Happy Black Friday Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 1b2718643m

PCNSE Exam Dumps - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 10.0

Question # 4

Which setting allow a DOS protection profile to limit the maximum concurrent sessions from a source IP address?

A.

Set the type to Aggregate, clear the session’s box and set the Maximum concurrent Sessions to 4000.

B.

Set the type to Classified, clear the session’s box and set the Maximum concurrent Sessions to 4000.

C.

Set the type Classified, check the Sessions box and set the Maximum concurrent Sessions to 4000.

D.

Set the type to aggregate, check the Sessions box and set the Maximum concurrent Sessions to 4000.

Full Access
Question # 5

Which three options does the WF-500 appliance support for local analysis? (Choose three)

A.

E-mail links

B.

APK files

C.

jar files

D.

PNG files

E.

Portable Executable (PE) files

Full Access
Question # 6

A users traffic traversing a Palo Alto networks NGFW sometimes can reach http //www company com At other times the session times out. At other times the session times out The NGFW has been configured with a PBF rule that the user traffic matches when it goes to http://www.company.com

goes to http://www company com

How can the firewall be configured to automatically disable the PBF rule if the next hop goes down?

A.

Create and add a monitor profile with an action of fail over in the PBF rule in question

B.

Create and add a monitor profile with an action of wait recover in the PBF rule in question

C.

Configure path monitoring for the next hop gateway on the default route in the virtual router

D.

Enable and configure a link monitoring profile for the external interface of the firewall

Full Access
Question # 7

Which two logs on the firewall will contain authentication-related information useful for troubleshooting purpose (Choose two)

A.

ms.log

B.

traffic.log

C.

system.log

D.

dp-monitor.log

E.

authd.log

Full Access
Question # 8

Which two actions are required to make Microsoft Active Directory users appear in a firewall traffic log? (Choose two.)

A.

Run the User-ID Agent using an Active Directory account that has "event log viewer" permissions

B.

Enable User-ID on the zone object for the destination zone

C.

Run the User-ID Agent using an Active Directory account that has "domain administrator" permissions

D.

Enable User-ID on the zone object for the source zone

E.

Configure a RADIUS server profile to point to a domain controller

Full Access
Question # 9

A network security engineer is asked to provide a report on bandwidth usage. Which tab in the ACC provides the information needed to create the report?

A.

Blocked Activity

B.

Bandwidth Activity

C.

Threat Activity

D.

Network Activity

Full Access
Question # 10

A company has a policy that denies all applications it classifies as bad and permits only application it classifies as good. The firewall administrator created the following security policy on the company's firewall.

Which interface configuration will accept specific VLAN IDs?

Which two benefits are gained from having both rule 2 and rule 3 presents? (choose two)

A.

A report can be created that identifies unclassified traffic on the network.

B.

Different security profiles can be applied to traffic matching rules 2 and 3.

C.

Rule 2 and 3 apply to traffic on different ports.

D.

Separate Log Forwarding profiles can be applied to rules 2 and 3.

Full Access
Question # 11

An administrator has left a firewall to use the data of port for all management service which there functions are performed by the data face? (Choose three.)

A.

NTP

B.

Antivirus

C.

Wildfire updates

D.

NAT

E.

File tracking

Full Access
Question # 12

What must be used in Security Policy Rule that contain addresses where NAT policy applies?

A.

Pre-NAT addresse and Pre-NAT zones

B.

Post-NAT addresse and Post-Nat zones

C.

Pre-NAT addresse and Post-Nat zones

D.

Post-Nat addresses and Pre-NAT zones

Full Access
Question # 13

A file sharing application is being permitted and no one knows what this application is used for.

How should this application be blocked?

A.

Block all unauthorized applications using a security policy

B.

Block all known internal custom applications

C.

Create a WildFire Analysis Profile that blocks Layer 4 and Layer 7 attacks

D.

Create a File blocking profile that blocks Layer 4 and Layer 7 attacks

Full Access
Question # 14

Which Palo Alto Networks VM-Series firewall is supported for VMware NSX?

A.

VM-100

B.

VM-200

C.

VM-1000-HV

D.

VM-300

Full Access
Question # 15

Click the Exhibit button

An administrator has noticed a large increase in bittorrent activity. The administrator wants to determine where the traffic is going on the company.

What would be the administrator's next step?

A.

Right-Click on the bittorrent link and select Value from the context menu

B.

Create a global filter for bittorrent traffic and then view Traffic logs.

C.

Create local filter for bittorrent traffic and then view Traffic logs.

D.

Click on the bittorrent application link to view network activity

Full Access
Question # 16

What can missing SSL packets when performing a packet capture on dataplane interfaces?

A.

The packets are hardware offloaded to the offloaded processor on the dataplane

B.

The missing packets are offloaded to the management plane CPU

C.

The packets are not captured because they are encrypted

D.

There is a hardware problem with offloading FPGA on the management plane

Full Access
Question # 17

Which two options are required on an M-100 appliance to configure it as a Log Collector? (Choose two)

A.

From the Panorama tab of the Panorama GUI select Log Collector mode and then commit changes

B.

Enter the command request system system-mode logger then enter Y to confirm the change to Log Collector mode.

C.

From the Device tab of the Panorama GUI select Log Collector mode and then commit changes.

D.

Enter the command logger-mode enable the enter Y to confirm the change to Log Collector mode.

E.

Log in the Panorama CLI of the dedicated Log Collector

Full Access
Question # 18

Which Security Policy Rule configuration option disables antivirus and anti-spyware scanning of server-to-client flows only?

A.

Disable Server Response Inspection

B.

Apply an Application Override

C.

Disable HIP Profile

D.

Add server IP Security Policy exception

Full Access
Question # 19

During the packet flow process, which two processes are performed in application identification? (Choose two.)

A.

pattern based application identification

B.

application changed from content inspection

C.

session application identified

D.

application override policy match

Full Access
Question # 20

View the GlobalProtect configuration screen capture.

What is the purpose of this configuration?

A.

It configures the tunnel address of all internal clients to an IP address range starting at 192.168.10.1.

B.

It forces an internal client to connect to an internal gateway at IP address 192.168.10.1.

C.

It enables a client to perform a reverse DNS lookup on 192.168.10.1 to detect that it is an internal client.

D.

It forces the firewall to perform a dynamic DNS update, which adds the internal gateway’s hostname and IP address to the DNS server.

Full Access
Question # 21

If an administrator does not possess a website’s certificate, which SSL decryption mode will allow the Palo Alto networks NGFW to inspect when users browse to HTTP(S) websites?

A.

SSL Forward Proxy

B.

SSL Inbound Inspection

C.

TLS Bidirectional proxy

D.

SSL Outbound Inspection

Full Access
Question # 22

Refer to the exhibit.

An administrator cannot see any of the Traffic logs from the Palo Alto Networks NGFW on Panorama. The configuration problem seems to be on the firewall side. Where is the best place on the Palo Alto Networks NGFW to check whether the configuration is correct?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 23

A session in the Traffic log is reporting the application as “incomplete.” What does “incomplete” mean?

A.

The three-way TCP handshake was observed, but the application could not be identified.

B.

The three-way TCP handshake did not complete.

C.

The traffic is coming across UDP, and the application could not be identified.

D.

Data was received but was instantly discarded because of a Deny policy was applied before App-ID could be applied.

Full Access
Question # 24

Which option enables a Palo Alto Networks NGFW administrator to schedule Application and Threat updates while applying only new content-IDs to traffic?

A.

Select download-and-install.

B.

Select download-and-install, with "Disable new apps in content update" selected.

C.

Select download-only.

D.

Select disable application updates and select "Install only Threat updates"

Full Access
Question # 25

Which is not a valid reason for receiving a decrypt-cert-validation error?

A.

Unsupported HSM

B.

Unknown certificate status

C.

Client authentication

D.

Untrusted issuer

Full Access
Question # 26

An administrator is using Panorama and multiple Palo Alto Networks NGFWs. After upgrading all devices to the latest PAN-OS® software, the administrator enables log forwarding from the firewalls to PanoramA. Pre-existing logs from the firewalls are not appearing in PanoramA.

Which action would enable the firewalls to send their pre-existing logs to Panorama?

A.

Use the import option to pull logs into Panorama.

B.

A CLI command will forward the pre-existing logs to Panorama.

C.

Use the ACC to consolidate pre-existing logs.

D.

The log database will need to exported form the firewalls and manually imported into Panorama.

Full Access
Question # 27

When is the content inspection performed in the packet flow process?

A.

after the application has been identified

B.

before session lookup

C.

before the packet forwarding process

D.

after the SSL Proxy re-encrypts the packet

Full Access
Question # 28

Which feature can be configured on VM-Series firewalls?

A.

aggregate interfaces

B.

machine learning

C.

multiple virtual systems

D.

GlobalProtect

Full Access
Question # 29

When configuring the firewall for packet capture, what are the valid stage types?

A.

Receive, management , transmit , and drop

B.

Receive , firewall, send , and non-syn

C.

Receive management , transmit, and non-syn

D.

Receive , firewall, transmit, and drop

Full Access
Question # 30

What are two benefits of nested device groups in Panorama? (Choose two.)

A.

Reuse of the existing Security policy rules and objects

B.

Requires configuring both function and location for every device

C.

All device groups inherit settings form the Shared group

D.

Overwrites local firewall configuration

Full Access
Question # 31

Which log file can be used to identify SSL decryption failures?

A.

Configuration

B.

Threats

C.

ACC

D.

Traffic

Full Access
Question # 32

Which two features does PAN-OS® software use to identify applications? (Choose two)

A.

port number

B.

session number

C.

transaction characteristics

D.

application layer payload

Full Access
Question # 33

Which User-ID method maps IP address to usernames for users connecting through a web proxy that has already authenticated the user?

A.

Client Probing

B.

Port mapping

C.

Server monitoring

D.

Syslog listening

Full Access
Question # 34

The firewall is not downloading IP addresses from MineMeld. Based, on the image, what most likely is wrong?

A.

A Certificate Profile that contains the client certificate needs to be selected.

B.

The source address supports only files hosted with an ftp://

.

C.

External Dynamic Lists do not support SSL connections.

D.

A Certificate Profile that contains the CA certificate needs to be selected.

Full Access
Question # 35

To protect your firewall and network from single source denial of service (DoS) attacks that can overwhelm its packet buffer and cause legitimate traffic to drop, you can configure.

A.

BGP (Border Gateway Protocol)

B.

PBP (Packet Buffer Protection)

C.

PGP (Packet Gateway Protocol)

D.

PBP (Protocol Based Protection)

Full Access
Question # 36

An administrator has been asked to configure a Palo Alto Networks NGFW to provide protection against worms and trojans. Which Security Profile type will protect against worms and trojans?

A.

Anti-Spyware

B.

WildFire

C.

Vulnerability Protection

D.

Antivirus

Full Access
Question # 37

A web server is hosted in the DMZ and the server is configured to listen for incoming connections on TCP port 443. A Security policies rules allowing access from the Trust zone to the DMZ zone needs to be configured to allow web-browsing access. The web server hosts its contents over HTTP(S). Traffic from Trust to DMZ is being decrypted with a Forward Proxy rule.

Which combination of service and application, and order of Security policy rules, needs to be configured to allow cleartext web- browsing traffic to this server on tcp/443.

A.

Rule #1: application: web-browsing; service: application-default; action: allow Rule #2: application: ssl; service: application-default; action: allow

B.

Rule #1: application: web-browsing; service: service-https; action: allow Rule #2: application: ssl; service: application-default; action: allow

C.

Rule # 1: application: ssl; service: application-default; action: allow

Rule #2: application: web-browsing; service: application-default; action: allow

D.

Rule #1: application: web-browsing; service: service-http; action: allow Rule #2: application: ssl; service: application-default; action: allow

Full Access
Question # 38

Which four NGFW multi-factor authentication factors are supported by PAN-OS? (Choose four.)

A.

Short message service

B.

Push

C.

User logon

D.

Voice

E.

SSH key

F.

One-Time Password

Full Access
Question # 39

When you configure a Layer 3 interface what is one mandatory step?

A.

Configure Security profiles, which need to be attached to each Layer 3 interface

B.

Configure Interface Management profiles which need to be attached to each Layer 3 interface

C.

Configure virtual routers to route the traffic for each Layer 3 interface

D.

Configure service routes to route the traffic for each Layer 3 interface

Full Access
Question # 40

A organizations administrator has the funds available to purchase more firewalls to increase the organization's security posture.

The partner SE recommends placing the firewalls as close as possible to the resources that they protect

Is the SE's advice correct and why or why not?

A.

Yes Firewalls are session based so they do not scale to millions of CPS

B.

No Placing firewalls m front of perimeter DDoS devices provides greater protection tor sensitive devices inside the network

C.

Yes Zone Protection profiles can be tailored to the resources that they protect via the configuration of specific device types and operating systems

D.

No Firewalls provide new defense and resilience to prevent attackers at every stage of the cyberattack lifecycle independent of placement

Full Access
Question # 41

In a firewall, which three decryption methods are valid? (Choose three )

A.

SSL Inbound Inspection

B.

SSL Outbound Proxyless Inspection

C.

SSL Inbound Proxy

D.

Decryption Mirror

E.

SSH Proxy

Full Access
Question # 42

With the default TCP and UDP settings on the firewall what will be me identified application in the following session?

A.

incomplete

B.

unknown-tcp

C.

insufficient-data

D.

unknown-udp

Full Access
Question # 43

When an in-band data port is set up to provide access to required services, what is required for an interface that is assigned to service routes?

A.

The interface must be used for traffic to the required services

B.

You must enable DoS and zone protection

C.

You must set the interface to Layer 2 Layer 3. or virtual wire

D.

You must use a static IP address

Full Access
Question # 44

When you import the configuration of an HA pair into Panorama, how do you prevent the import from affecting ongoing traffic?

A.

Disable HA

B.

Disable the HA2 link

C.

Disable config sync

D.

Set the passive link state to 'shutdown.-

Full Access
Question # 45

An administrator needs to troubleshoot a User-ID deployment The administrator believes that there is an issue related to LDAP authentication The administrator wants to create a packet capture on the management plane

Which CLI command should the administrator use to obtain the packet capture for validating the configuration^

A.

> ftp export mgmt-pcap from mgmt.pcap to

B.

> scp export mgmt-pcap from mgmt.pcap to {usernameQhost:path>

C.

> scp export pcap-mgmt from pcap.mgiat to (username@host:path)

D.

> scp export pcap from pcap to (usernameQhost:path)

Full Access
Question # 46

Before you upgrade a Palo Alto Networks NGFW, what must you do?

A.

Make sure that the PAN-OS support contract is valid for at least another year

B.

Export a device state of the firewall

C.

Make sure that the firewall is running a version of antivirus software and a version of WildFire that support the licensed subscriptions.

D.

Make sure that the firewall is running a supported version of the app + threat update

Full Access
Question # 47

Please match the terms to their corresponding definitions.

Full Access
Question # 48

Match each type of DoS attack to an example of that type of attack

Full Access
Question # 49

An engineer must configure a new SSL decryption deployment

Which profile or certificate is required before any traffic that matches an SSL decryption rule is decrypted?

A.

There must be a certificate with both the Forward Trust option and Forward Untrust option selected

B.

A Decryption profile must be attached to the Decryption policy that the traffic matches

C.

A Decryption profile must be attached to the Security policy that the traffic matches

D.

There must be a certificate with only the Forward Trust option selected

Full Access
Question # 50

A security engineer needs to mitigate packet floods that occur on a set of servers behind the internet facing interface of the firewall. Which Security Profile should be applied to a policy to prevent these packet floods?

A.

URL Filtering profile

B.

Vulnerability Protection profile

C.

Data Filtering profile

D.

DoS Protection profile

Full Access
Question # 51

Which three statements accurately describe Decryption Mirror? (Choose three.)

A.

Decryption Mirror requires a tap interface on the firewall

B.

Decryption, storage, inspection and use of SSL traffic are regulated in certain countries

C.

Only management consent is required to use the Decryption Mirror feature

D.

You should consult with your corporate counsel before activating and using Decryption Mirror in a production environment

E.

Use of Decryption Mirror might enable malicious users with administrative access to the firewall to harvest sensitive information that is submitted via an encrypted channel

Full Access
Question # 52

Match each GlobalProtect component to the purpose of that component

Full Access
Question # 53

An administrator has a PA-820 firewall with an active Threat Prevention subscription The administrator is considering adding a WildFire subscription.

How does adding the WildFire subscription improve the security posture of the organization1?

A.

Protection against unknown malware can be provided in near real-time

B.

WildFire and Threat Prevention combine to provide the utmost security posture for the firewall

C.

After 24 hours WildFire signatures are included in the antivirus update

D.

WildFire and Threat Prevention combine to minimize the attack surface

Full Access
Question # 54

PBF can address which two scenarios? (Select Two)

A.

forwarding all traffic by using source port 78249 to a specific egress interface

B.

providing application connectivity the primary circuit fails

C.

enabling the firewall to bypass Layer 7 inspection

D.

routing FTP to a backup ISP link to save bandwidth on the primary ISP link

Full Access
Question # 55

An administrator is considering upgrading the Palo Alto Networks NGFW and central management Panorama version

What is considered best practice for this scenario?

A.

Perform the Panorama and firewall upgrades simultaneously

B.

Upgrade the firewall first wait at least 24 hours and then upgrade the Panorama version

C.

Upgrade Panorama to a version at or above the target firewall version

D.

Export the device state perform the update, and then import the device state

Full Access