Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Palo Alto Networks
  5. PCNSE

Palo Alto Networks PCNSE Exam
Palo Alto Networks Certified Network Security Engineer (Page 8 )

Updated On: 15-Feb-2026
Page 8 of 123
PDF with 606 Questions

A session in the Traffic log is reporting the application as “incomplete.” What does “incomplete” mean?

  1. The three-way TCP handshake was observed, but the application could not be identified.
  2. The three-way TCP handshake did not complete.
  3. The traffic is coming across UDP, and the application could not be identified.
  4. Data was received but was instantly discarded because of a Deny policy was applied before App-ID could be applied.

Answer(s): B



Refer to the exhibit.
An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the specific server based on the application, where Host A (10.1.1.100) receives HTTP traffic and Host B (10.1.1.101) receives SSH traffic.

Which two Security policy rules will accomplish this configuration? (Choose two.)

  1. Untrust (Any) to Untrust (10.1.1.1), web-browsing - Allow
  2. Untrust (Any) to Untrust (10.1.1.1), ssh - Allow
  3. Untrust (Any) to DMZ (1.1.1.100), web-browsing - Allow
  4. Untrust (Any) to DMZ (1.1.1.100), ssh - Allow
  5. Untrust (Any) to DMZ (10.1.1.100, 10.1.1.101), ssh, web-browsing - Allow

Answer(s): C,D



An administrator needs to determine why users on the trust zone cannot reach certain websites. The only information available is shown on the following image.

Which configuration change should the administrator make?






Answer(s): B



Which three settings are defined within the Templates object of Panorama? (Choose three.)

  1. Setup
  2. Virtual Routers
  3. Interfaces
  4. Security
  5. Application Override

Answer(s): A,B,C



A customer has an application that is being identified as unknown-tcp for one of their custom PostgreSQL database connections.

Which two configuration options can be used to correctly categorize their custom database application? (Choose two.)

  1. Application Override policy.
  2. Security policy to identify the custom application.
  3. Custom application.
  4. Custom Service object.

Answer(s): A,C


Reference:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clc6CAC






Post your Comments and Discuss Palo Alto Networks PCNSE exam prep with other Community members:

Join the PCNSE Discussion