PCNSE : Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 10 Exam

PCNSE Dumps PCNSE Braindumps PCNSE Real Questions PCNSE Practice Test
PCNSE Actual Questions
Palo-Alto
PCNSE
Palo Alto Networks Certified Security Engineer (PCNSE)
PAN-OS 10
https://killexams.com/pass4sure/exam-detail/PCNSE
Which CLI command is used to determine how much disk space is allocated to logs?
1. show logging-status
2. show system info
3. debug log-receiver show
4. show system logdfo-quota
Answer: D
Question: 49
Which Panorama feature protects logs against data loss if a Panorama server fails?
1. Panorama HA automatically ensures that no logs are lost if a server fails inside the HA Cluster.
2. Panorama Collector Group with Log Redundancy ensures that no logs are lost if a server fails inside the Collector Group.
3. Panorama HA with Log Redundancy ensures that no logs are lost if a server fails inside the HA Cluster.
4. Panorama Collector Group automatically ensures that no logs are lost if a server fails inside the Collector Group
Answer: A
Question: 50
A network security engineer wants to prevent resource-consumption issues on the firewall. Which strategy is consistent with decryption best practices to ensure consistent performance?
1. Use RSA in a Decryption profile tor higher-priority and higher-risk traffic, and use less processor-intensive
decryption methods for lower-risk traffic
2. Use PFS in a Decryption profile for higher-priority and higher-risk traffic, and use less processor-intensive decryption methods for tower-risk traffic
3. Use Decryption profiles to downgrade processor-intensive ciphers to ciphers that are less processor-intensive
4. Use Decryption profiles to drop traffic that uses processor-intensive ciphers
Answer: B
Question: 51
Using multiple templates in a stack to manage many firewalls provides which two advantages? (Choose two.)
1. inherit address-objects from templates
2. define a common standard template configuration for firewalls
3. standardize server profiles and authentication configuration across all stacks
4. standardize log-forwarding profiles for security polices across all stacks
Answer: B, C
Question: 52
In the screenshot above which two pieces ot information can be determined from the ACC configuration shown? (Choose two)
1. The Network Activity tab will display all applications, including FTP.
2. Threats with a severity of "high" are always listed at the top of the Threat Name list
3. Insecure-credentials, brute-force and protocol-anomaly are all a part of the vulnerability Threat Type
4. The ACC has been filtered to only show the FTP application
Answer: C, D
Question: 53
A company is using wireless controllers to authenticate users. Which source should be used for User-ID mappings?
1. Syslog
2. XFF headers
3. server monitoring
4. client probing
Answer: A
Question: 54
Which statement regarding HA timer settings is true?
1. Use the Recommended profile for typical failover timer settings
2. Use the Moderate profile for typical failover timer settings
3. Use the Aggressive profile for slower failover timer settings.
4. Use the Critical profile for faster failover timer settings.
Answer: A
An administrator is seeing one of the firewalls in a HA active/passive pair moved to ‘suspended" state due to Non- functional loop.
Which three actions will help the administrator troubleshool this issue? (Choose three.)
1. Use the CLI command show high-availability flap-statistics
2. Check the HA Link Monitoring interface cables.
3. Check the High Availability > Link and Path Monitoring settings.
4. Check High Availability > Active/Passive Settings > Passive Link State
5. Check the High Availability > HA Communications > Packet Forwarding settings.
Answer: A,B,D
Question: 56
An administrator has 750 firewalls. The administrator’s central-management Panorama instance deploys dynamic updates to the firewalls. The administrator notices that the dynamic updates from Panorama do not appear on some of the firewalls.
If Panorama pushes the configuration of a dynamic update schedule to managed firewalls, but the configuration does not appear, what is the root cause?
1. Panorama does not have valid licenses to push the dynamic updates.
2. Panorama has no connection to Palo Alto Networks update servers.
3. No service route is configured on the firewalls to Palo Alto Networks update servers.
4. Locally-defined dynamic update settings take precedence over the settings that Panorama pushed.
Answer: D
Question: 57
A client wants to detect the use of weak and manufacturer-default passwords for loT devices. Which option will help the customer?
1. Configure a Data Filtering profile with alert mode.
2. Configure an Antivirus profile with alert mode.
3. Configure a Vulnerability Protection profile with alert mode
4. Configure an Anti-Spyware profile with alert mode.
Answer: C
Question: 58
An administrator needs to evaluate a recent policy change that was committed and pushed to a firewall device group. How should the administrator identify the configuration changes?
1. review the configuration logs on the Monitor tab
2. click Preview Changes under Push Scope
3. use Test Policy Match to review the policies in Panorama
4. context-switch to the affected firewall and use the configuration audit tool
Answer: A Explanation:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/panorama-web-interface/panorama-commit- operations.html
Question: 59
A network administrator troubleshoots a VPN issue and suspects an IKE Crypto mismatch between peers. Where can the administrator find the corresponding logs after running a test command to initiate the VPN?
1. Configuration logs
2. System logs
3. Traffic logs
4. Tunnel Inspection logs
Answer: B
Question: 60
An administrator has configured a pair of firewalls using high availability in Active/Passive mode. Path Monitoring has been enabled with a Failure Condition of "any." A path group is configured with Failure Condition of "all" and contains a destination IP of 8.8.8.8 and 4.2.2.2 with a Ping Interval of 500ms and a Ping count of 3.
Which scenario will cause the Active firewall to fail over?
1. IP address 8.8.8.8 is unreachable for 1 second.
2. IP addresses 8.8.8.8 and 4.2.2.2 are unreachable for 1 second.
3. IP addresses 8.8.8.8 and 4.2.2.2 are unreachable for 2 seconds
4. IP address 4.2.2.2 is unreachable for 2 seconds.
Answer: C
Question: 61
Where is information about packet buffer protection logged?
1. Alert entries are in the Alarms log. Entries for dropped traffic, discarded sessions, and blocked IP address are in the Threat log
2. All entries are in the System log
3. Alert entries are in the System log. Entries for dropped traffic, discarded sessions and blocked IP addresses are in the Threat log
4. All entries are in the Alarms log
Answer: C Explanation:
Graphical user interface, text, application
Description automatically generated
Question: 62
The administrator for a small company has recently enabled decryption on their Palo Alto Networks firewall using a self-signed root certificate. They have also created a Forward Trust and Forward Untrust certificate and set them as such.
The admin has not yet installed the root certificate onto client systems What effect would this have on decryption functionality?
1. Decryption will function and there will be no effect to end users
2. Decryption will not function because self-signed root certificates are not supported
3. Decryption will not function until the certificate is installed on client systems
4. Decryption will function but users will see certificate warnings for each SSL site they visit
Answer: D
Question: 63
A firewall administrator notices that many Host Sweep scan attacks are being allowed through the firewall sourced from the outside zone.
What should the firewall administrator do to mitigate this type of attack?
1. Create a DOS Protection profile with SYN Flood protection enabled and apply it to all rules allowing traffic from the outside zone
2. Enable packet buffer protection in the outside zone.
3. Create a Security rule to deny all ICMP traffic from the outside zone.
4. Create a Zone Protection profile, enable reconnaissance protection, set action to Block, and apply it to the outside zone.
Answer: D
Question: 64
An engineer is tasked with configuring a Zone Protection profile on the untrust zone. Which three settings can be configured on a Zone Protection profile? (Choose three.)
1. Ethernet SGT Protection
2. Protocol Protection
3. DoS Protection
4. Reconnaissance Protection
5. Resource Protection
Answer: A, B, D Explanation:
1. Protocol Protection: is used to protect against known protocol vulnerabilities, such as buffer overflows and malformed packets.
2. DoS Protection: is used to protect against denial-of-service (DoS) attacks, such as SYN floods and ICMP floods.
3. Reconnaissance Protection: is used to protect against reconnaissance attacks, such as port scans and ping sweeps.
Question: 65
A firewall should be advertising the static route 10.2.0.0/24 Into OSPF. The configuration on the neighbor is correct, but the route is not in the neighbor’s routing table.
Which two configurations should you check on the firewall? (Choose two.)
1. In the OSFP configuration, ensure that the correct redistribution profile is selected in the OSPF Export Rules section.
2. Within the redistribution profile ensure that Redist is selected.
3. Ensure that the OSPF neighbor state Is "2-Way."
4. In the redistribution profile check that the source type is set to "ospf."
Answer: A,B
Question: 66
Given the following snippet of a WildFire submission log. did the end-user get access to the requested information and why or why not?
1. Yes. because the action is set to "allow ”
2. No because WildFire categorized a file with the verdict "malicious"
3. Yes because the action is set to "alert"
4. No because WildFire classified the seventy as "high."
Answer: C Question: 67 DRAG DROP
Below are the steps in the workflow for creating a Best Practice Assessment in a firewall and Panorama configuration Place the steps in order.
Answer:
Explanation:
Step 1. In either the NGFW or in Panorama, on the Operations/Support tab, download the technical support file. Step 2. Log in to the Customer Support Portal (CSP) and navigate to Tools > Best Practice Assessment.
Step 3. Upload or drag and drop the technical support file.
Step 4. Map the zone type and area of the architecture to each zone. Step 5. Follow the steps to download the BPA report bundle. Question: 68
You have upgraded Panorama to 10.2 and need to upgrade six Log Collectors.
When upgrading Log Collectors to 10.2, you must do what?
1. Upgrade the Log Collectors one at a time.
2. Add Panorama Administrators to each Managed Collector.
3. Add a Global Authentication Profile to each Managed Collector.
4. Upgrade all the Log Collectors at the same time.
Answer: D
Question: 69
How would an administrator configure a Bidirectional Forwarding Detection profile for BGP after enabling the Advance Routing Engine run on PAN-OS 10.2?
1. create a BFD profile under Network > Network Profiles > BFD Profile and then select the BFD profile under Network > Virtual Router > BGP > BFD
2. create a BFD profile under Network > Routing > Routing Profiles > BFD and then select the BFD profile under Network > Virtual Router > BGP > General > Global BFD Profile
3. create a BFD profile under Network > Routing > Routing Profiles > BFD and then select the BFD profile under Network > Routing > Logical Routers > BGP > General > Global BFD Profile
4. create a BFD profile under Network > Network Profiles > BFD Profile and then select the BFD profile under Network > Routing > Logical Routers > BGP > BFD
Answer: A

User: Myla***** Discovering killexams.com was a game-changer for me. The site provided me with high-quality PCNSE test questions/answers and a detailed sample to follow for my exam preparation. Thanks to killexams.com, I achieved an incredible feat by passing the PCNSE exam.

User: Lorne***** I was pleasantly surprised to achieve a score of 86% in the PCNSE exam, which was beyond my expectations. While I did encounter some difficult themes, I found that the Killexams.com practice tests provided a solid foundation to understand the complex concepts. The preparation material was helpful and accurate, which helped me to overcome my initial problems.

User: Kathleen***** I found killexams.com pcnse brain practice test to be extremely useful. All the questions were correct, and the answers were accurate, making it well worth the investment. Thanks to their help, I was able to pass my pcnse exam with flying colors last week.

User: Amanda***** Killexams.com is superb! I achieved a nearly perfect score of 98% on my PCNSE exam yesterday. The materials in the bundle are accurate and valid, and I recognized most of the questions from my other exams. The study guide comprehensively covered all the topics, and I was able to answer the questions with ease. I gained expert knowledge and a smooth pass to my PCNSE certification.

User: Olga***** This training kit has helped me pass the PCNSE exam and become certified. I am grateful to Killexams.com for providing such a clear and reliable training tool. The questions in the package are actual, and it has helped me streamline my exam preparation. I could not have afforded to study full-time for weeks or months, and Killexams.com has allowed me to shorten my training time and get a great result.

---