation: Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/network/network-interfaces/pa-7000-series- layer-2-interface#idd2bcaacc-54b9-4ec9-a1dd-8064499f5b9d

During the packet flow process, which two processes are performed in application identification? (Choose two.)A . Pattern based application identificationB . Application override policy matchC . Application changed from content inspectionD . Session application identified.View AnswerAnswer: A,B Explanation: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVHCA0 http://live.paloaltonetworks.com//t5/image/serverpage/image-id/12862i950F549C7D4E6309

A web server is hosted in the DMZ and the server is configured to listen for incoming connections on TCP port 443. A Security policies rules allowing access from the Trust zone to the DMZ zone needs to be configured to allow web-browsing access. The web server hosts its contents...

Which version of GlobalProtect supports split tunneling based on destination domain, client process, and HTTP/HTTPS video streaming application?A . GlobalProtect version 4.0 with PAN-OS 8.1B . GlobalProtect version 4.1 with PAN-OS 8.1C . GlobalProtect version 4.1 with PAN-OS 8.0D . GlobalProtect version 4.0 with PAN-OS 8.0View AnswerAnswer: B