PCNSE exam

An administrator has purchased WildFire subscriptions for 90 firewalls globally. What should the administrator consider with regards to the WildFire infra-structure?A . To comply with data privacy regulations, WildFire signatures and ver-dicts are not shared globally.B . Palo Alto Networks owns and maintains one global cloud and four WildFire regional...

Refer to Exhibit: An administrator can not see any Traffic logs from the Palo Alto Networks NGFW in Panorama reports. The configuration problem seems to be on the firewall. Which settings, if configured incorrectly, most likely would stop only Traffic logs from being sent from the NGFW to Panorama? A)...

Which two profiles should be configured when sharing tags from threat logs with a remote User-ID agent? (Choose two.)A . Log IngestionB . HTTPC . Log ForwardingD . LDAPView AnswerAnswer: BC Explanation: >Threat logs, create a log forwarding profile to define how you want the firewall or Panorama to handle...

ln a security-first network, what is the recommended threshold value for apps and threats to be dynamically updated?A . 1 to 4 hoursB . 6 to 12 hoursC . 24 hoursD . 36 hoursView AnswerAnswer: B Explanation: Schedule content updates so that they download-and-install automatically. Then, set a Threshold that...

Which GlobalProtect gateway selling is required to enable split-tunneling by access route, destination domain, and application?A . No Direct Access to local networksB . Tunnel modeC . iPSec modeD . Satellite modeView AnswerAnswer: B Explanation: https://docs.paloaltonetworks.com/globalprotect/9-1/globalprotect-admin/globalprotect-gateways/split-tunnel-traffic-on-globalprotect-gateways/configure-a-split-tunnel-based-on-the-domain-and-application

An administrator receives the following error message: "IKE phase-2 negotiation failed when processing Proxy ID. Received local id 192.168 33 33/24 type IPv4 address protocol 0 port 0, received remote id 172.16 33.33/24 type IPv4 address protocol 0 port 0." How should the administrator identify the root cause of this...

An administrator has configured OSPF with Advanced Routing enabled on a Palo Alto Networks firewall running PAN-OS 10.2. After OSPF was configured, the administrator noticed that OSPF routes were not being learned. Which two actions could an administrator take to troubleshoot this issue? (Choose two.)A . Run the CLI command...

A security engineer needs firewall management access on a trusted interface. Which three settings are required on an SSL/TLS Service Profile to provide secure Web UI authentication? (Choose three.)A . Minimum TLS versionB . CertificateC . Encryption AlgorithmD . Maximum TLS versionE . Authentication AlgorithmView AnswerAnswer: ABD Explanation: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/certificate-management/configure-an-ssltls-service-profile

A company wants to add threat prevention to the network without redesigning the network routing. What are two best practice deployment modes for the firewall? (Choose two.)A . VirtualWireB . Layer3C . TAPD . Layer2View AnswerAnswer: AD Explanation: A and D are the best practice deployment modes for the firewall...

Which new PAN-OS 11.0 feature supports IPv6 traffic?A . DHCPv6 Client with Prefix DelegationB . OSPFC . DHCP ServerD . IKEv1View AnswerAnswer: A Explanation: https://docs.paloaltonetworks.com/compatibility-matrix/ipv6-support-by-feature/ipv6-support-by-feature-table