PCNSE exam

A company needs to preconfigure firewalls to be sent to remote sites with the least amount of preconfiguration Once deployed each firewall must establish secure tunnels back to multiple regional data centers to include the future regional data centers Which VPN preconfigured configuration would adapt to changes when deployed to...

A security engineer needs to mitigate packet floods that occur on a set of servers behind the internet facing interface of the firewall. Which Security Profile should be applied to a policy to prevent these packet floods?A . URL Filtering profileB . Vulnerability Protection profileC . Data Filtering profileD ....

An administrator has purchased WildFire subscriptions for 90 firewalls globally. What should the administrator consider with regards to the WildFire infrastructure?A . To comply with data privacy regulations, WildFire signatures and verdicts are not shared globally.B . Palo Alto Networks owns and maintains one global cloud and four WildFire regional...

What happens to traffic traversing SD-WAN fabric that doesn't match any SD-WAN policies?A . Traffic is dropped because there is no matching SD-WAN policy to direct traffic.B . Traffic matches a catch-all policy that is created through the SD-WAN plugin.C . Traffic matches implied policy rules and is redistributed round...

During SSL decryption which three factors affect resource consumption1? (Choose three )A . TLS protocol versionB . transaction sizeC . key exchange algorithmD . applications that use non-standard portsE . certificate issuerView AnswerAnswer: A,B,C Explanation: https://docs.paloaltonetworks.com/best-practices/8-1/decryption-best-practices/decryption-best-practices/plan-ssl-decryption-best-practice-deployment.html

An administrator has a PA-820 firewall with an active Threat Prevention subscription The administrator is considering adding a WildFire subscription. How does adding the WildFire subscription improve the security posture of the organization1?A . Protection against unknown malware can be provided in near real-timeB . WildFire and Threat Prevention combine...

An existing NGFW customer requires direct interne! access offload locally at each site and iPSec connectivity to all branches over public internet. One requirement is mat no new SD-WAN hardware be introduced to the environment. What is the best solution for the customer?A . Configure a remote network on PAN-OSB...

Refer to the diagram. An administrator needs to create an address object that will be useable by the NYC. MA, CA and WA device groups Where will the object need to be created within the device-group hierarchy?A . AmericasB . USC . EastD . WestView AnswerAnswer: A

A prospect is eager to conduct a Security Lifecycle Review (SLR) with the aid of the Palo Alto Networks NGFW. Which interface type is best suited to provide the raw data for an SLR from the network in a way that is minimally invasive?A . Layer 3B . Virtual WireC...

In a security-first network what is the recommended threshold value for content updates to be dynamically updated?A . 1 to 4 hoursB . 6 to 12 hoursC . 24 hoursD . 36 hoursView AnswerAnswer: B Explanation: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/threat-prevention/best-practices-for-content-and-threat-content-updates/best-practices-security-first.html Schedule content updates so that they download-and-install automatically. Then, set a Threshold that...