Summer Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

PCNSE Exam Dumps - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

Go to page:
Question # 4

An administrator configures a site-to-site IPsec VPN tunnel between a PA-850 and an external customer on their policy-based VPN devices.

What should an administrator configure to route interesting traffic through the VPN tunnel?

A.

Proxy IDs

B.

GRE Encapsulation

C.

Tunnel Monitor

D.

ToS Header

Full Access
Question # 5

What type of address object would be useful for internal devices where the addressing structure assigns meaning to certain bits in the address, as illustrated in the diagram?

A.

IP Netmask

B.

IP Wildcard Mask

C.

IP Address

D.

IP Range

Full Access
Question # 6

‘SSL Forward Proxy decryption is configured, but the firewall uses Untrusted-CA to sign the website https://www important-website com certificate, End-users are receiving the "security certificate is no: trusted” warning, Without SSL decryption, the web browser shows chat the website certificate is trusted and signet by well-known certificate chain Well-Known-intermediate and Wako Hebe CA Security administrator who represents the customer requires the following two behaviors when SSL Forward Proxy is enabled:

1. End-users must not get the warning for the https:///www.very-import-website.com/ website.

2. End-users should get the warning for any other untrusted website.

Which approach meets the two customer requirements?

A.

Install the Well-Known-intermediate-CA and Well:Known Root-CA certificates on all end-user systems in the user and local computer stores:

B.

Clear the Forward Untrust-CA Certificate check box on the Untrusted-CA certificate= and commit the configuration

C.

Navigate to Device > Certificate Management > Certificates > Default Trusted Certificate Authorities, import Well-Known-Intermediate-CA 2nd Well-Known-Root-CA select the Trusted Root CA check box, aid commit the configuration.

D.

Navigate to Device > Certificate Management > Certificates > Device Certificates, import Well-known-Intermediate-CA and Well-Know5-Root-CA, Select the Trusted Root CA check box, and commit the configuration.

Full Access
Question # 7

An engineer is monitoring an active/active high availability (HA) firewall pair.

Which HA firewall state describes the firewall that is experiencing a failure of a monitored path?

A.

Initial

B.

Tentative

C.

Passive

D.

Active-secondary

Full Access
Question # 8

Which interface type should a firewall administrator configure as an upstream to the ingress trusted interface when configuring transparent web proxy on a Palo Alto Networks firewall?

A.

Tunnel

B.

Ethernet

C.

VLAN

D.

Lookback

Full Access
Go to page: