Questions for the PCNSE were updated on : Jul 20 ,2024
Which firewall feature do you need to configure to query Palo Alto Networks service updates over a data-plane interface instead of the management interface?
b
Which steps should an engineer take to forward system logs to email?
a
What are three reasons for excluding a site from SSL decryption? (Choose three.)
bce
Reference:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/decryption/decryption-exclusions/exclude-a-server-from-decryption
Which logs enable a firewall administrator to determine whether a session was decrypted?
a
Which Palo Alto Networks VM-Series firewall is valid?
c
Reference:
https://www.paloaltonetworks.com/products/secure-the-network/virtualized-next-generation-firewall/vm-series
Which three firewall states are valid? (Choose three.)
ade
Reference:
https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/high-availability/ha-firewall-states
Which GlobalProtect gateway setting is required to enable split-tunneling by access route, destination domain, and application?
b
Which is not a valid reason for receiving a decrypt-cert-validation error?
a
Reference:
https://www.paloaltonetworks.com/documentation/71/pan-os/newfeaturesguide/networking-features/ssl-ssh-session-end-reasons
A network-security engineer attempted to configure a bootstrap package on Microsoft Azure, but the virtual machine provisioning process failed. In reviewing the bootstrap package, the engineer only had the following directories: /config, /license and /software. Why did the bootstrap process fail for the VM-Series firewall in
Azure?
d
A firewall administrator needs to check which egress interface the firewall will use to route the IP 10.2.5.3.
Which command should they use?
d