CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Palo Alto Networks
  5. PCNSE

Free PCNSE Exam Braindumps (page: 60)

Page 59 of 152
PDF with 619 Questions

When you import the configuration of an HA pair into Panorama, how do you prevent the import from affecting ongoing traffic?

  1. Disable H
  2. Disable the HA2 link.
  3. Set the passive link state to "shutdown."
  4. Disable config sync.

Answer(s): D


Reference:

https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/manage-firewalls/transition-a-firewall-to-panorama-management/migrate-a-firewall-ha-pair-to-panorama-management.html



Before you upgrade a Palo Alto Networks NGFW, what must you do?

  1. Make sure that the PAN-OS support contract is valid for at least another year.
  2. Export a device state of the firewall.
  3. Make sure that the firewall is running a supported version of the app + threat update.
  4. Make sure that the firewall is running a version of antivirus software and a version of WildFire that support the licensed subscriptions.

Answer(s): C



The UDP-4501 protocol-port is used between which two GlobalProtect components?

  1. GlobalProtect app and GlobalProtect satellite
  2. GlobalProtect app and GlobalProtect portal
  3. GlobalProtect app and GlobalProtect gateway
  4. GlobalProtect portal and GlobalProtect gateway

Answer(s): C


Reference:

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall-administration/reference-port-number-usage/ports-used-for-globalprotect.html



An enterprise has a large Palo Alto Networks footprint that includes onsite firewalls and Prisma Access for mobile users, which is managed by Panorama. The enterprise already uses GlobalProtect with SAML authentication to obtain IP-to-user mapping information.

However, Information Security wants to use this information in Prisma Access for policy enforcement based on group mapping. Information Security uses on-premises Active Directory (AD) but is uncertain about what is needed for Prisma Access to learn groups from AD.

How can policies based on group mapping be learned and enforced in Prisma Access?

  1. Configure Prisma Access to learn group mapping via SAML assertion.
  2. Set up group mapping redistribution between an onsite Palo Alto Networks firewall and Prisma Access.
  3. Assign a master device in Panorama through which Prisma Access learns groups.
  4. Create a group mapping configuration that references an LDAP profile that points to on-premises domain controllers.

Answer(s): C


Reference:

https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/configure-user-based-policies-with-prisma-access/retrieve-user-id-information.html#id823f5b30-2c1d-4c87-9ae6-a06573455af7






Post your Comments and Discuss Palo Alto Networks PCNSE exam with other Community members:

PCNSE Exam Discussions & Posts