iPass4sure.net

Certification Practice Test | PDF Questions | Actual Questions | Test Engine | Pass4Sure

PCNSE : Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 10 Exam

Palo-Alto PCNSE Questions & Answers

Full Version: 784 Q&A


Latest PCNSE Exam Questions and Practice Tests 2025 - Killexams.com


PCNSE Dumps PCNSE Braindumps PCNSE Real Questions PCNSE Practice Test

PCNSE Actual Questions


Palo-Alto


PCNSE


Palo Alto Networks Certified Security Engineer (PCNSE)

PAN-OS 10


https://killexams.com/pass4sure/exam-detail/PCNSE

Which CLI command is used to determine how much disk space is allocated to logs?

  1. show logging-status

  2. show system info

  3. debug log-receiver show

  4. show system logdfo-quota


Answer: D


Question: 49


Which Panorama feature protects logs against data loss if a Panorama server fails?

  1. Panorama HA automatically ensures that no logs are lost if a server fails inside the HA Cluster.

  2. Panorama Collector Group with Log Redundancy ensures that no logs are lost if a server fails inside the Collector Group.

  3. Panorama HA with Log Redundancy ensures that no logs are lost if a server fails inside the HA Cluster.

  4. Panorama Collector Group automatically ensures that no logs are lost if a server fails inside the Collector Group


Answer: A


Question: 50

A network security engineer wants to prevent resource-consumption issues on the firewall. Which strategy is consistent with decryption best practices to ensure consistent performance?

  1. Use RSA in a Decryption profile tor higher-priority and higher-risk traffic, and use less processor-intensive

    decryption methods for lower-risk traffic

  2. Use PFS in a Decryption profile for higher-priority and higher-risk traffic, and use less processor-intensive decryption methods for tower-risk traffic

  3. Use Decryption profiles to downgrade processor-intensive ciphers to ciphers that are less processor-intensive

  4. Use Decryption profiles to drop traffic that uses processor-intensive ciphers


Answer: B


Question: 51


Using multiple templates in a stack to manage many firewalls provides which two advantages? (Choose two.)

  1. inherit address-objects from templates

  2. define a common standard template configuration for firewalls

  3. standardize server profiles and authentication configuration across all stacks

  4. standardize log-forwarding profiles for security polices across all stacks


Answer: B, C


Question: 52

In the screenshot above which two pieces ot information can be determined from the ACC configuration shown? (Choose two)



  1. The Network Activity tab will display all applications, including FTP.

  2. Threats with a severity of "high" are always listed at the top of the Threat Name list

  3. Insecure-credentials, brute-force and protocol-anomaly are all a part of the vulnerability Threat Type

  4. The ACC has been filtered to only show the FTP application


Answer: C, D


Question: 53

A company is using wireless controllers to authenticate users. Which source should be used for User-ID mappings?

  1. Syslog

  2. XFF headers

  3. server monitoring

  4. client probing


Answer: A


Question: 54


Which statement regarding HA timer settings is true?

  1. Use the Recommended profile for typical failover timer settings

  2. Use the Moderate profile for typical failover timer settings

  3. Use the Aggressive profile for slower failover timer settings.

  4. Use the Critical profile for faster failover timer settings.


Answer: A

An administrator is seeing one of the firewalls in a HA active/passive pair moved to ‘suspended" state due to Non- functional loop.


Which three actions will help the administrator troubleshool this issue? (Choose three.)

  1. Use the CLI command show high-availability flap-statistics

  2. Check the HA Link Monitoring interface cables.

  3. Check the High Availability > Link and Path Monitoring settings.

  4. Check High Availability > Active/Passive Settings > Passive Link State

  5. Check the High Availability > HA Communications > Packet Forwarding settings.


Answer: A,B,D


Question: 56


An administrator has 750 firewalls. The administrator’s central-management Panorama instance deploys dynamic updates to the firewalls. The administrator notices that the dynamic updates from Panorama do not appear on some of the firewalls.


If Panorama pushes the configuration of a dynamic update schedule to managed firewalls, but the configuration does not appear, what is the root cause?

  1. Panorama does not have valid licenses to push the dynamic updates.

  2. Panorama has no connection to Palo Alto Networks update servers.

  3. No service route is configured on the firewalls to Palo Alto Networks update servers.

  4. Locally-defined dynamic update settings take precedence over the settings that Panorama pushed.


Answer: D


Question: 57

A client wants to detect the use of weak and manufacturer-default passwords for loT devices. Which option will help the customer?

  1. Configure a Data Filtering profile with alert mode.

  2. Configure an Antivirus profile with alert mode.

  3. Configure a Vulnerability Protection profile with alert mode

  4. Configure an Anti-Spyware profile with alert mode.


Answer: C


Question: 58

An administrator needs to evaluate a recent policy change that was committed and pushed to a firewall device group. How should the administrator identify the configuration changes?

  1. review the configuration logs on the Monitor tab

  2. click Preview Changes under Push Scope

  3. use Test Policy Match to review the policies in Panorama

  4. context-switch to the affected firewall and use the configuration audit tool


Answer: A Explanation:

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/panorama-web-interface/panorama-commit- operations.html


Question: 59

A network administrator troubleshoots a VPN issue and suspects an IKE Crypto mismatch between peers. Where can the administrator find the corresponding logs after running a test command to initiate the VPN?

  1. Configuration logs

  2. System logs

  3. Traffic logs

  4. Tunnel Inspection logs


Answer: B


Question: 60


An administrator has configured a pair of firewalls using high availability in Active/Passive mode. Path Monitoring has been enabled with a Failure Condition of "any." A path group is configured with Failure Condition of "all" and contains a destination IP of 8.8.8.8 and 4.2.2.2 with a Ping Interval of 500ms and a Ping count of 3.


Which scenario will cause the Active firewall to fail over?

  1. IP address 8.8.8.8 is unreachable for 1 second.

  2. IP addresses 8.8.8.8 and 4.2.2.2 are unreachable for 1 second.

  3. IP addresses 8.8.8.8 and 4.2.2.2 are unreachable for 2 seconds

  4. IP address 4.2.2.2 is unreachable for 2 seconds.


Answer: C


Question: 61


Where is information about packet buffer protection logged?

  1. Alert entries are in the Alarms log. Entries for dropped traffic, discarded sessions, and blocked IP address are in the Threat log

  2. All entries are in the System log

  3. Alert entries are in the System log. Entries for dropped traffic, discarded sessions and blocked IP addresses are in the Threat log

  4. All entries are in the Alarms log

Answer: C Explanation:


Graphical user interface, text, application

Description automatically generated


Question: 62


The administrator for a small company has recently enabled decryption on their Palo Alto Networks firewall using a self-signed root certificate. They have also created a Forward Trust and Forward Untrust certificate and set them as such.

The admin has not yet installed the root certificate onto client systems What effect would this have on decryption functionality?

  1. Decryption will function and there will be no effect to end users

  2. Decryption will not function because self-signed root certificates are not supported

  3. Decryption will not function until the certificate is installed on client systems

  4. Decryption will function but users will see certificate warnings for each SSL site they visit


Answer: D


Question: 63


A firewall administrator notices that many Host Sweep scan attacks are being allowed through the firewall sourced from the outside zone.


What should the firewall administrator do to mitigate this type of attack?

  1. Create a DOS Protection profile with SYN Flood protection enabled and apply it to all rules allowing traffic from the outside zone

  2. Enable packet buffer protection in the outside zone.

  3. Create a Security rule to deny all ICMP traffic from the outside zone.

  4. Create a Zone Protection profile, enable reconnaissance protection, set action to Block, and apply it to the outside zone.


Answer: D


Question: 64

An engineer is tasked with configuring a Zone Protection profile on the untrust zone. Which three settings can be configured on a Zone Protection profile? (Choose three.)

  1. Ethernet SGT Protection

  2. Protocol Protection

  3. DoS Protection

  4. Reconnaissance Protection

  5. Resource Protection


Answer: A, B, D Explanation:

  1. Protocol Protection: is used to protect against known protocol vulnerabilities, such as buffer overflows and malformed packets.


  2. DoS Protection: is used to protect against denial-of-service (DoS) attacks, such as SYN floods and ICMP floods.


  3. Reconnaissance Protection: is used to protect against reconnaissance attacks, such as port scans and ping sweeps.

Question: 65


A firewall should be advertising the static route 10.2.0.0/24 Into OSPF. The configuration on the neighbor is correct, but the route is not in the neighbor’s routing table.


Which two configurations should you check on the firewall? (Choose two.)

  1. In the OSFP configuration, ensure that the correct redistribution profile is selected in the OSPF Export Rules section.

  2. Within the redistribution profile ensure that Redist is selected.

  3. Ensure that the OSPF neighbor state Is "2-Way."

  4. In the redistribution profile check that the source type is set to "ospf."


Answer: A,B


Question: 66


Given the following snippet of a WildFire submission log. did the end-user get access to the requested information and why or why not?


  1. Yes. because the action is set to "allow ”

  2. No because WildFire categorized a file with the verdict "malicious"

  3. Yes because the action is set to "alert"

  4. No because WildFire classified the seventy as "high."


Answer: C Question: 67 DRAG DROP

Below are the steps in the workflow for creating a Best Practice Assessment in a firewall and Panorama configuration Place the steps in order.


Answer:


Explanation:


Step 1. In either the NGFW or in Panorama, on the Operations/Support tab, download the technical support file. Step 2. Log in to the Customer Support Portal (CSP) and navigate to Tools > Best Practice Assessment.

Step 3. Upload or drag and drop the technical support file.


Step 4. Map the zone type and area of the architecture to each zone. Step 5. Follow the steps to download the BPA report bundle. Question: 68

You have upgraded Panorama to 10.2 and need to upgrade six Log Collectors.


When upgrading Log Collectors to 10.2, you must do what?

  1. Upgrade the Log Collectors one at a time.

  2. Add Panorama Administrators to each Managed Collector.

  3. Add a Global Authentication Profile to each Managed Collector.

  4. Upgrade all the Log Collectors at the same time.


Answer: D


Question: 69


How would an administrator configure a Bidirectional Forwarding Detection profile for BGP after enabling the Advance Routing Engine run on PAN-OS 10.2?

  1. create a BFD profile under Network > Network Profiles > BFD Profile and then select the BFD profile under Network > Virtual Router > BGP > BFD

  2. create a BFD profile under Network > Routing > Routing Profiles > BFD and then select the BFD profile under Network > Virtual Router > BGP > General > Global BFD Profile

  3. create a BFD profile under Network > Routing > Routing Profiles > BFD and then select the BFD profile under Network > Routing > Logical Routers > BGP > General > Global BFD Profile

  4. create a BFD profile under Network > Network Profiles > BFD Profile and then select the BFD profile under Network > Routing > Logical Routers > BGP > BFD


Answer: A


User: Arthur*****

Following my friends recommendation, I chose to prepare for the pcnse exam using killexams.com, and I am glad that I did. The practice tests were easy to use and well-organized, with the questions arranged in a manner that made them easy to memorize. Thanks to this, I passed the exam with an 89% mark.
User: Christine*****

killexams.com is a fantastic product that is both user-friendly and easy to prepare with. I used it every day as part of my learning, and it helped me achieve a great score in the final PCNSE exam. The study materials offer valuable knowledge that can improve your exam performance. I highly recommend killexams.com to anyone looking for reliable study materials.
User: Viktor*****

I acquired the PCNSE questions and answers from Killexams.com because there were not many good exam materials available elsewhere. I was pleased with the way the data was organized, and relieved that most of the questions I observed at the exam were exactly what was provided by Killexams.com. I am grateful for passing the PCNSE exam.
User: Valentina*****

Thanks to killexams.com practice tests, I was able to answer 44 out of 50 questions in the PCNSE exam within the planned 75 minutes. The aid provided concise answers and relevant examples, making the exam a pleasant experience. It was the best exam preparation material I have ever used.
User: Stas*****

The exam preparation materials from Killexams.com are the best in the market. I recently took and passed my PCNSE exam, with only one question that I did not recognize. The practice tests provided with the product go beyond just memorization, as the exam simulator is a valuable tool in advancing ones career.

Features of iPass4sure PCNSE Exam

  • Files: PDF / Test Engine
  • Premium Access
  • Online Test Engine
  • Instant download Access
  • Comprehensive Q&A
  • Success Rate
  • Real Questions
  • Updated Regularly
  • Portable Files
  • Unlimited Download
  • 100% Secured
  • Confidentiality: 100%
  • Success Guarantee: 100%
  • Any Hidden Cost: $0.00
  • Auto Recharge: No
  • Updates Intimation: by Email
  • Technical Support: Free
  • PDF Compatibility: Windows, Android, iOS, Linux
  • Test Engine Compatibility: Mac / Windows / Android / iOS / Linux

Premium PDF with 784 Q&A

Get Full Version

All Palo-Alto Exams

Palo-Alto Exams

Certification and Entry Test Exams

Complete exam list