Summer Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

PCNSE Exam Dumps - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

Go to page:
Question # 41

An engineer troubleshooting a VPN issue needs to manually initiate a VPN tunnel from the CLI Which CLI command can the engineer use?

A.

test vpn ike-sa

B.

test vpn gateway

C.

test vpn flow

D.

test vpn tunnel

Full Access
Question # 42

Certain services in a customer implementation are not working, including Palo Alto Networks Dynamic version updates. Which CLI command can the firewall administrator use to verify if the service routes were correctly installed and that they are active in the Management Plane?

A.

debug dataplane internal vif route 255

B.

show routing route type management

C.

debug dataplane internal vif route 250

D.

show routing route type service-route

Full Access
Question # 43

An engineer reviews high availability (HA) settings to understand a recent HA failover event. Review the screenshot below.

Which timer determines the frequency at which the HA peers exchange messages in the form of an ICMP (ping)

A.

Hello Interval

B.

Promotion Hold Time

C.

Heartbeat Interval

D.

Monitor Fail Hold Up Time

Full Access
Question # 44

A network engineer troubleshoots a VPN Phase 2 mismatch and decides that PFS (Perfect Forward Secrecy) needs to be enabled. What action should the engineer take?

A.

Enable PFS under the IKE gateway advanced options.

B.

Enable PFS under the IPSec Tunnel advanced options.

C.

Add an authentication algorithm in the IPSec Crypto profile.

D.

Select the appropriate DH Group under the IPSec Crypto profile.

Full Access
Question # 45

Which are valid ACC GlobalProtect Activity tab widgets? (Choose two.)

A.

Successful GlobalProtect Deployed Activity

B.

GlobalProtect Deployment Activity

C.

GlobalProtect Quarantine Activity

D.

Successful GlobalProtect Connection Activity

Full Access
Question # 46

Which two components are required to configure certificate-based authentication to the web Ul when an administrator needs firewall access on a trusted interface'? (Choose two.)

A.

Server certificate

B.

SSL/TLS Service Profile

C.

Certificate Profile

D.

CA certificate

Full Access
Question # 47

Four configuration choices are listed, and each could be used to block access to a specific URL.

If you configured each choice to block the same URL, then which choice would be evaluated last in the processing order to block access to the URL?

A.

Custom URL category in URL Filtering profile

B.

EDL in URL Filtering profile

C.

PAN-DB URL category in URL Filtering profile

D.

Custom URL category in Security policy rule

Full Access
Question # 48

What action does a firewall take when a Decryption profile allows unsupported modes and unsupported traffic with TLS 1.2 protocol traverses the firewall?

A.

It blocks all communication with the server indefinitely.

B.

It downgrades the protocol to ensure compatibility.

C.

It automatically adds the server to the SSL Decryption Exclusion list.

D.

It generates an decryption error message but allows the traffic to continue decryption.

Full Access
Go to page: