Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Palo Alto Networks
  5. PCNSE

Palo Alto Networks PCNSE Exam
Palo Alto Networks Certified Network Security Engineer (Page 14 )

Updated On: 15-Feb-2026
Page 14 of 123
PDF with 606 Questions

Which CLI command can be used to export the tcpdump capture?

  1. scp export tcpdump from mgmt.pcap to <username@host:path>
  2. scp extract mgmt-pcap from mgmt.pcap to <username@host:path>
  3. scp export mgmt-pcap from mgmt.pcap to <username@host:path>
  4. downloadmgmt-pcap

Answer(s): C


Reference:

https://live.paloaltonetworks.com/t5/Management-Articles/How-To-Packet-Capture-tcpdump-On-Management-Interface/ta-p/55415



An administrator has configured the Palo Alto Networks NGFW’s management interface to connect to the internet through a dedicated path that does not traverse back through the NGFW itself.

Which configuration setting or step will allow the firewall to get automatic application signature updates?

  1. A scheduler will need to be configured for application signatures.
  2. A Security policy rule will need to be configured to allow the update requests from the firewall to the update servers.
  3. A Threat Prevention license will need to be installed.
  4. A service route will need to be configured.

Answer(s): A



Which three options are supported in HA Lite? (Choose three.)

  1. Virtual link
  2. Active/passive deployment
  3. Synchronization of IPsec security associations
  4. Configuration synchronization
  5. Session synchronization

Answer(s): B,C,D


Reference:

https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/device/device-high-availability/ha-lite



Which CLI command enables an administrator to view details about the firewall including uptime, PAN-OS® version, and serial number?

  1. debug system details
  2. show session info
  3. show system info
  4. show system details

Answer(s): C


Reference:

https://live.paloaltonetworks.com/t5/Learning-Articles/Quick-Reference-Guide-Helpful-Commands/ta-p/56511



During the packet flow process, which two processes are performed in application identification? (Choose two.)

  1. Pattern based application identification
  2. Application override policy match
  3. Application changed from content inspection
  4. Session application identified

Answer(s): A,B






Post your Comments and Discuss Palo Alto Networks PCNSE exam prep with other Community members:

Join the PCNSE Discussion