Weekend Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

PCNSE Exam Dumps - Paloalto Networks Palo Alto Certifications and Accreditations Questions and Answers

Question # 44

An administrator Just enabled HA Heartbeat Backup on two devices However, the status on tie firewall's dashboard is showing as down High Availability.

What could an administrator do to troubleshoot the issue?

Options:

A.

Go to Device > High Availability> General > HA Pair Settings > Setup and configuring the peer IP for heartbeat backup

B.

Check peer IP address In the permit list In Device > Setup > Management > Interfaces > Management Interface Settings

C.

Go to Device > High Availability > HA Communications> General> and check the Heartbeat Backup under Election Settings

D.

Check peer IP address for heartbeat backup to Device > High Availability > HA Communications > Packet Forwarding settings.

Buy Now
Question # 45

What is the best description of the Cluster Synchronization Timeout (min)?

Options:

A.

The maximum time that the local firewall waits before going to Active state when another cluster member is preventing the cluster from fully synchronizing

B.

The time that a passive or active-secondary firewall will wait before taking over as the active or active-primary firewall

C.

The timeframe within which the firewall must receive keepalives from a cluster member to know that the cluster member is functional

D.

The maximum interval between hello packets that are sent to verify that the HA functionality on the other firewall is operational

Buy Now
Question # 46

When an engineer configures an active/active high availability pair, which two links can they use? (Choose two)

Options:

A.

HSCI-C

B.

Console Backup

C.

HA3

D.

HA2 backup

Buy Now
Question # 47

An administrator is assisting a security engineering team with a decryption rollout for inbound and forward proxy traffic. Incorrect firewall sizing is preventing the team from decrypting all of the traffic they want to decrypt. Which three items should be prioritized for decryption? (Choose three.)

Options:

A.

Financial, health, and government traffic categories

B.

Known traffic categories

C.

Known malicious IP space

D.

Public-facing servers,

E.

Less-trusted internal IP subnets

Buy Now
Question # 48

An administrator has a Palo Alto Networks NGFW. All security subscriptions and decryption are enabled and the system is running close to its resource limits.

Knowing that using decryption can be resource-intensive, how can the administrator reduce the load on the firewall?

Options:

A.

Use RSA instead of ECDSA for traffic that isn't sensitive or high-priority.

B.

Use the highest TLS protocol version to maximize security.

C.

Use ECDSA instead of RSA for traffic that isn't sensitive or high-priority.

D.

Use SSL Forward Proxy instead of SSL Inbound Inspection for decryption.

Buy Now
Question # 49

An engineer is monitoring an active/active high availability (HA) firewall pair.

Which HA firewall state describes the firewall that is currently processing traffic?

Options:

A.

Initial

B.

Passive

C.

Active

D.

Active-primary

Buy Now
Question # 50

An engineer needs to collect User-ID mappings from the company's existing proxies.

What two methods can be used to pull this data from third party proxies? (Choose two.)

Options:

A.

Client probing

B.

Syslog

C.

XFF Headers

D.

Server Monitoring

Buy Now
Question # 51

A network security engineer is going to enable Zone Protection on several security zones How can the engineer ensure that Zone Protection events appear in the firewall's logs?

Options:

A.

Select the check box "Log packet-based attack events" in the Zone Protection profile

B.

No action is needed Zone Protection events appear in the threat logs by default

C.

Select the check box "Log Zone Protection events" in the Content-ID settings of the firewall

D.

Access the CLI in each firewall and enter the command set system setting additional-threat-log on

Buy Now
Question # 52

Which two scripting file types require direct upload to the Advanced WildFire portal/API for analysis? (Choose two.)

Options:

A.

Ps1

B.

Perl

C.

Python

D.

VBS

Buy Now
Question # 53

An engineer decides to use Panorama to upgrade devices to PAN-OS 10.2.

Which three platforms support PAN-OS 10.2? (Choose three.)

Options:

A.

PA-220

B.

PA-800 Series

C.

PA-5000 Series

D.

PA-500

E.

PA-3400 Series

Buy Now
Exam Code: PCNSE
Exam Name: Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0
Last Update: Feb 23, 2025
Questions: 294
PCNSE pdf

PCNSE PDF

$25.5  $84.99
PCNSE Engine

PCNSE Testing Engine

$28.5  $94.99
PCNSE PDF + Engine

PCNSE PDF + Testing Engine

$40.5  $134.99