PCNSE Exam Dumps - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

Go to page:

<< First
Prev
1
2
3
4
5
6
7
8
9
10
Next
Last >>

Question # 33

Which DoS Protection Profile detects and prevents session exhaustion attacks against specific destinations?

Resource Protection

TCP Port Scan Protection

Packet Based Attack Protection

Packet Buffer Protection

Full Access

Question # 34

Which three external authentication services can the firewall use to authenticate admins into the Palo Alto Networks NGFW without creating administrator account on the firewall? (Choose three.)

RADIUS

TACACS+

Kerberos

LDAP

SAML

Full Access

Question # 35

How can Panorama help with troubleshooting problems such as high CPU or resource exhaustion on a managed firewall?

Panorama provides information about system resources of the managed devices in the Managed Device > Health menu.

Firewalls send SNMP traps to Panorama wen resource exhaustion is detected Panorama generates a system log and can send email alerts.

Panorama monitors all firewalls using SNMP. It generates a system log and can send email alerts when resource exhaustion is detected on a managed firewall.

Panorama provides visibility all the system and traffic logs received from firewalls it does not offer any ability to see or monitor resource utilization on managed firewalls

Full Access

Question # 36

An administrator Just enabled HA Heartbeat Backup on two devices However, the status on tie firewall's dashboard is showing as down High Availability.

What could an administrator do to troubleshoot the issue?

Go to Device > High Availability> General > HA Pair Settings > Setup and configuring the peer IP for heartbeat backup

Check peer IP address In the permit list In Device > Setup > Management > Interfaces > Management Interface Settings

Go to Device > High Availability > HA Communications> General> and check the Heartbeat Backup under Election Settings

Check peer IP address for heartbeat backup to Device > High Availability > HA Communications > Packet Forwarding settings.

Full Access

Question # 37

A customer wants to deploy User-ID on a Palo Alto Network NGFW with multiple vsys. One of the vsys will support a GlobalProtect portal and gateway. the customer uses Windows

Deploy the GlobalProtect as a lee data hub.

Deploy Window User 0 agents on each domain controller.

Deploys AILS integrated Use 10 agent on each vsys.

Deploy a M.200 as a Users-ID collector.

Full Access

Question # 38

An administrator configures HA on a customer's Palo Alto Networks firewalls with path monitoring by using the default configuration values.

What are the default values for ping interval and ping count before a failover is triggered?

Ping interval of 200 ms and ping count of three failed pings

Ping interval of 5000 ms and ping count of 10 failed pings

Ping interval of 200 ms and ping count of 10 failed pings

Ping interval of 5000 ms and ping count of three failed pings

Full Access

Question # 39

An engineer is designing a deployment of multi-vsys firewalls.

What must be taken into consideration when designing the device group structure?

Only one vsys or one firewall can be assigned to a device group, and a multi-vsys firewall can have each vsys in a different device group.

Multiple vsys and firewalls can be assigned to a device group, and a multi-vsys firewall can have each vsys in a different device group.

Only one vsys or one firewall can be assigned to a device group, except for a multi-vsys firewall, which must have all its vsys in a single device group.

Multiple vsys and firewalls can be assigned to a device group, and a multi-vsys firewall must have all its vsys in a single device group.

Full Access