Winter Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bigdisc65

Pass PCNSE Exam Guide

Page: 3 / 13
Question 12

An administrator needs to identify which NAT policy is being used for internet traffic.

From the Monitor tab of the firewall GUI, how can the administrator identify which NAT policy is in use for a traffic flow?

Options:

A.

Click Session Browser and review the session details.

B.

Click Traffic view and review the information in the detailed log view.

C.

Click Traffic view; ensure that the Source or Destination NAT columns are included and review the information in the detailed log view.

D.

Click App Scope > Network Monitor and filter the report for NAT rules.

Question 13

An organization conducts research on the benefits of leveraging the Web Proxy feature of PAN-OS 11.0.

What are two benefits of using an explicit proxy method versus a transparent proxy method? (Choose two.)

Options:

A.

No client configuration is required for explicit proxy, which simplifies the deployment complexity.

B.

Explicit proxy supports interception of traffic using non-standard HTTPS ports.

C.

It supports the X-Authenticated-User (XAU) header, which contains the authenticated username in the outgoing request.

D.

Explicit proxy allows for easier troubleshooting, since the client browser is aware of the existence of the proxy.

Question 14

An engineer must configure a new SSL decryption deployment.

Which profile or certificate is required before any traffic that matches an SSL decryption rule is decrypted?

Options:

A.

A Decryption profile must be attached to the Decryption policy that the traffic matches.

B.

A Decryption profile must be attached to the Security policy that the traffic matches.

C.

There must be a certificate with only the Forward Trust option selected.

D.

There must be a certificate with both the Forward Trust option and Forward Untrust option selected.

Question 15

An administrator has two pairs of firewalls within the same subnet. Both pairs of firewalls have been configured to use High Availability mode with Active/Passive. The ARP tables for upstream routes display the same MAC address being shared for some of these firewalls.

What can be configured on one pair of firewalls to modify the MAC addresses so they are no longer in conflict?

Options:

A.

Configure a floating IP between the firewall pairs.

B.

Change the Group IDs in the High Availability settings to be different from the other firewall pair on the same subnet.

C.

Change the interface type on the interfaces that have conflicting MAC addresses from L3 to VLAN.

D.

On one pair of firewalls, run the CLI command: set network interface vlan arp.

Page: 3 / 13
Exam Code: PCNSE
Exam Name: Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0
Last Update: Nov 21, 2024
Questions: 250
PCNSE pdf

PCNSE PDF

$28  $80
PCNSE Engine

PCNSE Testing Engine

$33.25  $95
PCNSE PDF + Engine

PCNSE PDF + Testing Engine

$45.5  $130