Palo Alto Networks Certified Network Security Engineer (PAN-OS 10.0) Exam Practice Test

Page: 1 / 14
Total 455 questions

Question 1

Which two virtualized environments support Active/Active High Availability (HA) in PAN-OS 8.0? (Choose two.)

Answer : A, B

Question 2

Which two actions are required to make Microsoft Active Directory users appear in a firewall traffic log? (Choose two.)

Answer : A, D

Question 3

A distributed log collection deployment has dedicated log Collectors. A developer needs a device to send logs to Panorama instead of sending logs to the Collector Group.

What should be done first?

Answer : C

Question 4

Which Device Group option is assigned by default in Panorama whenever a new device group is created to manage a Firewall?

Answer : C

Question 5

Refer to Exhibit:

A firewall has three PDF rules and a default route with a next hop of that is configured in the default VR. A user named XX-bes a PC with a IP address.

He makes an HTTPS connection to

What is the next hop IP address for the HTTPS traffic from Wills PC.

Answer : B

Question 6 has an in-house application that the Palo Alto Networks device doesn't identify correctly. A Threat Management Team member has mentioned that this in-house application is very sensitive and all traffic being identified needs to be inspected by the Content-ID engine.

Which method should use to immediately address this traffic on a Palo Alto Networks device?

Answer : D

Question 7

A company has a web server behind a Palo Alto Networks next-generation firewall that it wants to make accessible to the public at The company has decided to configure a destination NAT Policy rule.

Given the following zone information:

* DMZ zone: DMZ-L3

* Public zone: Untrust-L3

* Guest zone: Guest-L3

* Web server zone: Trust-L3

* Public IP address (Untrust-L3):

* Private IP address (Trust-L3):

What should be configured as the destination zone on the Original Packet tab of NAT Policy rule?

Answer : A

Page:    1 / 14   
Total 455 questions