PCNSE exam

An administrator needs to build Security rules in a Device Group that allow traffic to specific users and groups defined in Active Directory What must be configured in order to select users and groups for those rules from Panorama?A . The Security rules must be targeted to a firewall in...

The UDP-4501 protocol-port is used between which two GlobalProtect components?A . GlobalProtect app and GlobalProtect gatewayB . GlobalProtect portal and GlobalProtect gatewayC . GlobalProtect app and GlobalProtect satelliteD . GlobalProtect app and GlobalProtect portalView AnswerAnswer: A Explanation: UDP 4501 Used for IPSec tunnel connections between GlobalProtect apps and gateways. https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall-administration/reference-port-number-usage/ports-used-for-globalprotect.html

Which GlobalProtect component must be configured to enable Chentless VPN?A . GlobalProtect satelliteB . GlobalProtect appC . GlobalProtect portalD . GlobalProtect gatewayView AnswerAnswer: C Explanation: Creating the GlobalProtect portal is as simple as letting it know if you have accessed it already. A new gateway for accessing the GlobalProtect portal...

Which statement accurately describes service routes and virtual systems?A . Virtual systems can only use one interface for all global service and service routes of the firewallB . The interface must be used for traffic to the required external servicesC . Virtual systems that do not have specific service routes...

A customer is replacing their legacy remote access VPN solution The current solution is in place to secure internet egress and provide access to resources located in the main datacenter for the connected clients. Prisma Access has been selected to replace the current remote access VPN solution. During onboarding the...

A standalone firewall with local objects and policies needs to be migrated into Panorama. What procedure should you use so Panorama is fully managing the firewall?A . Use the "import Panorama configuration snapshot" operation, then perform a device-group commit push with "include device and network templates"B . Use the "import...

Which two statements are true about DoS Protection and Zone Protection Profiles? (Choose two).A . Zone Protection Profiles protect ingress zonesB . Zone Protection Profiles protect egress zonesC . DoS Protection Profiles are packet-based, not signature-basedD . DoS Protection Profiles are linked to Security policy rulesView AnswerAnswer: A,D Explanation: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/zone-protection-and-dos-protection/zone-defense/zone-protection-profiles

Refer to the exhibit. Which certificate can be used as the Forward Trust certificate?A . Domain Sub-CAB . Domain-Root-CertC . Certificate from Default Trusted Certificate AuthoritiesD . Forward-TrustView AnswerAnswer: A

A traffic log might list an application as "not-applicable" for which two reasons'? (Choose two )A . The firewall did not install the sessionB . The TCP connection terminated without identifying any application dataC . The firewall dropped a TCP SYN packetD . There was not enough application data after...

The manager of the network security team has asked you to help configure the company's Security Profiles according to Palo Alto Networks best practice As part of that effort, the manager has assigned you the Vulnerability Protection profile for the internet gateway firewall Which action and packet-capture setting for items...