Summer Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

PCNSE Exam Dumps - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

Go to page:
Question # 57

Which GlobalProtect gateway selling is required to enable split-tunneling by access route, destination domain, and application?

A.

No Direct Access to local networks

B.

Tunnel mode

C.

iPSec mode

D.

Satellite mode

Full Access
Question # 58

What are two requirements of IPSec in transport mode? (Choose two.)

A.

IKEv1

B.

NAT traversal

C.

DH-group 20 (ECP-384 bits)

D.

Auto-generated key

Full Access
Question # 59

An administrator is configuring a Panorama device group. Which two objects are configurable? (Choose two.)

A.

DNS Proxy

B.

SSL/TLS profiles

C.

address groups

D.

URL Filtering profiles

Full Access
Question # 60

A network security engineer is attempting to peer a virtual router on a PAN-OS firewall with an external router using the BGP protocol. The peer relationship is not establishing. What command could the engineer run to see the current state of the BGP state between the two devices?

A.

show routing protocol bgp summary

B.

show routing protocol bgp rib-out

C.

show routing protocol bgp state

D.

show routing protocol bgp peer

Full Access
Question # 61

An administrator is tasked to provide secure access to applications running on a server in the company's on-premises datacenter.

What must the administrator consider as they prepare to configure the decryption policy?

A.

Ensure HA3 interfaces are configured in a HA pair environment to sync decrypted sessions.

B.

Obtain or generate the server certificate and private key from the datacenter server.

C.

Obtain or generate the self-signed certificate with private key in the firewall

D.

Obtain or generate the forward trust and forward untrust certificate from the datacenter server.

Full Access
Question # 62

All firewall at a company are currently forwarding logs to Palo Alto Networks log collectors. The company also wants to deploy a sylog server and forward all firewall logs to the syslog server and to the log collectors. There is known logging peak time during the day, and the security team has asked the firewall engineer to determined how many logs per second the current Palo Alto Networking log processing at that particular time. Which method is the most time-efficient to complete this task?

A.

Navigate to Panorama > Managed Collectors, and open the Statistics windows for each Log Collector during the peak time.

B.

Navigate to Monitor > Unified logs, set the filter to the peak time, and browse to the last page to find out how many logs have been received.

C.

Navigate to Panorama> Managed Devices> Health, open the Logging tab for each managed firewall and check the log rates during the peak time.

D.

Navigate to ACC> Network Activity, and determine the total number of sessions and threats during the peak time.

Full Access
Question # 63

An administrator has purchased WildFire subscriptions for 90 firewalls globally.

What should the administrator consider with regards to the WildFire infra-structure?

A.

To comply with data privacy regulations, WildFire signatures and ver-dicts are not shared globally.

B.

Palo Alto Networks owns and maintains one global cloud and four WildFire regional clouds.

C.

Each WildFire cloud analyzes samples and generates malware signatures and verdicts independently of the other WildFire clouds.

D.

The WildFire Global Cloud only provides bare metal analysis.

Full Access
Question # 64

An engineer is troubleshooting a traffic-routing issue.

What is the correct packet-flow sequence?

A.

PBF > Zone Protection Profiles > Packet Buffer Protection

B.

BGP > PBF > NAT

C.

PBF > Static route > Security policy enforcement

D.

NAT > Security policy enforcement > OSPF

Full Access
Go to page: