Summer Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

PCNSE Exam Dumps - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

Go to page:
Question # 49

Which three authentication types can be used to authenticate users? (Choose three.)

A.

Local database authentication

B.

PingID

C.

Kerberos single sign-on

D.

GlobalProtect client

E.

Cloud authentication service

Full Access
Question # 50

The vulnerability protection profile of an on-premises Palo Alto Networks firewall is triggering on a common Threat ID, and it has been determined to be a false positive. The issue causes an outage of a critical service. When the vulnerability protection profile is opened to add the exception, the Threat ID is missing. Which action will most efficiently find and implement the exception?

A.

Review high-severity system logs to identify why the threat is missing in "Vulnerability Profile Exceptions"

B.

Select "Show all signatures" within the vulnerability protection profile under "Exceptions"

C.

Review traffic logs to add the exception from there

D.

Open a support case

Full Access
Question # 51

An administrator is troubleshooting intermittent connectivity problems with a user's GlobalProtect connection. Packet captures at the firewall reveal missing UDP packets, suggesting potential packet loss on the connection. The administrator aims to resolve the issue by enforcing an SSL tunnel over TCP specifically for this user.

What configuration change is necessary to implement this troubleshooting solution for the user?

A.

Enable SSL tunnel within the GlobalProtect gateway remote user's settings.

B.

Modify the user's client to prioritize UDP traffic for GlobalProtect.

C.

Enable SSL tunnel over TCP in a new agent configuration for the specific user.

D.

Increase the user's VPN bandwidth allocation in the GlobalProtect settings.

Full Access
Question # 52

Which new PAN-OS 11.0 feature supports IPv6 traffic?

A.

DHCPv6 Client with Prefix Delegation

B.

OSPF

C.

DHCP Server

D.

IKEv1

Full Access
Question # 53

Which active-passive HA firewall state describes the firewall that is currently processing traffic?

A.

Active-secondary

B.

Active

C.

Active-primary

D.

Initial

Full Access
Question # 54

After importing a pre-configured firewall configuration to Panorama, what step is required to ensure a commit/push is successful without duplicating local configurations?

A.

Ensure Force Template Values is checked when pushing configuration.

B.

Push the Template first, then push Device Group to the newly managed firewall.

C.

Perform the Export or push Device Config Bundle to the newly managed firewall.

D.

Push the Device Group first, then push Template to the newly managed firewall

Full Access
Question # 55

Refer to the exhibit.

Based on the screenshots above what is the correct order in which the various rules are deployed to firewalls inside the DATACENTER_DG device group?

A.

shared pre-rulesDATACENTER DG pre rulesrules configured locally on the firewallshared post-rulesDATACENTER_DG post-rulesDATACENTER.DG default rules

B.

shared pre-rulesDATACENTER_DG pre-rulesrules configured locally on the firewallshared post-rulesDATACENTER.DG post-rulesshared default rules

C.

shared pre-rulesDATACENTER_DG pre-rulesrules configured locally on the firewallDATACENTER_DG post-rulesshared post-rulesshared default rules

D.

shared pre-rulesDATACENTER_DG pre-rulesrules configured locally on the firewallDATACENTER_DG post-rulesshared post-rulesDATACENTER_DG default rules

Full Access
Question # 56

After implementing a new NGFW, a firewall engineer sees a VoIP traffic issue going through the firewall After troubleshooting the engineer finds that the firewall performs NAT on the voice packets payload and opens dynamic pinholes for media ports

What can the engineer do to solve the VoIP traffic issue?

A.

Disable ALG under H.323 application

B.

Increase the TCP timeout under H.323 application

C.

Increase the TCP timeout under SIP application

D.

Disable ALG under SIP application

Full Access
Go to page: