PCNSE Exam Dumps - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

Go to page:

<< First
Prev
5
6
7
8
9
10
11
12
13
14
Next
Last >>

Question # 81

An engineer configures a new template stack for a firewall that needs to be deployed. The template stack should consist of four templates arranged according to the diagram

Which template values will be configured on the firewall If each template has an SSL/TLS Service profile configured named Management?

Values in Chicago

Values in efw01lab.chi

Values in Datacenter

Values in Global Settings

Full Access

Question # 82

A firewall administrator wants to be able at to see all NAT sessions that are going â€˜through a firewall with source NAT. Which CLI command can the administrator use?

show session all filter nat-rule-source

show running nat-rule-ippool rule "rule_name

show running nat-policy

show session all filter nat source

Full Access

Question # 83

A company is deploying User-ID in their network. The firewall team needs to have the ability to see and choose from a list of usernames and user groups directly inside the Panorama policies when creating new security rules.

How can this be achieved?

By configuring Data Redistribution Client in Panorama > Data Redistribution

By configuring User-ID group mapping in Panorama > User Identification

By configuring User-ID source device in Panorama > Managed Devices

By configuring Master Device in Panorama > Device Groups

Full Access

Question # 84

An administrator is assisting a security engineering team with a decryption rollout for inbound and forward proxy traffic. Incorrect firewall sizing is preventing the team from decrypting all of the traffic they want to decrypt. Which three items should be prioritized for decryption? (Choose three.)

Financial, health, and government traffic categories

Known traffic categories

Known malicious IP space

Public-facing servers,

Less-trusted internal IP subnets

Full Access

Question # 85

A company has recently migrated their branch office's PA-220S to a centralized Panorama. This Panorama manages a number of PA-7000 Series and PA-5200 Series devices All device group and template configuration is managed solely within Panorama

They notice that commit times have drastically increased for the PA-220S after the migration

What can they do to reduce commit times?

Disable "Share Unused Address and Service Objects with Devices" in Panorama Settings.

Update the apps and threat version using device-deployment

Perform a device group push using the "merge with device candidate config" option

Use "export or push device config bundle" to ensure that the firewall is integrated with the Panorama config.

Full Access

Question # 86

Which type of zone will allow different virtual systems to communicate with each other?

Tap

External

Virtual Wire

Tunnel

Full Access

Question # 87

How can a firewall be set up to automatically block users as soon as they are found to exhibit malicious behavior via a threat log?

Configure a dynamic address group for the addresses to be blocked with the tag "malicious." Add a Log Forwarding profile to the other policies, which adds the "malicious" tag to these addresses when logs are generated in the threat log. Under Device > User Identification > Trusted Source Address, add the condition "NOT malicious."

Configure a dynamic user group for the users to be blocked with the tag "malicious." Add a Log Forwarding profile to the other policies, which adds the "malicious" tag to these users when logs are generated in the threat log. Create policies to block traffic from this user group.

Configure the appropriate security profiles for Antivirus, Anti-Spyware, and Vulnerability Prevention, create signature policies for the relevant signatures and/or severities. Under the "Actions" tab in "Signature Policies," select "block-user."

N/A

Full Access