Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Palo Alto Networks
  5. PCNSE

Palo Alto Networks PCNSE Exam
Palo Alto Networks Certified Network Security Engineer (Page 23 )

Updated On: 12-Feb-2026
Page 23 of 123
PDF with 606 Questions

VPN traffic intended for an administrator’s Palo Alto Networks NGFW is being maliciously intercepted and retransmitted by the interceptor.

When creating a VPN tunnel, which protection profile can be enabled to prevent this malicious behavior?

  1. Zone Protection
  2. Replay
  3. Web Application
  4. DoS Protection

Answer(s): B



Which Zone Pair and Rule Type will allow a successful connection for a user on the Internet zone to a web server hosted on the DMZ zone? The web server is reachable using a Destination NAT policy in the Palo Alto Networks firewall.





Answer(s): B



An administrator has configured a QoS policy rule and a QoS Profile that limits the maximum allowable bandwidth for the YouTube application. However, YouTube is consuming more than the maximum bandwidthallotment configured.

Which configuration step needs to be configured to enable QoS?

  1. Enable QoS interface
  2. Enable QoS in the Interface Management Profile
  3. Enable QoS Data Filtering Profile
  4. Enable QoS monitor

Answer(s): A



Which log file can be used to identify SSL decryption failures?

  1. Traffic
  2. ACC
  3. Configuration
  4. Threats

Answer(s): A



A customer wants to set up a site-to-site VPN using tunnel interfaces. Which two formats are correct for naming tunnel interfaces? (Choose two.)

  1. tunnel.1
  2. vpn-tunnel.1
  3. tunnel.1025
  4. vpn-tunnel.1024

Answer(s): A,C






Post your Comments and Discuss Palo Alto Networks PCNSE exam prep with other Community members:

Join the PCNSE Discussion