CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Palo Alto Networks
  5. PCNSE

Free PCNSE Exam Braindumps (page: 25)

Page 24 of 152
PDF with 606 Questions

The firewall identifies a popular application as an unknown-tcp.
Which two options are available to identify the application? (Choose two.)

  1. Create a custom application.
  2. Create a custom object for the custom application server to identify the custom application.
  3. Submit an App-ID request to Palo Alto Networks.
  4. Create a Security policy to identify the custom application.

Answer(s): A,C



If an administrator wants to decrypt SMTP traffic and possesses the server’s certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to inspect traffic to the server?

  1. TLS Bidirectional Inspection
  2. SSL Inbound Inspection
  3. SSH Forward Proxy
  4. SMTP Inbound Decryption

Answer(s): B


Reference:

https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/decryption/configure-ssl-inbound-inspection



A client has a sensitive application server in their data center and is particularly concerned about resource exhaustion because of distributed denial-of-service attacks.

How can the Palo Alto Networks NGFW be configured to specifically protect this server against resource exhaustion originating from multiple IP addresses (DDoS attack)?

  1. Define a custom App-ID to ensure that only legitimate application traffic reaches the server.
  2. Add a Vulnerability Protection Profile to block the attack.
  3. Add QoS Profiles to throttle incoming requests.
  4. Add a DoS Protection Profile with defined session count.

Answer(s): D


Reference:

https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/zone-protection-and-dos-protection/zone-defense/dos-protection-profiles-and-policy-rules/dos-protection-profiles



Which two methods can be used to verify firewall connectivity to AutoFocus? (Choose two.)

  1. Verify AutoFocus status using the CLI “test” command.
  2. Check the WebUI Dashboard AutoFocus widget.
  3. Check for WildFire forwarding logs.
  4. Check the license.
  5. Verify AutoFocus is enabled below Device Management tab.

Answer(s): D,E


Reference:

https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/getting-started/enable-autofocus-threat-intelligence






Post your Comments and Discuss Palo Alto Networks PCNSE exam with other Community members:

PCNSE Discussions & Posts