Summer Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

PCNSE Exam Dumps - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

Go to page:
Question # 73

An administrator is assisting a security engineering team with a decryption rollout for inbound and forward proxy traffic. Incorrect firewall sizing is preventing the team from decrypting all of the traffic they want to decrypt. Which three items should be prioritized for decryption? (Choose three.)

A.

Financial, health, and government traffic categories

B.

Known traffic categories

C.

Known malicious IP space

D.

Public-facing servers,

E.

Less-trusted internal IP subnets

Full Access
Question # 74

A root cause analysis investigation into a recent security incident reveals that several decryption rules have been disabled. The security team wants to generate email alerts when decryption rules are changed.

How should email log forwarding be configured to achieve this goal?

A.

With the relevant configuration log filter inside Device > Log Settings

B.

With the relevant system log filter inside Objects > Log Forwarding

C.

With the relevant system log filter inside Device > Log Settings

D.

With the relevant configuration log filter inside Objects > Log Forwarding

Full Access
Question # 75

In which two scenarios is it necessary to use Proxy IDs when configuring site-to-site VPN tunnels? (Choose two.)

A.

Remote device is a non-Palo Alto Networks firewall.

B.

The remote device is a Palo Alto Networks firewall.

C.

Firewalls that only support policy-based VPNs.

D.

Firewalls that only support route-based VPNs.

Full Access
Question # 76

Which two components are required to configure certificate-based authentication to the web UI when firewall access is needed on a trusted interface? (Choose two.)

A.

Server certificate

B.

Certificate Profile

C.

CA certificate

D.

SSL/TLS Service Profile

Full Access
Question # 77

An administrator troubleshoots an issue that causes packet drops.

Which log type will help the engineer verify whether packet buffer protection was activated?

A.

Data Filtering

B.

Configuration

C.

Threat

D.

Traffic

Full Access
Question # 78

Why are external zones required to be configured on a Palo Alto Networks NGFW in an environment with multiple virtual systems?

A.

To allow traffic between zones in different virtual systems without the traffic leaving the appliance

B.

To allow traffic between zones in different virtual systems while the traffic is leaving the appliance

C.

External zones are required because the same external zone can be used on different virtual systems

D.

Multiple external zones are required in each virtual system to allow the communications between virtual systems

Full Access
Question # 79

A network administrator configured a site-to-site VPN tunnel where the peer device will act as initiator None of the peer addresses are known

What can the administrator configure to establish the VPN connection?

A.

Set up certificate authentication.

B.

Use the Dynamic IP address type.

C.

Enable Passive Mode

D.

Configure the peer address as an FQDN.

Full Access
Question # 80

An administrator wants to add User-ID information for their Citrix MetaFrame Presentation Server (MPS) users.

Which option should the administrator use?

A.

Terminal Server Agent for User Mapping

B.

Windows-Based User-ID Agent

C.

PAN-OS Integrated User-ID Agent

D.

PAN-OS XML API

Full Access
Go to page: