• Home
  • Articles
  • [Feb-2022] PCNSE Exam Dumps, PCNSE Practice Test Questions [Q57-Q80]

[Feb-2022] PCNSE Exam Dumps, PCNSE Practice Test Questions [Q57-Q80]

Share

[Feb-2022] PCNSE Exam Dumps, PCNSE Practice Test Questions

Attested PCNSE Dumps PDF Resource [2022]

NEW QUESTION 57
What are three valid actions in a File Blocking Profile? (Choose three)

  • A. Block
  • B. Continue
  • C. Reset-both
  • D. Forward
  • E. Alret
  • F. Upload

Answer: A,D,E

Explanation:
Explanation: https://live.paloaltonetworks.com/t5/Configuration-Articles/File-Blocking- Rulebase-and-Action-Precedence/ta-p/53623

 

NEW QUESTION 58
Refer to the exhibit.

Which will be the egress interface if the traffic's ingress interface is ethernet 1/7 sourcing from
192.168.111.3 and to the destination 10.46.41.113?

  • A. ethernet1/3
  • B. ethernet1/6
  • C. ethernet1/5
  • D. ethernet1/7

Answer: C

 

NEW QUESTION 59
A speed/duplex negotiation mismatch is between the Palo Alto Networks management port and the switch port which it connects. How would an administrator configure the interface to 1Gbps?

  • A. set deviceconfig system speed-duplex 1Gbps-full-duplex
  • B. set deviceconfig interface speed-duplex 1Gbps-full-duplex
  • C. set deviceconfig Interface speed-duplex 1Gbps-half-duplex
  • D. set deviceconfig system speed-duplex 1Gbps-duplex

Answer: A

Explanation:
Reference:
user@PA# set deviceconfig system speed-duplex 100Mbps-full-duplex 100Mbps-full-duplex 100Mbps-half-duplex 100Mbps-half-duplex 10Mbps-full-duplex 10Mbps-full-duplex 10Mbps-half-duplex 10Mbps-half-duplex 1Gbps-full-duplex 1Gbps-full-duplex 1Gbps-half-duplex 1Gbps-half-duplex auto-negotiate auto-negotiate

 

NEW QUESTION 60
A firewall administrator is troubleshooting problems with traffic passing through the Palo Alto Networks firewall. Which method shows the global counters associated with the traffic after configuring the appropriate packet filters?

  • A. From the CLI, issue the show counter global filter packet-filter yes command.
  • B. From the GUI, select show global counters under the monitor tab.
  • C. From the CLI, issue the show counter global filter pcap yes command.
  • D. From the CLI, issue the show counter interface command for the ingress interface.

Answer: A

Explanation:
You can check global counters for a specific source and destination IP addresses by setting a packet filter. We recommend that you use the global counter command with a packet filter to get specific traffic outputs. These outputs will help isolate the issue between two peers.
Use the following CLI command to show when traffic is passing through the Palo Alto Networks firewall from that source to destination.
> show counter global filter packet-filter yes delta yes
Global counters:
Elapsed time since last sampling: 20.220 seconds
name value rate severity category aspect description
-------------------------------------------------------------------------------- pkt_recv 6387398 4 info packet pktproc Packets received pkt_recv_zero 370391 0 info packet pktproc Packets received from QoS 0 Etc.
https://live.paloaltonetworks.com/t5/Management-Articles/How-to-check-global-counters-for-a- specific-source-and/ta-p/65794

 

NEW QUESTION 61
Which Public Key infrastructure component is used to authenticate users for GlobalProtect when the Connect Method is set to pre-logon?

  • A. Machine certificate
  • B. Online Certificate Status Protocol
  • C. Certificate revocation list
  • D. Trusted root certificate

Answer: A

Explanation:
The GlobalProtect pre-logon connect method is a feature that enables GlobalProtect to authenticate the agent and establish the VPN tunnel to the GlobalProtect gateway using a pre- installed machine certificate before the user has logged in.
https://www.paloaltonetworks.com/documentation/60/globalprotect/global_protect_6-0/globalprotect-quick-configs/remote-access-vpn-with-pre-logon

 

NEW QUESTION 62
Refer to Exhibit:


A firewall has three PDF rules and a default route with a next hop of 172.29.19.1 that is configured in the default VR. A user named XX-bes a PC with a 192.168.101.10 IP address.
He makes an HTTPS connection to 172.16.10.29.
What is the next hop IP address for the HTTPS traffic from Wills PC.

  • A. 172.20.30.1
  • B. 172.20.10.1
  • C. 172.20.20.1
  • D. 172.20.40.1

Answer: C

 

NEW QUESTION 63
Which four NGFW multi-factor authentication factors are supported by PAN-OS? (Choose four.)

  • A. One-Time Password
  • B. Short message service
  • C. Push
  • D. User logon
  • E. SSH key
  • F. Voice

Answer: A,B,C,F

Explanation:
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/authentication/authentication-types/multi-factor-authentication

 

NEW QUESTION 64
A company needs to preconfigure firewalls to be sent to remote sites with the least amount of reconfiguration. Once deployed, each firewall must establish secure tunnels back to multiple regional data centers to include the future regional data centers.
Which VPN configuration would adapt to changes when deployed to the future site?

  • A. Preconfigured GlobalProtect client
  • B. Preconfigured PPTP Tunnels
  • C. Preconfigured PIsec tunnels
  • D. Preconfigured GlobalProtect satellite

Answer: D

 

NEW QUESTION 65
Which three firewall states are valid? (Choose three.)

  • A. Pending
  • B. Suspended
  • C. Active
  • D. Functional
  • E. Passive

Answer: B,C,E

Explanation:
Explanation/Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/high-availability/ha-firewall- states

 

NEW QUESTION 66
Site-A and Site-B have a site-to-site VPN set up between them. OSPF is configured to dynamically create the routes between the sites. The OSPF configuration in Site-A is configured properly, but the route for the tunner is not being established. The Site-B interfaces in the graphic are using a broadcast Link Type. The administrator has determined that the OSPF configuration in Site-B is using the wrong Link Type for one of its interfaces.

Which Link Type setting will correct the error?

  • A. Set tunnel. 1 to p2mp
  • B. Set tunnel. 1 to p2p
  • C. Set Ethernet 1/1 to p2p
  • D. Set Ethernet 1/1 to p2mp

Answer: B

 

NEW QUESTION 67
Which type of interface does a firewall use to forward decrypted traffic to a security chain for inspection?

  • A. Tap
  • B. Layer 2
  • C. Layer 3
  • D. Decryption Mirror

Answer: D

 

NEW QUESTION 68
In a firewall, which three decryption methods are valid? (Choose three )

  • A. SSL Inbound Inspection
  • B. SSL Inbound Proxy
  • C. SSL Outbound Proxyless Inspection
  • D. Decryption Mirror
  • E. SSH Proxy

Answer: A,D,E

 

NEW QUESTION 69
Which CLI command is used to simulate traffic going through the firewall and determine which Security policy rule, NAT translation, static route, or PBF rule will be triggered by the traffic?

  • A. check
  • B. find
  • C. sim
  • D. test

Answer: D

Explanation:
Explanation/Reference: http://www.shanekillen.com/2014/02/palo-alto-useful-cli-commands.html

 

NEW QUESTION 70
Exhibit:

What will be the egress interface if the traffic's ingress interface is ethernet1/6 sourcing from 192.168.111.3 and to the destination 10.46.41.113 during the time shown in the image?

  • A. ethernet1/3
  • B. ethernet1/6
  • C. ethernet1/5
  • D. ethernet1/7

Answer: A

 

NEW QUESTION 71
Which version of GlobalProtect supports split tunneling based on destination domain, client process, and HTTP/HTTPS video streaming application?

  • A. GlobalProtect version 4.1 with PAN-OS 8.1
  • B. GlobalProtect version 4.1 with PAN-OS 8.0
  • C. GlobalProtect version 4.0 with PAN-OS 8.1
  • D. GlobalProtect version 4.0 with PAN-OS 8.0

Answer: A

 

NEW QUESTION 72
Exhibit:

What will be the egress interface if the traffic's ingress interface is ethernet1/6 sourcing from
192.168.111.3 and to the destination 10.46.41.113 during the time shown in the image?

  • A. ethernet1/3
  • B. ethernet1/6
  • C. ethernet1/5
  • D. ethernet1/7

Answer: A

 

NEW QUESTION 73
Which User-ID method maps IP addresses to usernames for users connecting through an 802.1x-enabled wireless network device that has no native integration with PAN-OS® software?

  • A. XML API
  • B. Client Probing
  • C. Port Mapping
  • D. Server Monitoring

Answer: A

Explanation:
https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/user-id/user-id-concepts

 

NEW QUESTION 74
An administrator needs to optimize traffic to prefer business-critical applications over non-critical applications.
QoS natively integrates with which feature to provide service quality?

  • A. Port Inspection
  • B. Content-ID
  • C. App-ID
  • D. Certificate revocation

Answer: C

Explanation:
Explanation/Reference:
Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/quality-of-service/qos-for- applications-and-users

 

NEW QUESTION 75
Decrypted packets from the website https://www.microsoft.com will appear as which application and service within the Traffic log?

  • A. web-browsing and 80
    We know that SSL decryption is supposed to give us visibility of traffic that would otherwise be encrypted. Therefore, we'd expect decrypted traffic to be identified as the underlying applications, such as web-browsing, facebook-base or other, but not as SSL.
  • B. SSL and 443
  • C. web-browsing and 443
  • D. SSL and 80

Answer: C

 

NEW QUESTION 76
The certificate information displayed in the following image is for which type of certificate?

  • A. Public CA signed certificate
  • B. Self-Signed Root CA certificate
  • C. Forward Trust certificate
  • D. Web Server certificate

Answer: B

 

NEW QUESTION 77
Which CLI command enables an administrator to check the CPU utilization of the dataplane?

  • A. show running resource-monitor
  • B. debug running resources
  • C. show system resources
  • D. debug data-plane dp-cpu

Answer: A

Explanation:
Explanation
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClXwCAK

 

NEW QUESTION 78
What is exchanged through the HA2 link?

  • A. HA state information
  • B. session synchronization
  • C. User-ID information
  • D. hello heartbeats

Answer: B

Explanation:
Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/high- availability/ha-links-and-backup-links

 

NEW QUESTION 79
Which two methods can be used to verify firewall connectivity to AutoFocus? (Choose two.)

  • A. Verify AutoFocus is enabled below Device Management tab.
  • B. Check the license
  • C. Check the WebUI Dashboard AutoFocus widget.
  • D. Check for WildFire forwarding logs.
  • E. Verify AutoFocus status using CLI "test" command.

Answer: A,B

Explanation:
Explanation/Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/getting-started/enable- autofocus-threat-intelligence

 

NEW QUESTION 80
......

Latest PCNSE Actual Free Exam Questions Updated 394 Questions: https://examsboost.actualpdf.com/PCNSE-real-questions.html

Related Articles

more
Palo Alto Networks PCNSE Certification Practice Exam