QUESTION: 25

A web server is hosted in the DMZ, and the server is configured to listen for incoming connections only on TCP port 8080. A Security policy rule allowing access from the Trust zone to the DMZ zone need to be configured to enable we browsing access to the server.

Which application and service need to be configured to allow only cleartext web-browsing traffic to thins server on tcp/8080?

application: web-browsing; service: application-default
application: web-browsing; service: service-https
application: ssl; service: any
application: web-browsing; service: (custom with destination TCP port 8080)

Answer(s): D

Reveal Solution Next Question

QUESTION: 26

If the firewall has the following link monitoring configuration, what will cause a failover?

ethernet1/3 and ethernet1/6 going down
ethernet1/3 going down
ethernet1/3 or ethernet1/6 going down
ethernet1/6 going down

Answer(s): A

Reveal Solution Next Question

QUESTION: 27

In the image, what caused the commit warning?

The CA certificate for FWDtrust has not been imported into the firewall.
TheFWDtrust certificate has not been flagged as Trusted Root CA.
SSL Forward Proxy requires a public certificate to be imported into the firewall.
TheFWDtrust certificate does not have a certificate chain.

Answer(s): A

Reference:

https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/troubleshoot-and-monitor-decryption/decryption-logs/repair-incomplete-certificate-chains

Reveal Solution Next Question

QUESTION: 28

Which method does an administrator use to integrate all non-native MFA platforms in PAN-OS® software?

Okta
DUO
RADIUS
PingID

Answer(s): C

Reveal Solution Next Question

Free PCNSE Exam Braindumps (page: 7)

QUESTION: 25

QUESTION: 26

QUESTION: 27

Reference:

QUESTION: 28