PCNSE exam

An administrator plans to deploy 15 firewalls to act as GlobalProtect gateways around the world Panorama will manage the firewalls. The firewalls will provide access to mobile users and act as edge locations to on-premises infrastructure. The administrator wants to scale the configuration out quickly and wants all of the...

What are three reasons for excluding a site from SSL decryption? (Choose three.)A . the website is not present in EnglishB . unsupported ciphersC . certificate pinningD . unsupported browser versionE . mutual authenticationView AnswerAnswer: B,C,E Explanation: Reasons that sites break decryption technically include pinned certificates, client authentication, incomplete certificate...

When you import the configuration of an HA pair into Panorama, how do you prevent the import from affecting ongoing traffic?A . Disable HAB . Disable the HA2 linkC . Disable config syncD . Set the passive link state to 'shutdown.-View AnswerAnswer: C Explanation: Updated reference: https://docs.paloaltonetworks.com/panorama/10-1/panorama-admin/manage-firewalls/transition-a-firewall-to-panorama-management/migrate-a-firewall-ha-pair-to-panorama-management.html Step 2 is...

A company needs to preconfigure firewalls to be sent to remote sites with the least amount of preconfiguration Once deployed each firewall must establish secure tunnels back to multiple regional data centers to include the future regional data centers Which VPN preconfigured configuration would adapt to changes when deployed to...

An administrator is attempting to create policies tor deployment of a device group and template stack When creating the policies, the zone drop down list does not include the required zone. What must the administrator do to correct this issue?A . Specify the target device as the master device in...

An engineer is planning an SSL decryption implementation Which of the following statements is a best practice for SSL decryption?A . Obtain an enterprise CA-signed certificate for the Forward Trust certificateB . Obtain a certificate from a publicly trusted root CA for the Forward Trust certificateC . Use an enterprise...

A remote administrator needs firewall access on an untrusted interface. Which two components are required on the firewall to configure certificate-based administrator authentication to the web Ul? (Choose two)A . client certificateB . certificate profileC . certificate authority (CA) certificateD . server certificateView AnswerAnswer: A,B Explanation: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/firewall-administration/manage-firewall-administrators/configure-administrative-accounts-and-authentication/configure-certificate-based-administrator-authentication-to-the-web-interface.html

When setting up a security profile which three items can you use? (Choose three)A . Wildfire analysisB . anti-ransom wareC . antivirusD . URL filteringE . decryption profileView AnswerAnswer: A,C,D Explanation: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/policy/security-profiles

What is a key step in implementing WildFire best practices?A . In a mission-critical network, increase the WildFire size limits to the maximum valueB . In a security-first network set the WildFire size limits to the minimum valueC . Configure the firewall to retrieve content updates every minuteD . Ensure...

When an in-band data port is set up to provide access to required services, what is required for an interface that is assigned to service routes?A . The interface must be used for traffic to the required servicesB . You must enable DoS and zone protectionC . You must set...