CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Palo Alto Networks
  5. PCNSE

Free PCNSE Exam Braindumps (page: 47)

Page 46 of 152
PDF with 619 Questions

The following objects and policies are defined in a device group hierarchy.



Dallas-Branch has Dallas-FW as a member of the Dallas-Branch device-group
NYC-DC has NYC-FW as a member of the NYC-DC device-group
What objects and policies will the Dallas-FW receive if "Share Unused Address and Service Objects" is enabled in Panorama?


  1. Address Objects
    -Shared Address1
    -Branch Address1
    Policies
    -Shared Policy1
    -Branch Policy1

  2. Address Objects
    -Shared Address1
    -Shared Address2
    -Branch Address1
    Policies
    -Shared Policy1
    -Shared Policy2
    -Branch Policy1

  3. Address Objects
    -Shared Address1
    -Shared Address2
    -Branch Address1
    -DC Address1
    Policies
    -Shared Policy1
    -Shared Policy2
    -Branch Policy1

  4. Address Objects
    -Shared Address1
    -Shared Address2
    -Branch Address1
    Policies
    -Shared Policy1
    -Branch Policy1

Answer(s): D



An administrator has purchased WildFire subscriptions for 90 firewalls globally.
What should the administrator consider with regards to the WildFire infrastructure?

  1. To comply with data privacy regulations, WildFire signatures and verdicts are not shared globally.
  2. Palo Alto Networks owns and maintains one global cloud and four WildFire regional clouds.
  3. Each WildFire cloud analyzes samples and generates malware signatures and verdicts independently of the other WildFire clouds.
  4. The WildFire Global Cloud only provides bare metal analysis.

Answer(s): C


Reference:

https://docs.paloaltonetworks.com/wildfire/9-1/wildfire-admin/wildfire-overview/wildfire-concepts/verdicts.html



A firewall is configured with SSL Forward Proxy decryption and has the following four enterprise certificate authorities (CAs):

i) Enterprise-Trusted-CA, which is verified as Forward Trust Certificate (The CA is also installed in the trusted store of the end-user browser and system.)
ii) Enterprise-Untrusted-CA, which is verified as Forward Untrust Certificate
iii) Enterprise-Intermediate-CA
iv) Enterprise-Root-CA, which is verified only as Trusted Root CA

An end-user visits https://www.example-website.com/ with a server certificate Common Name (CN): www.example-website.com. The firewall does the SSL Forward Proxy decryption for the website and the server certificate is not trusted by the firewall.

The end-user's browser will show that the certificate for www. example-website.com was issued by which of the following?

  1. Enterprise-Trusted-CA which is a self-signed CA
  2. Enterprise-Root-CA which is a self-signed CA
  3. Enterprise-Intermediate-CA which was, in turn, issued by Enterprise-Root-CA
  4. Enterprise-Untrusted-CA which is a self-signed CA

Answer(s): D



What are three reasons for excluding a site from SSL decryption? (Choose three.)

  1. the website is not present in English
  2. unsupported ciphers
  3. certificate pinning
  4. unsupported browser version
  5. mutual authentication

Answer(s): B,C,E


Reference:

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/decryption/decryption-exclusions/exclude-a-server-from-decryption






Post your Comments and Discuss Palo Alto Networks PCNSE exam with other Community members:

PCNSE Exam Discussions & Posts