PCNSE Practice Questions

PCNSE Practice Questions

Which component of the integrated Palo Alto Networks security solution limits network-attached workstation access to a corporate mainframe?

Correct! Wrong!

Which Palo Alto Networks product is designed primarily to provide threat context with deeper information about attacks?

Correct! Wrong!

Which Palo Alto Networks product is designed primarily to provide normalization of threat intelligence feeds with the potential for automated response?

Correct! Wrong!

Which Palo Alto Networks product is designed primarily to prevent endpoints from successfully running malware programs?

Correct! Wrong!

Which Palo Alto Networks product is a cloud-based storage service designed to hold log information?

Correct! Wrong!

Which product is an example of an application designed to analyze Cortex Data Lake information?

Correct! Wrong!

A VM-Series virtual firewall differs from a physical Palo Alto Networks firewall in which way?

Correct! Wrong!

Which product would best secure east-west traffic within a public cloud implementation?

Correct! Wrong!

Why would you recommend an active/active firewall cluster instead of an active/passive firewall cluster?

Correct! Wrong!

How are firewalls configurations in an active/passive HA pair synchronized if the firewalls are not under Panorama control?

Correct! Wrong!

Without having to make network address configuration changes, you would use which type of network interface to insert a Palo Alto Networks firewall in front of a legacy port-based firewall to collect application information from incoming network traffic?

Correct! Wrong!

Which type of interface do you use to connect Layer 2 and Layer 3 interfaces?

Correct! Wrong!

Which dynamic routing protocol is not supported by the Palo Alto Networks firewall?

Correct! Wrong!

Which action is not compatible with aggregate interface configuration?

Correct! Wrong!

In a Panorama environment, how do you create and view enterprise-wide reports that include data from all managed firewalls?

Correct! Wrong!

What must you configure to guarantee duplication of log data on Log Collectors?

Correct! Wrong!

Which statement is true regarding Log Collecting in a Panorama HA pair?

Correct! Wrong!

How are log retention periods on Palo Alto Networks firewalls increased?

Correct! Wrong!

How do you access, and view firewall log data sent to the Cortex Data Lak?

Correct! Wrong!

The Security policy for all of a customer’s remote offices is the same, but different offices have different firewall models. If the remote offices are managed by Panorama, how might the offices share device groups and templates?

Correct! Wrong!

A Panorama template stack contains two templates and one configuration setting has a different value in each template. When Panorama pushes the template stack to the managed firewalls, which setting value will the firewalls receive?

Correct! Wrong!

Where in Panorama do you enter Security policy rules to ensure that your new rules will take precedence over locally entered rule?

Correct! Wrong!

In Panorama, how would you make changes to a Security policy rule for a specific firewall?

Correct! Wrong!

Which part of a VM-Series firewall should be updated to provide maximum feature support for a public cloud?

Correct! Wrong!

From where can you buy and download a VM-Series virtual firewall appliance for a public cloud deployment?

Correct! Wrong!

A private cloud has 20 VLANs spread over five ESXi hypervisors, managed by a single vCenter. How many firewall VMs are needed to implement microsegmentation?

Correct! Wrong!

When you deploy the Palo Alto Networks NGFW on NSX, packets coming to an application VM from VMs running on different hardware go through which modules?

Correct! Wrong!

Which option shows the interface types that ESXi supports in the VM-Series firewalls?

Correct! Wrong!

Which firewall configuration component is used to configure access to an external authentication service?

Correct! Wrong!

The firewall uses which information to determine which interface to use for a packet’s egress?

Correct! Wrong!

How does a firewall determine which route to use when its RIB is populated with multiple routes to the same location, but the routes were added by different routing protocol?

Correct! Wrong!

SYN flood protection provides flood protection from which protocol?

Correct! Wrong!

Which feature is not negatively affected by the lack of a Decryption policy?

Correct! Wrong!

How can the next-generation firewall inform web browsers that a web server’s certificate is from an unknown CA?

Correct! Wrong!

An App-ID used in an Application Override policy rule should have which characteristic?

Correct! Wrong!

Which type of identification is disabled by Application Override?

Correct! Wrong!

Application Override is triggered by which configuration setting?

Correct! Wrong!

Which configuration must be made on the firewall before it can read User-ID-to-IP-address mapping tables from external source?

Correct! Wrong!

For an external device to consume a local User-ID-to-IP-address mapping table, which data is used for authentication between the devices?

Correct! Wrong!

User-ID-to-IP-address mapping tables can be read by which product or service?

Correct! Wrong!

When will a firewall check for the presence of bootstrap volume?

Correct! Wrong!

Where in the bootstrap volume directories is a required dynamic update file?

Correct! Wrong!

Can a firewall’s PAN-OS software be updated by the bootstrap process?

Correct! Wrong!

An application using which protocol can receive an incomplete value in the Application field in the Traffic log?

Correct! Wrong!

Session traffic being evaluated by a firewall is encrypted with SSL. If the firewall does not decrypt the traffic, how can the firewall make an App-ID determination?

Correct! Wrong!

While a firewall is scanning an active session, how does it respond when it detects a change of application?

Correct! Wrong!

Which profile do you use for DLP based on file content?

Correct! Wrong!

Which profile do you use to monitor DNS resolution lookups for sites associated with threat activity?

Correct! Wrong!

Which profile do you use to analyze files for zero-day malware?

Correct! Wrong!

Which profile do you use to examine browsing traffic for appropriate browsing policy enforcement?

Correct! Wrong!

Which profile do you use to detect and block an executable file from being transferred through the firewall?

Correct! Wrong!

Leave a Reply

Your email address will not be published. Required fields are marked *