PCNSE exam

During the implementation of SSL Forward Proxy decryption, an administrator imports the company's Enterprise Root CA and Intermediate CA certificates onto the firewall. The company's Root and Intermediate CA certificates are also distributed to trusted devices using Group Policy and GlobalProtect. Additional device certificates and/or Subordinate certificates requiring an Enterprise...

Phase two of a VPN will not establish a connection. The peer is using a policy-based VPN configuration. What part of the configuration should the engineer verify?A . IKE Crypto ProfileB . Security policyC . Proxy-IDsD . PAN-OS versionsView AnswerAnswer: C Explanation: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClbXCAS https://live.paloaltonetworks.com/t5/general-topics/phase-2-tunnel-is-not-up/td-p/424789

Which operation will impact the performance of the management plane?A . Decrypting SSL sessionsB . Generating a SaaS Application reportC . Enabling DoS protectionD . Enabling packet buffer protectionView AnswerAnswer: B Explanation: TIPS & TRICKS: REDUCING MANAGEMENT PLANE LOAD: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSvCAK TIPS & TRICKS: REDUCING MANAGEMENT PLANE LOAD―PART 2: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClU4CAK

An engineer is tasked with deploying SSL Forward Proxy decryption for their organization. What should they review with their leadership before implementation?A . Browser-supported cipher documentationB . Cipher documentation supported by the endpoint operating systemC . URL risk-based category distinctionsD . Legal compliance regulations and acceptable usage policiesView AnswerAnswer: D...

If a URL is in multiple custom URL categories with different actions, which action will take priority?A . AllowB . OverrideC . BlockD . AlertView AnswerAnswer: C Explanation: When a URL matches multiple categories, the category chosen is the one that has the most severe action defined below (block being...

Refer to the diagram. Users at an internal system want to ssh to the SSH server. The server is configured to respond only to the ssh requests coming from IP 172.16.16.1. In order to reach the SSH server only from the Trust zone, which Security rule and NAT rule must...

Refer to the exhibit. Using the above screenshot of the ACC, what is the best method to set a global filter, narrow down Blocked User Activity, and locate the user(s) that could be compromised by a botnet?A . Click the hyperlink for the Zero Access.Gen threat.B . Click the left...

Where can a service route be configured for a specific destination IP?A . Use Network > Virtual Routers, select the Virtual Router > Static Routes > IPv4B . Use Device > Setup > Services > ServicesC . Use Device > Setup > Services > Service Route Configuration > Customize >...

Which GlobalProtect gateway selling is required to enable split-tunneling by access route, destination domain, and application?A . No Direct Access to local networksB . Tunnel modeC . iPSec modeD . Satellite modeView AnswerAnswer: B

Which Panorama feature protects logs against data loss if a Panorama server fails?A . Panorama HA automatically ensures that no logs are lost if a server fails inside the HA Cluster.B . Panorama Collector Group with Log Redundancy ensures that no logs are lost if a server fails inside the...