PCNSE exam

If a URL is in multiple custom URL categories with different actions, which action will take priority?A . AllowB . OverrideC . BlockD . AlertView AnswerAnswer: C Explanation: When a URL matches multiple categories, the category chosen is the one that has the most severe action defined below (block being...

Refer to the diagram. Users at an internal system want to ssh to the SSH server. The server is configured to respond only to the ssh requests coming from IP 172.16.16.1. In order to reach the SSH server only from the Trust zone, which Security rule and NAT rule must...

Refer to the exhibit. Using the above screenshot of the ACC, what is the best method to set a global filter, narrow down Blocked User Activity, and locate the user(s) that could be compromised by a botnet?A . Click the hyperlink for the Zero Access.Gen threat.B . Click the left...

Where can a service route be configured for a specific destination IP?A . Use Network > Virtual Routers, select the Virtual Router > Static Routes > IPv4B . Use Device > Setup > Services > ServicesC . Use Device > Setup > Services > Service Route Configuration > Customize >...

Which GlobalProtect gateway selling is required to enable split-tunneling by access route, destination domain, and application?A . No Direct Access to local networksB . Tunnel modeC . iPSec modeD . Satellite modeView AnswerAnswer: B

Which Panorama feature protects logs against data loss if a Panorama server fails?A . Panorama HA automatically ensures that no logs are lost if a server fails inside the HA Cluster.B . Panorama Collector Group with Log Redundancy ensures that no logs are lost if a server fails inside the...

Which two policy components are required to block traffic in real time using a dynamic user group (DUG)? (Choose two.)A . A Deny policy for the tagged trafficB . An Allow policy for the initial trafficC . A Decryption policy to decrypt the traffic and see the tagD . A...

An engineer configures SSL decryption in order to have more visibility to the internal users' traffic when it is regressing the firewall. Which three types of interfaces support SSL Forward Proxy? (Choose three.)A . High availability (HA)B . Layer 3C . Layer 2D . TapE . Virtual WireView AnswerAnswer: B,...

Which type of policy in Palo Alto Networks firewalls can use Device-ID as a match condition?A . NATB . DOS protectionC . QoSD . Tunnel inspectionView AnswerAnswer: C Explanation: The type of policy in Palo Alto Networks firewalls that can use Device-ID as a match condition is QoS. This is...

Which three external authentication services can the firewall use to authenticate admins into the Palo Alto Networks NGFW without creating administrator account on the firewall? (Choose three.)A . RADIUSB . TACACS+C . KerberosD . LDAPE . SAMLView AnswerAnswer: ABE Explanation: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/firewall-administration/manage-firewall-administrators/administrative-authentication#:~:text=The%20administrative%20accounts%20are%20defined,attributes%20on%20the%20SAML%20server.