PCNSE exam

An administrator needs to troubleshoot a User-ID deployment The administrator believes that there is an issue related to LDAP authentication The administrator wants to create a packet capture on the management plane Which CLI command should the administrator use to obtain the packet capture for validating the configuration^A . >...

An engineer is planning an SSL decryption implementation Which of the following statements is a best practice for SSL decryption?A . Obtain an enterprise CA-signed certificate for the Forward Trust certificateB . Obtain a certificate from a publicly trusted root CA for the Forward Trust certificateC . Use an enterprise...

An organization has recently migrated its infrastructure and configuration to NGFWs, for which Panorama manages the devices The organization is coming from a L2-L4 firewall vendor, but wants to use App-ID while identifying policies that are no longer needed Which Panorama tool can help this organization?A . Config AuditB ....

In a device group, which two configuration objects are defined? (Choose two )A . DNS ProxyB . address groupsC . SSL/TLS profilesD . URL Filtering profilesView AnswerAnswer: C,D

Which two statements correctly identify the number of Decryption Broker security chains that are supported on a pair of decryption-forwarding interfaces'? (Choose two)A . A single transparent bridge security chain is supported per pair of interfacesB . L3 security chains support up to 32 security chainsC . L3 security chains...

What is considered the best practice with regards to zone protection?A . Review DoS threat activity (ACC > Block Activity) and look for patterns of abuseB . Use separate log-forwarding profiles to forward DoS and zone threshold event logs separately from other threat logsC . If the levels of zone...

Use the image below. If the firewall has the displayed link monitoring configuration what will cause a failover?A . ethernet1/3 and ethernet1/6 going downB . ethernet1/3 going downC . ethernet1/6 going downD . ethernet1/3 or ethernet1/6 going downView AnswerAnswer: A Explanation: Link Monitoring Failure Condition is All / Link Group...

Which statement is true regarding a Best Practice Assessment?A . It shows how your current configuration compares to Palo Alto Networks recommendationsB . It runs only on firewallsC . When guided by an authorized sales engineer, it helps determine the areas of greatest risk where you should focus prevention activities.D...

Which GlobalProtect gateway setting is required to enable split-tunneling by access route, destination domain, and application?A . No Direct Access to local networksB . Satellite modeC . Tunnel modeD . IPSec modeView AnswerAnswer: A Explanation: https://docs.paloaltonetworks.com/globalprotect/9-1/globalprotect-admin/globalprotect-gateways/split-tunnel-traffic-on-globalprotect-gateways/configure-a-split-tunnel-based-on-the-access-route.html

A network administrator wants to use a certificate for the SSL/TLS Service Profile. Which type of certificate should the administrator use?A . certificate authority (CA) certificateB . client certificateC . machine certificateD . server certificateView AnswerAnswer: D Explanation: Use only signed certificates, not CA certificates, in SSL/TLS service profiles. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/certificate-management/configure-an-ssltls-service-profile.html