CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Palo Alto Networks
  5. PCNSE

Free PCNSE Exam Braindumps (page: 59)

Page 58 of 152
PDF with 619 Questions

An administrator is considering upgrading the Palo Alto Networks NGFW and central management Panorama version.

What is considered best practice for this scenario?

  1. Perform the Panorama and firewall upgrades simultaneously.
  2. Upgrade the firewall first, wait at least 24 hours, and then upgrade the Panorama version.
  3. Upgrade Panorama to a version at or above the target firewall version.
  4. Export the device state, perform the update, and then import the device state.

Answer(s): C


Reference:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRrCAK



An administrator has 750 firewalls. The administrator's central-management Panorama instance deploys dynamic updates to the firewalls. The administrator notices that the dynamic updates from Panorama do not appear on some of the firewalls.

If Panorama pushes the configuration of a dynamic update schedule to managed firewalls, but the configuration does not appear, what is the root cause?

  1. Panorama does not have valid licenses to push the dynamic updates.
  2. Panorama has no connection to Palo Alto Networks update servers.
  3. Locally-defined dynamic update settings take precedence over the settings that Panorama pushed.
  4. No service route is configured on the firewalls to Palo Alto Networks update servers.

Answer(s): C


Reference:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClKQCA0



An enterprise Information Security team has deployed policies based on AD groups to restrict user access to critical infrastructure systems. However, a recent phishing campaign against the organization has prompted information Security to look for more controls that can secure access to critical assets. For users that need to access these systems, Information Security wants to use PAN-OS multi-factor authentication (MFA) integration to enforce MFA.

What should the enterprise do to use PAN-OS MFA?

  1. Use a Credential Phishing agent to detect, prevent, and mitigate credential phishing campaigns.
  2. Create an authentication profile and assign another authentication factor to be used by a Captive Portal authentication policy.
  3. Configure a Captive Portal authentication policy that uses an authentication sequence.
  4. Configure a Captive Portal authentication policy that uses an authentication profile that references a RADIUS profile.

Answer(s): B



An administrator wants to enable zone protection.
Before doing so, what must the administrator consider?

  1. Activate a zone protection subscription.
  2. Security policy rules do not prevent lateral movement of traffic between zones.
  3. The zone protection profile will apply to all interfaces within that zone.
  4. To increase bandwidth, no more than one firewall interface should be connected to a zone.

Answer(s): C


Reference:

https://live.paloaltonetworks.com/t5/general-topics/apply-zone-protection-to-which-zone/td-p/36113






Post your Comments and Discuss Palo Alto Networks PCNSE exam with other Community members:

PCNSE Exam Discussions & Posts