PCNSE exam

Refer to the exhibit. An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the specific server based on the application, where Host A (10.1.1.100) receives HTTP traffic and HOST B (10.1.1.101) receives SSH traffic.) Which two security policy rules...

Which User-ID method maps IP addresses to usernames for users connecting through an 802.1x-enabled wireless network device that has no native integration with PAN-OS® software?A . XML APIB . Port MappingC . Client ProbingD . Server MonitoringView AnswerAnswer: A Explanation: Captive Portal and the other standard user mapping methods might...

An administrator has been asked to configure a Palo Alto Networks NGFW to provide protection against worms and trojans. Which Security Profile type will protect against worms and trojans?A . Anti-SpywareB . WildFireC . Vulnerability ProtectionD . AntivirusView AnswerAnswer: A Explanation: Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/policy/antivirus-profiles

Which option would an administrator choose to define the certificate and protocol that Panorama and its managed devices use for SSL/TLS services?A . Configure a Decryption Profile and select SSL/TLS services.B . Set up SSL/TLS under Polices > Service/URL Category>Service.C . Set up Security policy rule to allow SSL communication.D...

A customer has an application that is being identified as unknown-top for one of their custom PostgreSQL database connections. Which two configuration options can be used to correctly categorize their custom database application? (Choose two.)A . Application Override policy.B . Security policy to identify the custom application.C . Custom application.D...

An administrator accidentally closed the commit window/screen before the commit was finished. Which two options could the administrator use to verify the progress or success of that commit task? (Choose two.) A . Exhibit AB . Exhibit BC . Exhibit CD . Exhibit DView AnswerAnswer: A, D

If the firewall is configured for credential phishing prevention using the “Domain Credential Filter” method, which login will be detected as credential theft?A . Mapping to the IP address of the logged-in user.B . First four letters of the username matching any valid corporate username.C . Using the same user’s...

An administrator has users accessing network resources through Citrix XenApp 7 x. Which User-ID mapping solution will map multiple users who are using Citrix to connect to the network and access resources?A . Client ProbingB . Terminal Services agentC . GlobalProtectD . Syslog MonitoringView AnswerAnswer: B

SAML SLO is supported for which two firewall features? (Choose two.)A . GlobalProtect PortalB . CaptivePortalC . WebUID . CLIView AnswerAnswer: A,B

An administrator has been asked to configure active/active HA for a pair of Palo Alto Networks NGFWs. The firewall use Layer 3 interfaces to send traffic to a single gateway IP for the pair. Which configuration will enable this HA scenario? A. The two firewalls will share a single floating...