Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Palo Alto Networks
  5. PCNSE

Palo Alto Networks PCNSE Exam
Palo Alto Networks Certified Network Security Engineer (Page 20 )

Updated On: 12-Feb-2026
Page 20 of 123
PDF with 606 Questions

Which feature can be configured on VM-Series firewalls?

  1. aggregate interfaces
  2. machine learning
  3. multiple virtual systems
  4. GlobalProtect

Answer(s): D



In High Availability, which information is transferred via the HA data link?

  1. session information
  2. heartbeats
  3. HA state information
  4. User-ID information

Answer(s): A


Reference:

https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/high-availability/ha-concepts/ha-links-and-backup-links



The firewall identifies a popular application as an unknown-tcp.
Which two options are available to identify the application? (Choose two.)

  1. Create a custom application.
  2. Create a custom object for the custom application server to identify the custom application.
  3. Submit an App-ID request to Palo Alto Networks.
  4. Create a Security policy to identify the custom application.

Answer(s): A,C



If an administrator wants to decrypt SMTP traffic and possesses the server’s certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to inspect traffic to the server?

  1. TLS Bidirectional Inspection
  2. SSL Inbound Inspection
  3. SSH Forward Proxy
  4. SMTP Inbound Decryption

Answer(s): B


Reference:

https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/decryption/configure-ssl-inbound-inspection



A client has a sensitive application server in their data center and is particularly concerned about resource exhaustion because of distributed denial-of-service attacks.

How can the Palo Alto Networks NGFW be configured to specifically protect this server against resource exhaustion originating from multiple IP addresses (DDoS attack)?

  1. Define a custom App-ID to ensure that only legitimate application traffic reaches the server.
  2. Add a Vulnerability Protection Profile to block the attack.
  3. Add QoS Profiles to throttle incoming requests.
  4. Add a DoS Protection Profile with defined session count.

Answer(s): D


Reference:

https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/zone-protection-and-dos-protection/zone-defense/dos-protection-profiles-and-policy-rules/dos-protection-profiles






Post your Comments and Discuss Palo Alto Networks PCNSE exam prep with other Community members:

Join the PCNSE Discussion