New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

Free PCNSE Questions Attempt

Page: 10 / 13
Question 40

An auditor is evaluating the configuration of Panorama and notices a discrepancy between the Panorama template and the local firewall configuration.

When overriding the firewall configuration pushed from Panorama, what should you consider?

Options:

A.

The firewall template will show that it is out of sync within Panorama.

B.

The modification will not be visible in Panorama.

C.

Only Panorama can revert the override.

D.

Panorama will update the template with the overridden value.

Question 41

Which two statements correctly describe Session 380280? (Choose two.)

Options:

A.

The session went through SSL decryption processing.

B.

The session has ended with the end-reason unknown.

C.

The application has been identified as web-browsing.

D.

The session did not go through SSL decryption processing.

Question 42

A network security engineer needs to enable Zone Protection in an environment that makes use of Cisco TrustSec Layer 2 protections

What should the engineer configure within a Zone Protection profile to ensure that the TrustSec packets are identified and actions are taken upon them?

Options:

A.

TCP Fast Open in the Strip TCP options

B.

Ethernet SGT Protection

C.

Stream ID in the IP Option Drop options

D.

Record Route in IP Option Drop options

Question 43

During the implementation of SSL Forward Proxy decryption, an administrator imports the company's Enterprise Root CA and Intermediate CA certificates onto the firewall. The company's Root and Intermediate CA certificates are also distributed to trusted devices using Group Policy and GlobalProtect. Additional device certificates and/or Subordinate certificates requiring an Enterprise CA chain of trust are signed by the company's Intermediate CA.

Which method should the administrator use when creating Forward Trust and Forward Untrust certificates on the firewall for use with decryption?

Options:

A.

Generate a single subordinate CA certificate for both Forward Trust and Forward Untrust.

B.

Generate a CA certificate for Forward Trust and a self-signed CA for Forward Untrust.

C.

Generate a single self-signed CA certificate for Forward Trust and another for Forward Untrust

D.

Generate two subordinate CA certificates, one for Forward Trust and one for Forward Untrust.

Page: 10 / 13
Exam Code: PCNSE
Exam Name: Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0
Last Update: Dec 30, 2024
Questions: 250
PCNSE pdf

PCNSE PDF

$25.5  $84.99
PCNSE Engine

PCNSE Testing Engine

$28.5  $94.99
PCNSE PDF + Engine

PCNSE PDF + Testing Engine

$40.5  $134.99