Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

PCNSE Exam Dumps - Paloalto Networks Palo Alto Certifications and Accreditations Questions and Answers

Question # 24

A network security engineer is attempting to peer a virtual router on a PAN-OS firewall with an external router using the BGP protocol. The peer relationship is not establishing. What command could the engineer run to see the current state of the BGP state between the two devices?

Options:

A.

show routing protocol bgp summary

B.

show routing protocol bgp rib-out

C.

show routing protocol bgp state

D.

show routing protocol bgp peer

Buy Now
Question # 25

A security engineer needs to mitigate packet floods that occur on a RSF servers behind the internet facing interface of the firewall. Which Security Profile should be applied to a policy to prevent these packet floods?

Options:

A.

DoS Protection profile

B.

Data Filtering profile

C.

Vulnerability Protection profile

D.

URL Filtering profile

Buy Now
Question # 26

An administrator notices that an interface configuration has been overridden locally on a firewall. They require all configuration to be managed from Panorama and overrides are not allowed. What is one way the administrator can meet this requirement?

Options:

A.

Perform a device-group commit push from Panorama using the "Include Device and Network Templates" option

B.

Perform a template commit push from Panorama using the "Force Template Values" option

C.

Perform a commit force from the CLI of the firewall

D.

Reload the running configuration and perform a firewall local commit

Buy Now
Question # 27

A firewall architect is attempting to install a new Palo Alto Networks NGFW. The company has previously had issues moving all administrative functions onto a data plane interface to meet the design limitations of the environment. The architect is able to access the device for HTTPS and SSH; however, the NGFW can neither validate licensing nor get updates. Which action taken by the architect will resolve this issue?

Options:

A.

Create a service route that sets the source interface to the data plane interface in question

B.

Validate that all upstream devices will allow and properly route the outbound traffic to the external destinations needed

C.

Create a loopback from the management interface to the data plane interface, then make a service route from the management interface to the data plane interface

D.

Enable OCSP for the data plane interface so the firewall will create a certificate with the data plane interface’s IP

Buy Now
Question # 28

A network security administrator wants to enable Packet-Based Attack Protection in a Zone Protection profile. What are two valid ways to enable Packet-Based Attack Protection? (Choose two.)

Options:

A.

ICMP Drop

B.

TCP Drop

C.

SYN Random Early Drop

D.

TCP Port Scan Block

Buy Now
Question # 29

Review the images. A firewall policy that permits web traffic includes the global-logs policy is depicted

What is the result of traffic that matches the "Alert - Threats" Profile Match List?

Options:

A.

The source address of SMTP traffic that matches a threat is automatically blocked as BadGuys for 180 minutes.

B.

The source address of traffic that matches a threat is automatically blocked as BadGuys for 180 minutes.

C.

The source address of traffic that matches a threat is automatically tagged as BadGuys for 180 minutes.

D.

The source address of SMTP traffic that matches a threat is automatically tagged as BadGuys for 180 minutes.

Buy Now
Question # 30

The decision to upgrade PAN-OS has been approved. The engineer begins the process by upgrading the Panorama servers, but gets an error when attempting the install.

When performing an upgrade on Panorama to PAN-OS. what is the potential cause of a failed install?

Options:

A.

Outdated plugins

B.

Global Protect agent version

C.

Expired certificates

D.

Management only mode

Buy Now
Question # 31

A firewall engineer needs to update a company's Panorama-managed firewalls to the latest version of PAN-OS. Strict security requirements are blocking internet access to Panorama and to the firewalls. The PAN-OS images have previously been downloaded to a secure host on the network.

Which path should the engineer follow to deploy the PAN-OS images to the firewalls?

Options:

A.

Upload the image to Panorama > Software menu, and deploy it to the firewalls. *

B.

Upload the image to Panorama > Device Deployment > Dynamic Updates menu, and deploy it to the firewalls.

C.

Upload the image to Panorama > Dynamic Updates menu, and deploy it to the firewalls.

D.

Upload the image to Panorama > Device Deployment > Software menu, and deploy it to the firewalls.

Buy Now
Question # 32

An administrator configures a preemptive active-passive high availability (HA) pair of firewalls and configures the HA election settings on firewall-02 with a device priority value of 100, and firewall-01 with a device priority value of 90.

When firewall-01 is rebooted, is there any action taken by the firewalls?

Options:

A.

No - Neither firewall takes any action because firewall-01 cannot be rebooted when configured with device priority of 90.

B.

No - Neither firewall takes any action because firewall-02 is already the active-primary member.

C.

Yes - Firewall-02 takes over as the active-primary firewall; firewall-01 takes over as the active-primary member after it becomes functional.

D.

Yes - Firewall-02 takes over as the active-primary firewall; firewall-02 remains the active-primary member after firewall-01 becomes functional.

Buy Now
Question # 33

A company has recently migrated their branch office's PA-220S to a centralized Panorama. This Panorama manages a number of PA-7000 Series and PA-5200 Series devices All device group and template configuration is managed solely within Panorama

They notice that commit times have drastically increased for the PA-220S after the migration

What can they do to reduce commit times?

Options:

A.

Disable "Share Unused Address and Service Objects with Devices" in Panorama Settings.

B.

Update the apps and threat version using device-deployment

C.

Perform a device group push using the "merge with device candidate config" option

D.

Use "export or push device config bundle" to ensure that the firewall is integrated with the Panorama config.

Buy Now
Exam Code: PCNSE
Exam Name: Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0
Last Update: Apr 1, 2025
Questions: 334
PCNSE pdf

PCNSE PDF

$25.5  $84.99
PCNSE Engine

PCNSE Testing Engine

$28.5  $94.99
PCNSE PDF + Engine

PCNSE PDF + Testing Engine

$40.5  $134.99