PCNSE exam

An administrator notices that an interface configuration has been overridden locally on a firewall. They require all configuration to be managed from Panorama and overrides are not allowed. What is one way the administrator can meet this requirement?A . Perform a commit force from the CLI of the firewall.B ....

Which three items must be configured to implement application override? (Choose three )A . Custom appB . Security policy ruleC . Application override policy ruleD . Decryption policy ruleE . Application filterView AnswerAnswer: ABC Explanation: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/policies/policies-application-override https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPDrCAO

Review the information below. A firewall engineer creates a U-NAT rule to allow users in the trust zone access to a server in the same zone by using an external, public NAT IP for that server. Given the rule below, what change should be made to make sure the NAT...

Which three actions can Panorama perform when deploying PAN-OS images to its managed devices? (Choose three.)A . upload-onlysB . install and rebootC . upload and installD . upload and install and rebootE . verify and installView AnswerAnswer: ACD Explanation: ttps://www.kareemccie.com/2021/05/palo-alto-firewall-packet-flow.html

Which GlobalProtect gateway selling is required to enable split-tunneling by access route, destination domain, and application?A . No Direct Access to local networksB . Tunnel modeC . iPSec modeD . Satellite modeView AnswerAnswer: B

An administrator has two pairs of firewalls within the same subnet. Both pairs of firewalls have been configured to use High Availability mode with Active/Passive. The ARP tables for upstream routes display the same MAC address being shared for some of these firewalls. What can be configured on one pair...

What type of address object would be useful for internal devices where the addressing structure assigns meaning to certain bits in the address, as illustrated in the diagram? A . IP NetmaskB . IP Wildcard MaskC . IP AddressD . IP RangeView AnswerAnswer: B Explanation: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/policy/use-address-object-to-represent-ip-addresses/address-objects

Which source is the most reliable for collecting User-ID user mapping?A . GlobalProtect B. Microsoft Active Directory C. Microsoft Exchange D. Syslog ListenerView AnswerAnswer: A Explanation: User-ID is a feature that enables you to identify and control users on your network based on their usernames instead of their IP addresses1....

What can be used to create dynamic address groups?A . dynamic address B. region objects C. tags D. FODN addressesView AnswerAnswer: C Explanation: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/policy/monitor-changes-in-the-virtual-environment/use-dynamic-address-groups-in-policy

An engineer is deploying multiple firewalls with common configuration in Panorama. What are two benefits of using nested device groups? (Choose two.)A . Inherit settings from the Shared group B. Inherit IPSec crypto profiles C. Inherit all Security policy rules and objects D. Inherit parent Security policy rules and objectsView...