PCNSE exam

Which two statements correctly describe Session 380280? (Choose two.) A . The session went through SSL decryption processing.B . The session has ended with the end-reason unknown.C . The application has been identified as web-browsing.D . The session did not go through SSL decryption processing.View AnswerAnswer: A, C

Refer to the exhibit. Based on the screenshots above what is the correct order in which the various rules are deployed to firewalls inside the DATACENTER_DG device group?A . shared pre-rules DATACENTER DG pre rules rules configured locally on the firewall shared post-rules DATACENTER_DG post-rules DATACENTER.DG default rulesB . shared...

Which protocol is supported by GlobalProtect Clientless VPN?A . FTPB . RDPC . SSHD . HTTPSView AnswerAnswer: D Explanation: Virtual Desktop Infrastructure (VDI) and Virtual Machine (VM) environments, such as Citrix XenApp and XenDesktop or VMWare Horizon and Vcenter, support access natively through HTML5. You can RDP, VNC, or SSH...

A firewall engineer reviews the PAN-OS GlobalProtect application and sees that it implicitly uses web-browsing and depends on SSL. When creating a new rule, what is needed to allow the application to resolve dependencies?A . Add SSL and web-browsing applications to the same rule.B . Add web-browsing application to the...

An engineer is deploying multiple firewalls with common configuration in Panorama. What are two benefits of using nested device groups? (Choose two.)A . Inherit settings from the Shared groupB . Inherit IPSec crypto profilesC . Inherit all Security policy rules and objectsD . Inherit parent Security policy rules and objectsView...

Which three external authentication services can the firewall use to authenticate admins into the Palo Alto Networks NGFW without creating administrator account on the firewall? (Choose three.)A . RADIUSB . TACACS+C . KerberosD . LDAPE . SAMLView AnswerAnswer: ABE Explanation: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/firewall-administration/manage-firewall-administrators/administrative-authentication#:~:text=The%20administrative%20accounts%20are%20defined,attributes%20on%20the%20SAML%20server.

Which log type would provide information about traffic blocked by a Zone Protection profile?A . Data FilteringB . IP-TagC . TrafficD . ThreatView AnswerAnswer: D Explanation: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClhzCACD is the correct answer because the threat log type would provide information about traffic blocked by a Zone Protection profile. This is because...

What is the best definition of the Heartbeat Interval?A . The interval in milliseconds between hello packetsB . The frequency at which the HA peers check link or path availabilityC . The frequency at which the HA peers exchange pingD . The interval during which the firewall will remain active...

Refer to the exhibit. Which will be the egress interface if the traffic's ingress interface is ethernet1/7 sourcing from 192.168.111.3 and to the destination 10.46.41.113?A . ethernet1/6B . ethernet1/3C . ethernet1/7D . ethernet1/5View AnswerAnswer: D Explanation: In the second image, VW ports mentioned are 1/5 and 1/7. Hence it can...

What are three tasks that cannot be configured from Panorama by using a template stack? (Choose three.)A . Change the firewall management IP addressB . Configure a device block listC . Add administrator accountsD . Rename a vsys on a multi-vsys firewallE . Enable operational modes such as normal mode,...