Latest PCNSE Practice Tests with Actual Questions

Get Complete pool of questions with Premium PDF and Test Engine

Exam Code : PCNSE
Exam Name : Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 10
Vendor Name :
"Palo-Alto"

Download Full Version of PCNSE

---

PCNSE Dumps PCNSE Braindumps PCNSE Real Questions PCNSE Practice Test

PCNSE Actual Questions

Palo-Alto

PCNSE

Palo Alto Networks Certified Security Engineer (PCNSE)

PAN-OS 10

https://killexams.com/pass4sure/exam-detail/PCNSE

Which CLI command is used to determine how much disk space is allocated to logs?

1. show logging-status

2. show system info

3. debug log-receiver show

4. show system logdfo-quota

Answer: D

Question: 49

Which Panorama feature protects logs against data loss if a Panorama server fails?

1. Panorama HA automatically ensures that no logs are lost if a server fails inside the HA Cluster.

2. Panorama Collector Group with Log Redundancy ensures that no logs are lost if a server fails inside the Collector Group.

3. Panorama HA with Log Redundancy ensures that no logs are lost if a server fails inside the HA Cluster.

4. Panorama Collector Group automatically ensures that no logs are lost if a server fails inside the Collector Group

Answer: A

Question: 50

A network security engineer wants to prevent resource-consumption issues on the firewall. Which strategy is consistent with decryption best practices to ensure consistent performance?

1. Use RSA in a Decryption profile tor higher-priority and higher-risk traffic, and use less processor-intensive

   decryption methods for lower-risk traffic

2. Use PFS in a Decryption profile for higher-priority and higher-risk traffic, and use less processor-intensive decryption methods for tower-risk traffic

3. Use Decryption profiles to downgrade processor-intensive ciphers to ciphers that are less processor-intensive

4. Use Decryption profiles to drop traffic that uses processor-intensive ciphers

Answer: B

Question: 51

Using multiple templates in a stack to manage many firewalls provides which two advantages? (Choose two.)

1. inherit address-objects from templates

2. define a common standard template configuration for firewalls

3. standardize server profiles and authentication configuration across all stacks

4. standardize log-forwarding profiles for security polices across all stacks

Answer: B, C

Question: 52

In the screenshot above which two pieces ot information can be determined from the ACC configuration shown? (Choose two)

1. The Network Activity tab will display all applications, including FTP.

2. Threats with a severity of "high" are always listed at the top of the Threat Name list

3. Insecure-credentials, brute-force and protocol-anomaly are all a part of the vulnerability Threat Type

4. The ACC has been filtered to only show the FTP application

Answer: C, D

Question: 53

A company is using wireless controllers to authenticate users. Which source should be used for User-ID mappings?

1. Syslog

2. XFF headers

3. server monitoring

4. client probing

Answer: A

Question: 54

Which statement regarding HA timer settings is true?

1. Use the Recommended profile for typical failover timer settings

2. Use the Moderate profile for typical failover timer settings

3. Use the Aggressive profile for slower failover timer settings.

4. Use the Critical profile for faster failover timer settings.

Answer: A

An administrator is seeing one of the firewalls in a HA active/passive pair moved to ‘suspended" state due to Non- functional loop.

Which three actions will help the administrator troubleshool this issue? (Choose three.)

1. Use the CLI command show high-availability flap-statistics

2. Check the HA Link Monitoring interface cables.

3. Check the High Availability > Link and Path Monitoring settings.

4. Check High Availability > Active/Passive Settings > Passive Link State

5. Check the High Availability > HA Communications > Packet Forwarding settings.

Answer: A,B,D

Question: 56

An administrator has 750 firewalls. The administrator’s central-management Panorama instance deploys dynamic updates to the firewalls. The administrator notices that the dynamic updates from Panorama do not appear on some of the firewalls.

If Panorama pushes the configuration of a dynamic update schedule to managed firewalls, but the configuration does not appear, what is the root cause?

1. Panorama does not have valid licenses to push the dynamic updates.

2. Panorama has no connection to Palo Alto Networks update servers.

3. No service route is configured on the firewalls to Palo Alto Networks update servers.

4. Locally-defined dynamic update settings take precedence over the settings that Panorama pushed.

Answer: D

Question: 57

A client wants to detect the use of weak and manufacturer-default passwords for loT devices. Which option will help the customer?

1. Configure a Data Filtering profile with alert mode.

2. Configure an Antivirus profile with alert mode.

3. Configure a Vulnerability Protection profile with alert mode

4. Configure an Anti-Spyware profile with alert mode.

Answer: C

Question: 58

An administrator needs to evaluate a recent policy change that was committed and pushed to a firewall device group. How should the administrator identify the configuration changes?

1. review the configuration logs on the Monitor tab

2. click Preview Changes under Push Scope

3. use Test Policy Match to review the policies in Panorama

4. context-switch to the affected firewall and use the configuration audit tool

Answer: A
Explanation:

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/panorama-web-interface/panorama-commit- operations.html

Question: 59

A network administrator troubleshoots a VPN issue and suspects an IKE Crypto mismatch between peers. Where can the administrator find the corresponding logs after running a test command to initiate the VPN?

1. Configuration logs

2. System logs

3. Traffic logs

4. Tunnel Inspection logs

Answer: B

Question: 60

An administrator has configured a pair of firewalls using high availability in Active/Passive mode. Path Monitoring has been enabled with a Failure Condition of "any." A path group is configured with Failure Condition of "all" and contains a destination IP of 8.8.8.8 and 4.2.2.2 with a Ping Interval of 500ms and a Ping count of 3.

Which scenario will cause the Active firewall to fail over?

1. IP address 8.8.8.8 is unreachable for 1 second.

2. IP addresses 8.8.8.8 and 4.2.2.2 are unreachable for 1 second.

3. IP addresses 8.8.8.8 and 4.2.2.2 are unreachable for 2 seconds

4. IP address 4.2.2.2 is unreachable for 2 seconds.

Answer: C

Question: 61

Where is information about packet buffer protection logged?

1. Alert entries are in the Alarms log. Entries for dropped traffic, discarded sessions, and blocked IP address are in the Threat log

2. All entries are in the System log

3. Alert entries are in the System log. Entries for dropped traffic, discarded sessions and blocked IP addresses are in the Threat log

4. All entries are in the Alarms log

Answer: C
Explanation:

Graphical user interface, text, application

Description automatically generated

Question: 62

The administrator for a small company has recently enabled decryption on their Palo Alto Networks firewall using a self-signed root certificate. They have also created a Forward Trust and Forward Untrust certificate and set them as such.

The admin has not yet installed the root certificate onto client systems What effect would this have on decryption functionality?

1. Decryption will function and there will be no effect to end users

2. Decryption will not function because self-signed root certificates are not supported

3. Decryption will not function until the certificate is installed on client systems

4. Decryption will function but users will see certificate warnings for each SSL site they visit

Answer: D

Question: 63

A firewall administrator notices that many Host Sweep scan attacks are being allowed through the firewall sourced from the outside zone.

What should the firewall administrator do to mitigate this type of attack?

1. Create a DOS Protection profile with SYN Flood protection enabled and apply it to all rules allowing traffic from the outside zone

2. Enable packet buffer protection in the outside zone.

3. Create a Security rule to deny all ICMP traffic from the outside zone.

4. Create a Zone Protection profile, enable reconnaissance protection, set action to Block, and apply it to the outside zone.

Answer: D

Question: 64

An engineer is tasked with configuring a Zone Protection profile on the untrust zone. Which three settings can be configured on a Zone Protection profile? (Choose three.)

1. Ethernet SGT Protection

2. Protocol Protection

3. DoS Protection

4. Reconnaissance Protection

5. Resource Protection

Answer: A, B, D
Explanation:

1. Protocol Protection: is used to protect against known protocol vulnerabilities, such as buffer overflows and malformed packets.

   
   

2. DoS Protection: is used to protect against denial-of-service (DoS) attacks, such as SYN floods and ICMP floods.

   
   

3. Reconnaissance Protection: is used to protect against reconnaissance attacks, such as port scans and ping sweeps.

Question: 65

A firewall should be advertising the static route 10.2.0.0/24 Into OSPF. The configuration on the neighbor is correct, but the route is not in the neighbor’s routing table.

Which two configurations should you check on the firewall? (Choose two.)

1. In the OSFP configuration, ensure that the correct redistribution profile is selected in the OSPF Export Rules section.

2. Within the redistribution profile ensure that Redist is selected.

3. Ensure that the OSPF neighbor state Is "2-Way."

4. In the redistribution profile check that the source type is set to "ospf."

Answer: A,B

Question: 66

Given the following snippet of a WildFire submission log. did the end-user get access to the requested information and why or why not?

1. Yes. because the action is set to "allow ”

2. No because WildFire categorized a file with the verdict "malicious"

3. Yes because the action is set to "alert"

4. No because WildFire classified the seventy as "high."

Answer: C
Question: 67 DRAG DROP

Below are the steps in the workflow for creating a Best Practice Assessment in a firewall and Panorama configuration Place the steps in order.

Answer:

Explanation:

Step 1. In either the NGFW or in Panorama, on the Operations/Support tab, download the technical support file. Step 2. Log in to the Customer Support Portal (CSP) and navigate to Tools > Best Practice Assessment.

Step 3. Upload or drag and drop the technical support file.

Step 4. Map the zone type and area of the architecture to each zone. Step 5. Follow the steps to download the BPA report bundle.
Question: 68

You have upgraded Panorama to 10.2 and need to upgrade six Log Collectors.

When upgrading Log Collectors to 10.2, you must do what?

1. Upgrade the Log Collectors one at a time.

2. Add Panorama Administrators to each Managed Collector.

3. Add a Global Authentication Profile to each Managed Collector.

4. Upgrade all the Log Collectors at the same time.

Answer: D

Question: 69

How would an administrator configure a Bidirectional Forwarding Detection profile for BGP after enabling the Advance Routing Engine run on PAN-OS 10.2?

1. create a BFD profile under Network > Network Profiles > BFD Profile and then select the BFD profile under Network > Virtual Router > BGP > BFD

2. create a BFD profile under Network > Routing > Routing Profiles > BFD and then select the BFD profile under Network > Virtual Router > BGP > General > Global BFD Profile

3. create a BFD profile under Network > Routing > Routing Profiles > BFD and then select the BFD profile under Network > Routing > Logical Routers > BGP > General > Global BFD Profile

4. create a BFD profile under Network > Network Profiles > BFD Profile and then select the BFD profile under Network > Routing > Logical Routers > BGP > BFD

Answer: A

User: Natalie***** If you are looking for high-quality pcnse practice tests, Killexams.com is the ultimate choice. I was proven wrong about the usefulness of pcnse practice tests because Killexams.com provided me with excellent practice tests that helped me score high on the exam. If you are also worried about pcnse practice tests, you can trust Killexams.com.

User: Sidor***** Its great to hear that you have found killexams.com questions and answers useful in preparing for your exam. We understand the importance of having a reliable reference guide to improve your understanding, and we are glad that our product helped you achieve a high score.

User: Rodina***** I passed the pcnse exam with Killexams.com questions and answers. It is a hundred percent reliable, and most of the questions were similar to what I was given on the exam. I missed a few questions, but considering that I got the rest right, I passed with the right rankings. So, my recommendation is to thoroughly study the material you get in your guides from Killexams.com, as that is all you need to pass the pcnse exam.

User: Mishaye***** I chose Killexams.com because I not only wanted to pass the PCNSE exam, but I also wanted to achieve a high score that would make a great impression on others. Killexams.com provided me with the necessary support to accomplish this goal. I used their PCNSE questions to prepare, and I received the highest marks in the class. Killexams.com helped me succeed where others had failed.

User: Zhenya***** Thanks to the killexams.com kit, I took the PCNSE exam last month and passed it. It is an outstanding exam practice test, more reliable than I could have anticipated. All questions are valid, and it provides a wealth of practice information. I passed with over 97%, which is an excellent PCNSE exam score. I will be spreading the word among my friends because Killexams is outstanding and can be beneficial to many.

---