Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Palo Alto Networks
  5. PCNSE

Palo Alto Networks PCNSE Exam
Palo Alto Networks Certified Network Security Engineer (Page 16 )

Updated On: 12-Feb-2026
Page 16 of 123
PDF with 606 Questions

If an administrator does not possess a website’s certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to inspect traffic when users browse to HTTP(S) websites?

  1. SSL Forward Proxy
  2. SSL Inbound Inspection
  3. TLS Bidirectional proxy
  4. SSL Outbound Inspection

Answer(s): A



An administrator sees several inbound sessions identified as unknown-tcp in the Traffic logs. The administrator determines that these sessions are form external users accessing the company’s proprietary accounting application. The administrator wants to reliably identify this traffic as their accounting application and to scan this traffic for threats.

Which option would achieve this result?

  1. Create a custom App-ID and enable scanning on the advanced tab.
  2. Create an Application Override policy.
  3. Create a custom App-ID and use the “ordered conditions” check box.
  4. Create an Application Override policy and a custom threat signature for the application.

Answer(s): A



The administrator has enabled BGP on a virtual router on the Palo Alto Networks NGFW, but new routes do not seem to be populating the virtual router.

Which two options would help the administrator troubleshoot this issue? (Choose two.)

  1. View the System logs and look for the error messages about BGP.
  2. Perform a traffic pcap on the NGFW to see any BGP problems.
  3. View the Runtime Stats and look for problems with BGP configuration.
  4. View the ACC tab to isolate routing issues.

Answer(s): B,C



An administrator has enabled OSPF on a virtual router on the NGFW. OSPF is not adding new routes to the virtual router.

Which two options enable the administrator to troubleshoot this issue? (Choose two.)

  1. View Runtime Stats in the virtual router.
  2. View System logs.
  3. Add a redistribution profile to forward as BGP updates.
  4. Perform a traffic pcap at the routing stage.

Answer(s): A,B



Which three firewall states are valid? (Choose three.)

  1. Active
  2. Functional
  3. Pending
  4. Passive
  5. Suspended

Answer(s): A,D,E


Reference:

https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/high-availability/ha-firewall-states






Post your Comments and Discuss Palo Alto Networks PCNSE exam prep with other Community members:

Join the PCNSE Discussion