Special Summer Discounts Limited Time 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 63r59951

PCNSE Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 10.0 Questions and Answers

Questions 4

What happens when an A/P firewall cluster synchronies IPsec tunnel security associations (SAs)?

Options:

A.

Phase 2 SAs are synchronized over HA2 links

B.

Phase 1 and Phase 2 SAs are synchronized over HA2 links

C.

Phase 1 SAs are synchronized over HA1 links

D.

Phase 1 and Phase 2 SAs are synchronized over HA3 links

Buy Now
Questions 5

The administrator for a small company has recently enabled decryption on their Palo Alto Networks firewall using a self-signed root certificate. They have also created a Forward Trust and Forward Untrust certificate and set them as such

The admin has not yet installed the root certificate onto client systems

What effect would this have on decryption functionality?

Options:

A.

Decryption will function and there will be no effect to end users

B.

Decryption will not function because self-signed root certificates are not supported

C.

Decryption will not function until the certificate is installed on client systems

D.

Decryption will function but users will see certificate warnings for each SSL site they visit

Buy Now
Questions 6

What is the best description of the HA4 Keep-Alive Threshold (ms)?

Options:

A.

the maximum interval between hello packets that are sent to verify that the HA functionality on the other firewall is operational.

B.

The time that a passive or active-secondary firewall will wait before taking over as the active or active-primary firewall

C.

the timeframe within which the firewall must receive keepalives from a cluster member to know that the cluster member is functional.

D.

The timeframe that the local firewall wait before going to Active state when another cluster member is preventing the cluster from fully synchronizing.

Buy Now
Questions 7

An administrator is using Panorama to manage me and suspects an IKE Crypto mismatch between peers, from the firewalls to Panorama. However, pre-existing logs from the firewalls are not appearing in Panorama.

Which action should be taken to enable the firewalls to send their pre-existing logs to Panorama?

Options:

A.

Export the log database.

B.

Use the import option to pull logs.

C.

Use the ACC to consolidate the logs.

D.

Use the scp logdb export command.

Buy Now
Questions 8

Before an administrator of a VM-500 can enable DoS and zone protection, what actions need to be taken?

Options:

A.

Measure and monitor the CPU consumption of the firewall data plane to ensure that each firewall is properly sized to support DoS and zone protection

B.

Create a zone protection profile with flood protection configured to defend an entire egress zone against SYN. ICMP ICMPv6, UDP. and other IP flood attacks

C.

Add a WildFire subscription to activate DoS and zone protection features

D.

Replace the hardware firewall because DoS and zone protection are not available with VM-Series systems

Buy Now
Questions 9

Where is information about packet buffer protection logged?

Options:

A.

Alert entries are in the Alarms log. Entries for dropped traffic, discarded sessions, and blocked IP address are in the Threat log

B.

All entries are in the System log

C.

Alert entries are in the System log. Entries for dropped traffic, discarded sessions and blocked IP addresses are in the Threat log

D.

All entries are in the Alarms log

Buy Now
Questions 10

An administrator analyzes the following portion of a VPN system log and notices the following issue

"Received local id 10 10 1 4/24 type IPv4 address protocol 0 port 0, received remote id 10.1.10.4/24 type IPv4 address protocol 0 port 0."

What is the cause of the issue?

Options:

A.

IPSec crypto profile mismatch

B.

IPSec protocol mismatch

C.

mismatched Proxy-IDs

D.

bad local and peer identification IP addresses in the IKE gateway

Buy Now
Questions 11

An organization wishes to roll out decryption but gets some resistance from engineering leadership regarding the guest network.

What is a common obstacle for decrypting traffic from guest devices?

Options:

A.

Guest devices may not trust the CA certificate used for the forward untrust certificate.

B.

Guests may use operating systems that can't be decrypted.

C.

The organization has no legal authority to decrypt their traffic.

D.

Guest devices may not trust the CA certificate used for the forward trust certificate.

Buy Now
Questions 12

An engineer is in the planning stages of deploying User-ID in a diverse directory services environment.

Which server OS platforms can be used for server monitoring with User-ID?

Options:

A.

Microsoft Terminal Server, Red Hat Linux, and Microsoft Active Directory

B.

Microsoft Active Directory, Red Hat Linux, and Microsoft Exchange

C.

Microsoft Exchange, Microsoft Active Directory, and Novell eDirectory

D.

Novell eDirectory, Microsoft Terminal Server, and Microsoft Active Directory

Buy Now
Questions 13

SAML SLO is supported for which two firewall features? (Choose two.)

Options:

A.

GlobalProtect Portal

B.

CaptivePortal

C.

WebUI

D.

CLI

Buy Now
Questions 14

A network-security engineer attempted to configure a bootstrap package on Microsoft Azure, but the virtual machine provisioning process failed. In reviewing the bootstrap package, the engineer only had the following directories: /config, /license and /software

Why did the bootstrap process fail for the VM-Series firewall in Azure?

Options:

A.

All public cloud deployments require the /plugins folder to support proper firewall native integrations

B.

The /content folder is missing from the bootstrap package

C.

The VM-Series firewall was not pre-registered in Panorama and prevented the bootstrap process from successfully completing

D.

The /config or /software folders were missing mandatory files to successfully bootstrap

Buy Now
Exam Code: PCNSE
Exam Name: Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 10.0
Last Update: Aug 19, 2022
Questions: 99

PDF + Testing Engine

$79.2  $175.99

Testing Engine

$59.4  $131.99
buy now PCNSE testing engine

PDF (Q&A)

$49.5  $109.99
buy now PCNSE pdf