CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Palo Alto Networks
  5. PCNSE

Free PCNSE Exam Braindumps (page: 22)

Page 22 of 152
PDF with 606 Questions

A web server is hosted in the DMZ and the server is configured to listen for incoming connections on TCP port443. A Security policies rules allowing access from the Trust zone to the DMZ zone needs to be configured to allow web-browsing access. The web server hosts its contents over HTTP(S). Traffic from Trust to DMZ is being decrypted with a Forward Proxy rule.
Which combination of service and application, and order of Security policy rules, needs to be configured to allow cleartext web-browsing traffic to this server on tcp/443?

  1. Rule #1: application: web-browsing; service: application-default; action: allow
    Rule #2: application: ssl; service: application-default; action: allow
  2. Rule #1: application: web-browsing; service: service-http; action: allow
    Rule #2: application: ssl; service: application-default; action: allow
  3. Rule # 1: application: ssl; service: application-default; action: allow
    Rule #2: application: web-browsing; service: application-default; action: allow
  4. Rule #1: application: web-browsing; service: service-https; action: allow
    Rule #2: application: ssl; service: application-default; action: allow

Answer(s): D



Which two options prevent the firewall from capturing traffic passing through it? (Choose two.)

  1. The firewall is in multi-vsys mode.
  2. The traffic is offloaded.
  3. The traffic does not match the packet capture filter.
  4. The firewall’s DP CPU is higher than 50%.

Answer(s): B,C


Reference:

https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/monitoring/take-packet-captures/disable-hardware-offload



A global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck near the User-ID agent server.

Which solution in PAN-OS® software would help in this case?

  1. application override
  2. Virtual Wire mode
  3. content inspection
  4. redistribution of user mappings

Answer(s): D


Reference:

https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/user-id/deploy-user-id-in-a-large-scale-network



An administrator has been asked to create 100 virtual firewalls in a local, on-premise lab environment (not in “the cloud”). Bootstrapping is the most expedient way to perform this task.

Which option describes deployment of a bootstrap package in an on-premise virtual environment?

  1. Use config-drive on a USB stick.
  2. Use an S3 bucket with an ISO.
  3. Create and attach a virtual hard disk (VHD).
  4. Use a virtual CD-ROM with an ISO.

Answer(s): D


Reference:

https://www.paloaltonetworks.com/documentation/80/virtualization/virtualization/set-up-the-vm-series-firewall-on-kvm/install-the-vm-series-firewall-on-kvm/use-an-iso-file-to-deploy-the-vm-series-firewall



Page 22 of 152



Post your Comments and Discuss Palo Alto Networks PCNSE exam with other Community members:

Lee commented on November 27, 2024
So far so good
UNITED STATES
upvote

Naredn commented on November 22, 2024
Best practices at one place
Anonymous
upvote

Dan commented on September 08, 2024
So far so good
Anonymous
upvote

Eric commented on December 13, 2023
Works great
Anonymous
upvote