Summer Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

PCNSE Exam Dumps - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

Go to page:
Question # 17

In which two scenarios would it be necessary to use Proxy IDs when configuring site-to-site VPN Tunnels? (Choose two.)

A.

Firewalls which support policy-based VPNs.

B.

The remote device is a non-Palo Alto Networks firewall.

C.

Firewalls which support route-based VPNs.

D.

The remote device is a Palo Alto Networks firewall.

Full Access
Question # 18

Forwarding of which two log types is configured in Device > Log Settings? (Choose two.)

A.

Threat

B.

HIP Match

C.

Traffic

D.

Configuration

Full Access
Question # 19

How is Perfect Forward Secrecy (PFS) enabled when troubleshooting a VPN Phase 2 mismatch?

A.

Enable PFS under the IKE Gateway advanced options

B.

Enable PFS under the IPsec Tunnel advanced options

C.

Select the appropriate DH Group under the IPsec Crypto profile

D.

Add an authentication algorithm in the IPsec Crypto profile

Full Access
Question # 20

A network engineer has discovered that asymmetric routing is causing a Palo Alto Networks firewall to drop traffic. The network architecture cannot be changed to correct this.

Which two actions can be taken on the firewall to allow the dropped traffic permanently? (Choose two.)

A.

Navigate to Network > Zone Protection Click AddSelect Packet Based Attack Protection > TCP/IP Drop Set "Reject Non-syn-TCP" to No Set "Asymmetric Path" to Bypass

B.

> set session tcp-reject-non-syn no

C.

Navigate to Network > Zone Protection Click AddSelect Packet Based Attack Protection > TCP/IP Drop Set "Reject Non-syn-TCP" to Global Set "Asymmetric Path" to Global

D.

# set deviceconfig setting session tcp-reject-non-syn no

Full Access
Question # 21

Which server platforms can be monitored when a company is deploying User-ID through server monitoring in an environment with diverse directory services?

A.

Red Hat Linux, Microsoft Exchange, and Microsoft Terminal Server

B.

Novell eDirectory, Microsoft Terminal Server, and Microsoft Active Directory

C.

Red Hat Linux, Microsoft Active Directory, and Microsoft Exchange

D.

Novell eDirectory, Microsoft Exchange, and Microsoft Active Directory

Full Access
Question # 22

An engineer is deploying multiple firewalls with common configuration in Panorama.

What are two benefits of using nested device groups? (Choose two.)

A.

Inherit settings from the Shared group

B.

Inherit IPSec crypto profiles

C.

Inherit all Security policy rules and objects

D.

Inherit parent Security policy rules and objects

Full Access
Question # 23

An administrator needs to evaluate a recent policy change that was committed and pushed to a firewall device group. How should the administrator identify the configuration changes?

A.

Click Preview Changes under Push Scope

B.

Use Test Policy Match to review the policies in Panorama

C.

Review the configuration logs on the Monitor tab

D.

Context-switch to the affected firewall and use the configuration audit tool

Full Access
Question # 24

Which three items must be configured to implement application override? (Choose three )

A.

Custom app

B.

Security policy rule

C.

Application override policy rule

D.

Decryption policy rule

E.

Application filter

Full Access
Go to page: