Weekend Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

PCNSE Exam Dumps - Paloalto Networks Palo Alto Certifications and Accreditations Questions and Answers

Question # 74

A network security administrator has an environment with multiple forms of authentication. There is a network access control system in place that authenticates and restricts access for wireless users, multiple Windows domain controllers, and an MDM solution for company-provided smartphones. All of these devices have their authentication events logged.

Given the information, what is the best choice for deploying User-ID to ensure maximum coverage?

Options:

A.

Captive portal

B.

Standalone User-ID agent

C.

Syslog listener

D.

Agentless User-ID with redistribution

Buy Now
Question # 75

Which operation will impact the performance of the management plane?

Options:

A.

Decrypting SSL sessions

B.

Generating a SaaS Application report

C.

Enabling DoS protection

D.

Enabling packet buffer protection

Buy Now
Question # 76

Exhibit.

An organization has Palo Alto Networks NGFWs that send logs to remote monitoring and security management platforms The network team has reported excessive traffic on the corporate WAN How could the Palo Alto Networks NGFW administrator reduce WAN traffic while maintaining support for all the existing monitoring/security platforms?

Options:

A.

Any configuration on an M-500 would address the insufficient bandwidth concerns

B.

Forward logs from external sources to Panorama for correlation, and from Panorama send them to the NGFW

C.

Configure log compression and optimization features on all remote firewalls

D.

Forward logs from firewalls only to Panorama and have Panorama forward logs to other external services.

Buy Now
Question # 77

An administrator wants to configure the Palo Alto Networks Windows User-D agent to map IP addresses to u: ‘The company uses four Microsoft Active ‘servers and two Microsoft Exchange servers, which can provide logs for login events. All six servers have IP addresses assigned from the following subnet: 192.168.28.32/27. The Microsoft Active Directory in 192.168.28.22/128, and the Microsoft Exchange reside in 192,168.28 48/28. What the 0 the User

Options:

A.

network 192.168.28.32/28 with server type Microsoft Active Directory and network 192.168.28.40/28 Exchange

B.

network 192.188 28 32/27 with server type Microsoft

C.

one IP address of a Microsoft Active Directory server and “Auto Discover” enabled to automatically obtain all five of the other servers

D.

the IP-address and corresponding server type (Microsoft Active Directory or Microsoft Exchange) for each of the six servers

Buy Now
Question # 78

Which conditions must be met when provisioning a high availability (HA) cluster? (Choose two.)

Options:

A.

HA cluster members must share the same zone names.

B.

Dedicated HA communication interfaces for the cluster must be used over HSCI interfaces

C.

Panorama must be used to manage HA cluster members.

D.

HA cluster members must be the same firewall model and run the same PAN-OS version.

Buy Now
Question # 79

A firewall engineer creates a source NAT rule to allow the company's internal private network 10.0.0.0/23 to access the internet. However, for security reasons, one server in that subnet (10.0.0.10/32) should not be allowed to access the internet, and therefore should not be translated with the NAT rule.

Which set of steps should the engineer take to accomplish this objective?

Options:

A.

1. Create a source NAT rule (NAT-Rule-1) to translate 10.0.0/23 with source address translation set to dynamic IP and port.

2. Create another NAT rule (NAT-Rule-2) with source IP address in the original packet set to 10.0.0.10/32 and source translation set to none.

3. Place (NAT-Rule-1) above (NAT-Rule-2).

B.

1- Create a NAT rule (NAT-Rule-1) and set the source address in the original packet to 10.0.0.0/23.

2. Check the box for negate option to negate this IP subnet from NAT translation.

C.

1. Create a source NAT rule (NAT-Rule-1) to translate 10.0.0/23 with source address translation set to dynamic IP and port.

2. Create another NAT rule (NAT-Rule-2) with source IP address in the original packet set to 10.0.0.10/32 and source translation set to none.

3. Place (NAT-Rule-2) above (NAT-Rule-1).

D.

1. Create a NAT rule (NAT-Rule-1) and set the source address in the original packet to 10.0.0.10/32.

2. Check the box for negate option to negate this IP from the NAT translation.

Buy Now
Question # 80

An organization wants to begin decrypting guest and BYOD traffic.

Which NGFW feature can be used to identify guests and BYOD users, instruct them how to download and install the CA certificate, and clearly notify them that their traffic will be decrypted?

Options:

A.

Authentication Portal

B.

SSL Decryption profile

C.

SSL decryption policy

D.

comfort pages

Buy Now
Question # 81

A network security administrator has been tasked with deploying User-ID in their organization.

What are three valid methods of collecting User-ID information in a network? (Choose three.)

Options:

A.

Windows User-ID agent

B.

GlobalProtect

C.

XMLAPI

D.

External dynamic list

E.

Dynamic user groups

Buy Now
Question # 82

Which GloDalProtecI gateway setting is required to enable split-tunneting by access route, destination domain and application?

Options:

A.

Tunnel mode

B.

Satellite mode

C.

IPSec mode

D.

No Direct Access to local networks

Buy Now
Question # 83

What would allow a network security administrator to authenticate and identify a user with a new BYOD-type device that is not joined to the corporate domain?

Options:

A.

an Authentication policy with 'unknown' selected in the Source User field

B.

an Authentication policy with 'known-user' selected in the Source User field

C.

a Security policy with 'known-user' selected in the Source User field

D.

a Security policy with 'unknown' selected in the Source User field

Buy Now
Exam Code: PCNSE
Exam Name: Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0
Last Update: Feb 23, 2025
Questions: 294
PCNSE pdf

PCNSE PDF

$25.5  $84.99
PCNSE Engine

PCNSE Testing Engine

$28.5  $94.99
PCNSE PDF + Engine

PCNSE PDF + Testing Engine

$40.5  $134.99