New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

Palo Alto Certifications and Accreditations PCNSE Book

Page: 11 / 13
Question 44

A firewall engineer creates a source NAT rule to allow the company's internal private network 10.0.0.0/23 to access the internet. However, for security reasons, one server in that subnet (10.0.0.10/32) should not be allowed to access the internet, and therefore should not be translated with the NAT rule.

Which set of steps should the engineer take to accomplish this objective?

Options:

A.

1. Create a source NAT rule (NAT-Rule-1) to translate 10.0.0/23 with source address translation set to dynamic IP and port.

2. Create another NAT rule (NAT-Rule-2) with source IP address in the original packet set to 10.0.0.10/32 and source translation set to none.

3. Place (NAT-Rule-1) above (NAT-Rule-2).

B.

1- Create a NAT rule (NAT-Rule-1) and set the source address in the original packet to 10.0.0.0/23.

2. Check the box for negate option to negate this IP subnet from NAT translation.

C.

1. Create a source NAT rule (NAT-Rule-1) to translate 10.0.0/23 with source address translation set to dynamic IP and port.

2. Create another NAT rule (NAT-Rule-2) with source IP address in the original packet set to 10.0.0.10/32 and source translation set to none.

3. Place (NAT-Rule-2) above (NAT-Rule-1).

D.

1. Create a NAT rule (NAT-Rule-1) and set the source address in the original packet to 10.0.0.10/32.

2. Check the box for negate option to negate this IP from the NAT translation.

Question 45

A security engineer needs firewall management access on a trusted interface.

Which three settings are required on an SSL/TLS Service Profile to provide secure Web UI authentication? (Choose three.)

Options:

A.

Minimum TLS version

B.

Certificate

C.

Encryption Algorithm

D.

Maximum TLS version

E.

Authentication Algorithm

Question 46

An administrator would like to determine which action the firewall will take for a specific CVE. Given the screenshot below, where should the administrator navigate to view this information?

Options:

A.

The profile rule action

B.

CVE column

C.

Exceptions lab

D.

The profile rule threat name

Question 47

Which DoS Protection Profile detects and prevents session exhaustion attacks against specific destinations?

Options:

A.

Resource Protection

B.

TCP Port Scan Protection

C.

Packet Based Attack Protection

D.

Packet Buffer Protection

Page: 11 / 13
Exam Code: PCNSE
Exam Name: Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0
Last Update: Dec 21, 2024
Questions: 250
PCNSE pdf

PCNSE PDF

$25.5  $84.99
PCNSE Engine

PCNSE Testing Engine

$28.5  $94.99
PCNSE PDF + Engine

PCNSE PDF + Testing Engine

$40.5  $134.99