Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

PCNSE Exam Dumps - Paloalto Networks Palo Alto Certifications and Accreditations Questions and Answers

Question # 64

What happens, by default, when the GlobalProtect app fails to establish an IPSec tunnel to the GlobalProtect gateway?

Options:

A.

It tries to establish a tunnel to the GlobalProtect portal using SSL/TLS.

B.

It stops the tunnel-establishment processing to the GlobalProtect gateway immediately.

C.

It tries to establish a tunnel to the GlobalProtect gateway using SSL/TLS.

D.

It keeps trying to establish an IPSec tun£el to the GlobalProtect gateway.

Buy Now
Question # 65

An engineer troubleshooting a VPN issue needs to manually initiate a VPN tunnel from the CLI Which CLI command can the engineer use?

Options:

A.

test vpn ike-sa

B.

test vpn gateway

C.

test vpn flow

D.

test vpn tunnel

Buy Now
Question # 66

An administrator wants to configure the Palo Alto Networks Windows User-D agent to map IP addresses to u: ‘The company uses four Microsoft Active ‘servers and two Microsoft Exchange servers, which can provide logs for login events. All six servers have IP addresses assigned from the following subnet: 192.168.28.32/27. The Microsoft Active Directory in 192.168.28.22/128, and the Microsoft Exchange reside in 192,168.28 48/28. What the 0 the User

Options:

A.

network 192.168.28.32/28 with server type Microsoft Active Directory and network 192.168.28.40/28 Exchange

B.

network 192.188 28 32/27 with server type Microsoft

C.

one IP address of a Microsoft Active Directory server and “Auto Discover” enabled to automatically obtain all five of the other servers

D.

the IP-address and corresponding server type (Microsoft Active Directory or Microsoft Exchange) for each of the six servers

Buy Now
Question # 67

All firewall at a company are currently forwarding logs to Palo Alto Networks log collectors. The company also wants to deploy a sylog server and forward all firewall logs to the syslog server and to the log collectors. There is known logging peak time during the day, and the security team has asked the firewall engineer to determined how many logs per second the current Palo Alto Networking log processing at that particular time. Which method is the most time-efficient to complete this task?

Options:

A.

Navigate to Panorama > Managed Collectors, and open the Statistics windows for each Log Collector during the peak time.

B.

Navigate to Monitor > Unified logs, set the filter to the peak time, and browse to the last page to find out how many logs have been received.

C.

Navigate to Panorama> Managed Devices> Health, open the Logging tab for each managed firewall and check the log rates during the peak time.

D.

Navigate to ACC> Network Activity, and determine the total number of sessions and threats during the peak time.

Buy Now
Question # 68

What would allow a network security administrator to authenticate and identify a user with a new BYOD-type device that is not joined to the corporate domain?

Options:

A.

an Authentication policy with 'unknown' selected in the Source User field

B.

an Authentication policy with 'known-user' selected in the Source User field

C.

a Security policy with 'known-user' selected in the Source User field

D.

a Security policy with 'unknown' selected in the Source User field

Buy Now
Question # 69

What should an engineer consider when setting up the DNS proxy for web proxy?

Options:

A.

A secondary DNS server in the DNS proxy is optional, and configuration commit to the firewall will succeed with only one DNS server.

B.

A maximum of two FQDNs can be mapped to an IP address in the static entries for DNS proxy.

C.

DNS timeout for web proxy can be configured manually, and it should be set to the highest value possible.

D.

Adjust the UDP queries for the DNS proxy to allow both DNS servers to be tried within 20 seconds.

Buy Now
Question # 70

Given the following configuration, which route is used for destination 10 10 0 4?

Options:

A.

Route 2

B.

Route 3

C.

Route 1

D.

Route 4

Buy Now
Question # 71

What are three prerequisites for credential phishing prevention to function? (Choose three.)

Options:

A.

In the URL filtering profile, use the drop-down list to enable user credential detection.

B.

Enable Device-ID in the zone.

C.

Select the action for Site Access for each category.

D.

Add the URL filtering profile to one or more Security policy rules.

E.

Set phishing category to block in the URL Filtering profile.

Buy Now
Question # 72

A network engineer troubleshoots a VPN Phase 2 mismatch and decides that PFS (Perfect Forward Secrecy) needs to be enabled. What action should the engineer take?

Options:

A.

Enable PFS under the IKE gateway advanced options.

B.

Enable PFS under the IPSec Tunnel advanced options.

C.

Add an authentication algorithm in the IPSec Crypto profile.

D.

Select the appropriate DH Group under the IPSec Crypto profile.

Buy Now
Question # 73

An enterprise network security team is deploying VM-Series firewalls in a multi-cloud environment. Some firewalls are deployed in VMware NSX-V, while others are in AWS, and all are centrally managed using Panorama with the appropriate plugins installed. The team wants to streamline policy management by organizing the firewalls into device groups in which the AWS-based firewalls act as a parent device group, while the NSX-V firewalls are configured as a child device group to inherit Security policies. However, after configuring the device group hierarchy and attempting to push configurations, the team receives errors, and policy inheritance is not functioning as expected. What is the most likely cause of this issue?

Options:

A.

Panorama must use the same plugin version numbers for both AWS and NSX-V environments before device group inheritance can function properly

B.

Panorama requires the objects to be overridden in the child device group before firewalls in different hypervisors can inherit Security policies

C.

Panorama by default does not allow different hypervisors in parent/child device groups, but this can be overridden with the command "set device-group allow-multi-hypervisor enable"

D.

Panorama does not support policy inheritance across device groups containing firewalls deployed in different hypervisors when using multiple plugins

Buy Now
Exam Code: PCNSE
Exam Name: Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0
Last Update: Apr 1, 2025
Questions: 334
PCNSE pdf

PCNSE PDF

$25.5  $84.99
PCNSE Engine

PCNSE Testing Engine

$28.5  $94.99
PCNSE PDF + Engine

PCNSE PDF + Testing Engine

$40.5  $134.99