PCNSE exam

Which Security policy rule will allow an admin to block facebook chat but allow Facebook in general?A . Deny application facebook-chat before allowing application facebookB . Deny application facebook on topC . Allow application facebook on topD . Allow application facebook before denying application facebook-chatView AnswerAnswer: A Explanation: Reference: https://live.paloaltonetworks.com/t5/Configuration-Articles/Failed-to-Block-Facebook-Chat-Consistently/ta-p/115673

Which two actions would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL Forward Proxy? (Choose two.)A . Create a no-decrypt Decryption Policy rule.B . Configure an EDL to pull IP addresses of known sites resolved from a CRD . Create a Dynamic...

VPN traffic intended for an administrator’s Palo Alto Networks NGFW is being maliciously intercepted and retransmitted by the interceptor. When creating a VPN tunnel, which protection profile can be enabled to prevent this malicious behavior?A . Zone ProtectionB . DoS ProtectionC . Web ApplicationD . ReplayView AnswerAnswer: D

An administrator has been asked to configure active/active HA for a pair of Palo Alto Networks NGFWs. The firewall use Layer 3 interfaces to send traffic to a single gateway IP for the pair. Which configuration will enable this HA scenario? A. The two firewalls will share a single floating...

Which two methods can be configured to validate the revocation status of a certificate? (Choose two.)A . CRLB . CRTC . OCSPD . Cert-Validation-ProfileE . SSL/TLS Service ProfileView AnswerAnswer: A,C

What should an administrator consider when planning to revert Panorama to a pre-PAN-OS®8.1 version?A . Panorama cannot be reverted to an earlier PAN-OS®release if variables are used in templates or template stacks.B . An administrator must use the Expedition tool to adapt the configuration to the pre-PAN-OS®8.1 state.C . When...

A session in the Traffic log is reporting the application as “incomplete.” What does “incomplete” mean?A . The three-way TCP handshake was observed, but the application could not be identified.B . The three-way TCP handshake did not complete.C . The traffic is coming across UDP, and the application could not...

A speed/duplex negotiation mismatch is between the Palo Alto Networks management port and the switch port which it connects. How would an administrator configure the interface to 1Gbps?A . set deviceconfig interface speed-duplex 1Gbps-full-duplexB . set deviceconfig system speed-duplex 1Gbps-duplexC . set deviceconfig system speed-duplex 1Gbps-full-duplexD . set deviceconfig Interface...

Which version of GlobalProtect supports split tunneling based on destination domain, client process, and HTTP/HTTPS video streaming application?A . GlobalProtect version 4.0 with PAN-OS®8.1B . GlobalProtect version 4.1 with PAN-OS®8.1C . GlobalProtect version 4.1 with PAN-OS®8.0D . GlobalProtect version 4.0 with PAN-OS®8.0View AnswerAnswer: B

Refer to the exhibit. An administrator cannot see any of the Traffic logs from the Palo Alto Networks NGFW on Panoram a. The configuration problem seems to be on the firewall side. Where is the best place on the Palo Alto Networks NGFW to check whether the configuration is correct?...