• Home
  • Articles
  • [Sep-2021] PCNSE Dumps Full Questions - PCNSE Exam Study Guide [Q10-Q25]

[Sep-2021] PCNSE Dumps Full Questions - PCNSE Exam Study Guide [Q10-Q25]

Share

[Sep-2021] PCNSE Dumps Full Questions - PCNSE Exam Study Guide

Exam Questions and Answers for  PCNSE Study Guide

NEW QUESTION 10
Refer to the exhibit.

Which certificates can be used as a Forwarded Trust certificate?

  • A. Domain Sub-CA
  • B. Certificate from Default Trust Certificate Authorities
  • C. Forward_Trust
  • D. Domain-Root-Cert

Answer: B

 

NEW QUESTION 11
A network security engineer has a requirement to allow an external server to access an internal web server.
The internal web server must also initiate connections with the external server.
What can be done to simplify the NAT policy?

  • A. Configure a NAT Policy rule with Dynamic IP and Port
  • B. Create a new Source NAT Policy rule that matches the existing traffic and enable the Bi-directional option
  • C. Create a new Destination NAT Policy rule that matches the existing traffic and enable the Bi- directional option
  • D. Configure ECMP to handle matching NAT traffic

Answer: B

Explanation:
https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/networking/nat-configuration-examples

 

NEW QUESTION 12
An administrator needs to determine why users on the trust zone cannot reach certain websites. The only information available is shown on the following image. Which configuration change should the administrator make?
A)

B)
C)

D)

E)

  • A. Option A
  • B. Option D
  • C. Option B
  • D. Option C
  • E. Option E

Answer: B

 

NEW QUESTION 13
Where can an administrator see both the management plane and data plane CPU utilization in the WebUI?

  • A. Resources widget
  • B. CPU Utilization widget
  • C. System log
  • D. System Utilization log
    System Resources (widget) Displays the Management CPU usage, Data Plane usage, and the Session Count (the number of sessions established through the firewall or Panorama). https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-web-interface-help/dashboard/dashboard-widgets#

Answer: A

 

NEW QUESTION 14
Refer to the exhibit.

Which certificates can be used as a Forwarded Trust certificate?

  • A. Certificate from Default Trust Certificate Authorities
  • B. Forward_Trust
  • C. Domain Sub-CA
  • D. Domain-Root-Cert

Answer: C

 

NEW QUESTION 15
An engineer must configure a new SSL decryption deployment
Which profile or certificate is required before any traffic that matches an SSL decryption rule is decrypted?

  • A. A Decryption profile must be attached to the Security policy that the traffic matches
  • B. A Decryption profile must be attached to the Decryption policy that the traffic matches
  • C. There must be a certificate with only the Forward Trust option selected
  • D. There must be a certificate with both the Forward Trust option and Forward Untrust option selected

Answer: D

 

NEW QUESTION 16
Which four NGFW multi-factor authentication factors are supported by PAN-OS? (Choose four.)

  • A. Short message service
  • B. Voice
  • C. Push
  • D. One-Time Password
  • E. SSH key
  • F. User logon

Answer: A,B,C,D

Explanation:
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/authentication/configure- multi-factor-authentication

 

NEW QUESTION 17
Only two Trust to Untrust allow rules have been created in the Security policy Rule1 allows google-base Rule2 allows youtube-base The youtube-base App-ID depends on google-base to function. The google-base App-ID implicitly uses SSL and web-browsing. When user try to accesss https://www.youtube.com in a web browser, they get an error indecating that the server cannot be found.
Which action will allow youtube.com display in the browser correctly?

  • A. Add the Web-browsing App-ID to Rule2
  • B. Create an additional Trust to Untrust Rule, add the web-browsing, and SSL App-ID's to it
  • C. Add SSL App-ID to Rule1
  • D. Add the DNS App-ID to Rule2

Answer: D

 

NEW QUESTION 18
SD-WAN is designed to support which two network topology types? (Choose two.)

  • A. ring
  • B. full-mesh
  • C. point-to-point
  • D. hub-and-spoke

Answer: B,D

Explanation:
http://www.paloguard.com/datasheets/sd-wan.pdf

 

NEW QUESTION 19
Which Zone Pair and Rule Type will allow a successful connection for a user on the internet zone to a web server hosted in the DMZ zone? The web server is reachable using a destination Nat policy in the Palo Alto Networks firewall.

  • A. Zone Pair:
    Source Zone: Internet
    Destination Zone: Internet
    Rule Type:
    "intrazone" or "universal"
  • B. Zone Pair:
    Source Zone: Internet
    Destination Zone: DMZ
    Rule Type:
    "intrazone"
  • C. Zone Pair:
    Source Zone: Internet
    Destination Zone: Internet
    Rule Type:
    "intrazone"
  • D. Zone Pair:
    Source Zone: Internet
    Destination Zone: DMZ
    Rule Type:
    "intrazone" or "universal"

Answer: D

 

NEW QUESTION 20
Refer to the exhibit.

Which will be the egress interface if the traffic's ingress interface is ethernet 1/7 sourcing from
192.168.111.3 and to the destination 10.46.41.113?

  • A. ethernet1/5
  • B. ethernet1/3
  • C. ethernet1/7
  • D. ethernet1/6

Answer: A

 

NEW QUESTION 21
Panorama provides which two SD-WAN functions? (Choose two.)

  • A. data plane
  • B. network monitoring
  • C. control plane
  • D. physical network links

Answer: A,C

Explanation:
Explanation/Reference:

 

NEW QUESTION 22
A network Administrator needs to view the default action for a specific spyware signature.
The administrator follows the tabs and menus through Objects> Security Profiles> Anti- Spyware and select default profile.
What should be done next?

  • A. Click the Rules tab and then look for rules with "default" in the Action column.
  • B. Click the Exceptions tab and then click show all signatures.
  • C. View the default actions displayed in the Action column.
  • D. Click the simple-critical rule and then click the Action drop-down list.

Answer: B

 

NEW QUESTION 23
An administrator deploys PA-500 NGFWs as an active/passive high availability pair. The devices are not participating in dynamic routing and preemption is disabled.
What must be verified to upgrade the firewalls to the most recent version of PAN-OS software?

  • A. Anti virus update package
  • B. Wildfire update package
  • C. Application and Threats update package
  • D. User-ID agent

Answer: C

Explanation:
Explanation : Dependencies : Before upgrade, make sure the firewall is running a version of app + threat (content version) that meets the minimum requirement of the new PAN-OS Upgrade.
https://live.paloaltonetworks.com/t5/Featured-Articles/Best-Practices-for-PAN-OS-Upgrade/ta-p/111045

 

NEW QUESTION 24
How does Panorama handle incoming logs when it reaches the maximum storage capacity?

  • A. Panorama discards incoming logs when storage capacity full.
  • B. Panorama stops accepting logs until a reboot to clean storage space.
  • C. Panorama stops accepting logs until licenses for additional storage space are applied
  • D. Panorama automatically deletes older logs to create space for new ones.

Answer: D

Explanation:
When Panorama reaches the maximum capacity, it automatically deletes older logs to create space for new ones.
https://www.paloaltonetworks.com/documentation/70/panorama/panorama_adminguide/set-up- panorama/determine-panorama-log-storage-requirements

 

NEW QUESTION 25
......

Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 10.0 Free Update With 100% Exam Passing Guarantee: https://www.actualvce.com/Palo-Alto-Networks/PCNSE-valid-vce-dumps.html

Real Exam Questions & Answers - Palo Alto Networks PCNSE Dump is Ready: https://drive.google.com/open?id=1gkhp0WZ9vlw8-tesAaQtN2rbCv8VKfBY

Related Articles

more
Palo Alto Networks PCNSE Certification Practice Exam