CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Palo Alto Networks
  5. PCNSE

Free PCNSE Exam Braindumps (page: 46)

Page 45 of 152
PDF with 606 Questions

An organization is building a Bootstrap Package to deploy Palo Alto Networks VM-Series firewalls into their AWS tenant. Which two statements are correct regarding the bootstrap package contents? (Choose two.)

  1. The bootstrap package is stored on an AFS share or a discrete container file bucket.
  2. The bootstrap.xml file allows for automated deployment of VM-Series firewalls with full network and policy configurations.
  3. The /config, /content and /software folders are mandatory while the /license and /plugin folders are optional.
  4. The init-cfg.txt and bootstrap.xml files are both optional configuration items for the /config folder.
  5. The directory structure must include a /config, /content, /software and /license folders.

Answer(s): B,E



Which Panorama objects restrict administrative access to specific device-groups?

  1. admin roles
  2. authentication profiles
  3. templates
  4. access domains

Answer(s): D


Reference:

https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/panorama-overview/role-based-access-control/access-domains



An engineer is planning an SSL decryption implementation.
Which of the following statements is a best practice for SSL decryption?

  1. Obtain an enterprise CA-signed certificate for the Forward Trust certificate.
  2. Use an enterprise CA-signed certificate for the Forward Untrust certificate.
  3. Use the same Forward Trust certificate on all firewalls in the network.
  4. Obtain a certificate from a publicly trusted root CA for the Forward Trust certificate.

Answer(s): A


Reference:

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/decryption/configure-ssl-forward-proxy



An administrator receives the following error message:

"IKE phase-2 negotiation failed when processing Proxy ID. Received local id 192. 168.33.33/24 type IPv4 address protocol 0 port 0, received remote id 172.16.33.33/24 type IPv4 address protocol 0 port 0."

How should the administrator identify the root cause of this error message?

  1. Verify that the IP addresses can be pinged and that routing issues are not causing the connection failure.
  2. Check whether the VPN peer on one end is set up correctly using policy-based VPN.
  3. In the IKE Gateway configuration, verify that the IP address for each VPN peer is accurate.
  4. In the IPSec Crypto profile configuration, verify that PFS is either enabled on both VPN peers or disabled on both VPN peers.

Answer(s): B


Reference:

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/vpns/set-up-site-to-site-vpn/interpret-vpn-error-messages.html






Post your Comments and Discuss Palo Alto Networks PCNSE exam with other Community members:

PCNSE Exam Discussions & Posts