Palo Alto Networks PCNSE Exam Practice Test Instant Access

Question 1

Which GlobalProtect gateway selling is required to enable split-tunneling by access route, destination domain, and application?

ANo Direct Access to local networks

BTunnel mode

CiPSec mode

DSatellite mode

Answer : B

Question 2

Which log type will help the engineer verify whether packet buffer protection was activated?

AData Filtering

BConfiguration

CThreat

DTraffic

Answer : C

Question 3

An engineer discovers the management interface is not routable to the User-ID agent

What configuration is needed to allow the firewall to communicate to the User-ID agent?

ACreate a NAT policy for the User-ID agent server

BAdd a Policy Based Forwarding (PBF) policy to the User-ID agent IP

CCreate a custom service route for the UID Agent

DAdd a static route to the virtual router

Answer : C

Question 4

Which three methods are supported for split tunneling in the GlobalProtect Gateway? (Choose three.)

AVideo Streaming Application

BDestination Domain

CClient Application Process

DSource Domain

EURL Category

Answer : B, C, E

Question 5

An engineer is tasked with configuring SSL forward proxy for traffic going to external sites.

Which of the following statements is consistent with SSL decryption best practices?

AThe forward trust certificate should not be stored on an HSM.

BThe forward untrust certificate should be signed by a certificate authority that is trusted by the clients.

CCheck both the Forward Trust and Forward Untrust boxes when adding a certificate for use with SSL decryption

DThe forward untrust certificate should not be signed by a Trusted Root CA

Answer : B

Question 6

An engineer creates a set of rules in a Device Group (Panorama) to permit traffic to various services for a specific LDAP user group.

What needs to be configured to ensure Panorama can retrieve user and group information for use in these rules?

AA service route to the LDAP server

BA Master Device

CAuthentication Portal

DA User-ID agent on the LDAP server

Answer : A

Question 7

After importing a pre-configured firewall configuration to Panorama, what step is required to ensure a commit/push is successful without duplicating local configurations?

AEnsure Force Template Values is checked when pushing configuration.

BPush the Template first, then push Device Group to the newly managed firewal.

CPerform the Export or push Device Config Bundle to the newly managed firewall.

DPush the Device Group first, then push Template to the newly managed firewall

Answer : C

Palo Alto Networks Certified Network Security Engineer (PAN-OS 10.0) Exam Practice Test

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7