Free PCNSE Exam Braindumps (page: 8)

Page 7 of 152

A web server is hosted in the DMZ, and the server is configured to listen for incoming connections only on TCP port 8080. A Security policy rule allowing access from the Trust zone to the DMZ zone need to be configured to enable we browsing access to the server.

Which application and service need to be configured to allow only cleartext web-browsing traffic to thins server on tcp/8080?

  1. application: web-browsing; service: application-default
  2. application: web-browsing; service: service-https
  3. application: ssl; service: any
  4. application: web-browsing; service: (custom with destination TCP port 8080)

Answer(s): D



If the firewall has the following link monitoring configuration, what will cause a failover?

  1. ethernet1/3 and ethernet1/6 going down
  2. ethernet1/3 going down
  3. ethernet1/3 or ethernet1/6 going down
  4. ethernet1/6 going down

Answer(s): A



In the image, what caused the commit warning?

  1. The CA certificate for FWDtrust has not been imported into the firewall.
  2. TheFWDtrust certificate has not been flagged as Trusted Root CA.
  3. SSL Forward Proxy requires a public certificate to be imported into the firewall.
  4. TheFWDtrust certificate does not have a certificate chain.

Answer(s): A


Reference:

https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/troubleshoot-and-monitor-decryption/decryption-logs/repair-incomplete-certificate-chains



Which method does an administrator use to integrate all non-native MFA platforms in PAN-OS® software?

  1. Okta
  2. DUO
  3. RADIUS
  4. PingID

Answer(s): C






Post your Comments and Discuss Palo Alto Networks PCNSE exam with other Community members:

PCNSE Discussions & Posts