Summer Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

PCNSE Exam Dumps - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

Go to page:
Question # 25

An engineer is monitoring an active/active high availability (HA) firewall pair.

Which HA firewall state describes the firewall that is currently processing traffic?

A.

Initial

B.

Passive

C.

Active

D.

Active-primary

Full Access
Question # 26

An engineer configures SSL decryption in order to have more visibility to the internal users' traffic when it is regressing the firewall.

Which three types of interfaces support SSL Forward Proxy? (Choose three.)

A.

High availability (HA)

B.

Layer 3

C.

Layer 2

D.

Tap

E.

Virtual Wire

Full Access
Question # 27

Panorama is being used to upgrade the PAN-OS version on a pair of firewalls in an active/passive high availability (HA) configuration. The Palo Alto Networks best practice upgrade steps have been completed in Panorama (Panorama upgraded, backups made, content updates, and disabling "Preemptive" pushed), and the firewalls are ready for upgrade. What is the next best step to minimize downtime and ensure a smooth transition?

A.

Upgrade both HA peers at the same time using Panorama’s "Group HA Peers" option to ensure version consistency

B.

Suspend the active firewall, upgrade it first, and reboot to verify it comes back online before upgrading the passive peer

C.

Perform the upgrade on the active firewall first while keeping the passive peer online to maintain failover capability

D.

Upgrade only the passive peer first, reboot it, restore HA functionality, and then upgrade the active peer

Full Access
Question # 28

An administrator wants to enable WildFire inline machine learning. Which three file types does WildFire inline ML analyze? (Choose three.)

A.

Powershell scripts

B.

VBscripts

C.

MS Office

D.

APK

E.

ELF

Full Access
Question # 29

Which three firewall multi-factor authentication factors are supported by PAN-OS? (Choose three.)

A.

User logon

B.

Push

C.

One-Time Password

D.

SSH key

E.

Short message service

Full Access
Question # 30

A network security engineer needs to ensure that virtual systems can communicate with one another within a Palo Alto Networks firewall. Separate virtual routers (VRs) are created for each virtual system.

In addition to confirming security policies, which three configuration details should the engineer focus on to ensure communication between virtual systems? (Choose three.)

A.

External zones with the virtual systems added.

B.

Layer 3 zones for the virtual systems that need to communicate.

C.

Add a route with next hop set to none, and use the interface of the virtual systems that need to communicate.

D.

Add a route with next hop next-vr by using the VR configured in the virtual system.

E.

Ensure the virtual systems are visible to one another.

Full Access
Question # 31

An engineer manages a high availability network and requires fast failover of the routing protocols. The engineer decides to implement BFD.

Which three dynamic routing protocols support BFD? (Choose three.)

A.

OSPF

B.

RIP

C.

BGP

D.

IGRP

E.

OSPFv3 virtual link

Full Access
Question # 32

Which conditions must be met when provisioning a high availability (HA) cluster? (Choose two.)

A.

HA cluster members must share the same zone names.

B.

Dedicated HA communication interfaces for the cluster must be used over HSCI interfaces

C.

Panorama must be used to manage HA cluster members.

D.

HA cluster members must be the same firewall model and run the same PAN-OS version.

Full Access
Go to page: