palo alto networks PCNSE Exam Questions

Questions for the PCNSE were updated on : Jun 07 ,2024

Page 1 out of 57. Viewing questions 1-10 out of 565

Question 1

Which firewall feature do you need to configure to query Palo Alto Networks service updates over a data-plane interface instead of the management interface?

  • A. service route
  • B. data redistribution
  • C. SNMP setup
  • D. dynamic updates
Answer:

b

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

Which steps should an engineer take to forward system logs to email?

  • A. Create a new email profile under Device > server profiles; then navigate to Device > Log Settings > System and add the email profile under email.
  • B. Enable log forwarding under the email profile in the Objects tab.
  • C. Create a new email profile under Device > server profiles; then navigate to Objects > Log Forwarding profile > set log type to system and the add email profile.
  • D. Enable log forwarding under the email profile in the Device tab.
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

What are three reasons for excluding a site from SSL decryption? (Choose three.)

  • A. the website is not present in English
  • B. unsupported ciphers
  • C. certificate pinning
  • D. unsupported browser version
  • E. mutual authentication
Answer:

bce

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%

Reference:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/decryption/decryption-exclusions/exclude-a-server-from-decryption

Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 4

Which logs enable a firewall administrator to determine whether a session was decrypted?

  • A. Traffic
  • B. Security Policy
  • C. Decryption
  • D. Correlated Event
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

Which Palo Alto Networks VM-Series firewall is valid?

  • A. VM-25
  • B. VM-800
  • C. VM-50
  • D. VM-400
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference:
https://www.paloaltonetworks.com/products/secure-the-network/virtualized-next-generation-firewall/vm-series

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

Which three firewall states are valid? (Choose three.)

  • A. Active
  • B. Functional
  • C. Pending
  • D. Passive
  • E. Suspended
Answer:

ade

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%

Reference:
https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/high-availability/ha-firewall-states

Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 7

Which GlobalProtect gateway setting is required to enable split-tunneling by access route, destination domain, and application?

  • A. Satellite mode
  • B. Tunnel mode
  • C. No Direct Access to local networks
  • D. IPSec mode
Answer:

b

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Which is not a valid reason for receiving a decrypt-cert-validation error?

  • A. Unsupported HSM
  • B. Unknown certificate status
  • C. Client authentication
  • D. Untrusted issuer
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference:
https://www.paloaltonetworks.com/documentation/71/pan-os/newfeaturesguide/networking-features/ssl-ssh-session-end-reasons

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

A network-security engineer attempted to configure a bootstrap package on Microsoft Azure, but the virtual machine provisioning process failed. In reviewing the bootstrap package, the engineer only had the following directories: /config, /license and /software. Why did the bootstrap process fail for the VM-Series firewall in
Azure?

  • A. All public cloud deployments require the /plugins folder to support proper firewall native integrations
  • B. The VM-Series firewall was not pre-registered in Panorama and prevented the bootstrap process from successfully completing
  • C. The /config or /software folders were missing mandatory files to successfully bootstrap
  • D. The /content folder is missing from the bootstrap package
Answer:

d

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

A firewall administrator needs to check which egress interface the firewall will use to route the IP 10.2.5.3.

Which command should they use?

  • A. test routing fib-lookup ip 10.2.5.0/24 virtual-router default
  • B. test routing route ip 10.2.5.3
  • C. test routing route ip 10.2.5.3 virtual-router default
  • D. test routing fib-lookup ip 10.2.5.3 virtual-router default
Answer:

d

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2