PCNSE Exam Dumps - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

Go to page:

<< First
Prev
2
3
4
5
6
7
8
9
10
11
Next
Last >>

Question # 49

Which three authentication types can be used to authenticate users? (Choose three.)

Local database authentication

PingID

Kerberos single sign-on

GlobalProtect client

Cloud authentication service

Full Access

Question # 50

The vulnerability protection profile of an on-premises Palo Alto Networks firewall is triggering on a common Threat ID, and it has been determined to be a false positive. The issue causes an outage of a critical service. When the vulnerability protection profile is opened to add the exception, the Threat ID is missing. Which action will most efficiently find and implement the exception?

Review high-severity system logs to identify why the threat is missing in "Vulnerability Profile Exceptions"

Select "Show all signatures" within the vulnerability protection profile under "Exceptions"

Review traffic logs to add the exception from there

Open a support case

Full Access

Question # 51

An administrator is troubleshooting intermittent connectivity problems with a user's GlobalProtect connection. Packet captures at the firewall reveal missing UDP packets, suggesting potential packet loss on the connection. The administrator aims to resolve the issue by enforcing an SSL tunnel over TCP specifically for this user.

What configuration change is necessary to implement this troubleshooting solution for the user?

Enable SSL tunnel within the GlobalProtect gateway remote user's settings.

Modify the user's client to prioritize UDP traffic for GlobalProtect.

Enable SSL tunnel over TCP in a new agent configuration for the specific user.

Increase the user's VPN bandwidth allocation in the GlobalProtect settings.

Full Access

Question # 52

Which new PAN-OS 11.0 feature supports IPv6 traffic?

DHCPv6 Client with Prefix Delegation

OSPF

DHCP Server

IKEv1

Full Access

Question # 53

Which active-passive HA firewall state describes the firewall that is currently processing traffic?

Active-secondary

Active

Active-primary

Initial

Full Access

Question # 54

After importing a pre-configured firewall configuration to Panorama, what step is required to ensure a commit/push is successful without duplicating local configurations?

Ensure Force Template Values is checked when pushing configuration.

Push the Template first, then push Device Group to the newly managed firewall.

Perform the Export or push Device Config Bundle to the newly managed firewall.

Push the Device Group first, then push Template to the newly managed firewall

Full Access

Question # 55

Refer to the exhibit.

Based on the screenshots above what is the correct order in which the various rules are deployed to firewalls inside the DATACENTER_DG device group?

shared pre-rulesDATACENTER DG pre rulesrules configured locally on the firewallshared post-rulesDATACENTER_DG post-rulesDATACENTER.DG default rules

shared pre-rulesDATACENTER_DG pre-rulesrules configured locally on the firewallshared post-rulesDATACENTER.DG post-rulesshared default rules

shared pre-rulesDATACENTER_DG pre-rulesrules configured locally on the firewallDATACENTER_DG post-rulesshared post-rulesshared default rules

shared pre-rulesDATACENTER_DG pre-rulesrules configured locally on the firewallDATACENTER_DG post-rulesshared post-rulesDATACENTER_DG default rules

Full Access

Question # 56

After implementing a new NGFW, a firewall engineer sees a VoIP traffic issue going through the firewall After troubleshooting the engineer finds that the firewall performs NAT on the voice packets payload and opens dynamic pinholes for media ports

What can the engineer do to solve the VoIP traffic issue?

Disable ALG under H.323 application

Increase the TCP timeout under H.323 application

Increase the TCP timeout under SIP application

Disable ALG under SIP application

Full Access