CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Palo Alto Networks
  5. PCNSE

Free PCNSE Exam Braindumps (page: 23)

Page 22 of 152
PDF with 606 Questions

A web server is hosted in the DMZ and the server is configured to listen for incoming connections on TCP port443. A Security policies rules allowing access from the Trust zone to the DMZ zone needs to be configured to allow web-browsing access. The web server hosts its contents over HTTP(S). Traffic from Trust to DMZ is being decrypted with a Forward Proxy rule.
Which combination of service and application, and order of Security policy rules, needs to be configured to allow cleartext web-browsing traffic to this server on tcp/443?

  1. Rule #1: application: web-browsing; service: application-default; action: allow
    Rule #2: application: ssl; service: application-default; action: allow
  2. Rule #1: application: web-browsing; service: service-http; action: allow
    Rule #2: application: ssl; service: application-default; action: allow
  3. Rule # 1: application: ssl; service: application-default; action: allow
    Rule #2: application: web-browsing; service: application-default; action: allow
  4. Rule #1: application: web-browsing; service: service-https; action: allow
    Rule #2: application: ssl; service: application-default; action: allow

Answer(s): D



Which two options prevent the firewall from capturing traffic passing through it? (Choose two.)

  1. The firewall is in multi-vsys mode.
  2. The traffic is offloaded.
  3. The traffic does not match the packet capture filter.
  4. The firewall’s DP CPU is higher than 50%.

Answer(s): B,C


Reference:

https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/monitoring/take-packet-captures/disable-hardware-offload



A global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck near the User-ID agent server.

Which solution in PAN-OS® software would help in this case?

  1. application override
  2. Virtual Wire mode
  3. content inspection
  4. redistribution of user mappings

Answer(s): D


Reference:

https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/user-id/deploy-user-id-in-a-large-scale-network



An administrator has been asked to create 100 virtual firewalls in a local, on-premise lab environment (not in “the cloud”). Bootstrapping is the most expedient way to perform this task.

Which option describes deployment of a bootstrap package in an on-premise virtual environment?

  1. Use config-drive on a USB stick.
  2. Use an S3 bucket with an ISO.
  3. Create and attach a virtual hard disk (VHD).
  4. Use a virtual CD-ROM with an ISO.

Answer(s): D


Reference:

https://www.paloaltonetworks.com/documentation/80/virtualization/virtualization/set-up-the-vm-series-firewall-on-kvm/install-the-vm-series-firewall-on-kvm/use-an-iso-file-to-deploy-the-vm-series-firewall






Post your Comments and Discuss Palo Alto Networks PCNSE exam with other Community members:

PCNSE Discussions & Posts