Palo Alto Networks PCNSE Exam Practice Test Instant Access

Question 1

What does the User-ID agent use to find login and logout events in syslog messages?

ASyslog Server profile

BAuthentication log

CSyslog Parse profile

DLog Forwarding profile

Answer : C

Question 2

A firewall administrator is changing a packet capture filter to troubleshoot a specific traffic flow Upon opening the newly created packet capture, the administrator still sees traffic for the previous fitter What can the administrator do to limit the captured traffic to the newly configured filter?

ACommand line > debug dataplane packet-diag clear filter-marked-session all

BIn the GLH under Monitor > Packet Capture > Manage Filters under Ingress Interface select an interface

CCommand line> debug dataplane packet-diag clear filter all

DIn the GUI under Monitor > Packet Capture > Manage Filters under the Non-IP field, select 'exclude'

Answer : C

Question 3

A company has recently migrated their branch office's PA-220S to a centralized Panoram

a. This Panorama manages a number of PA-7000 Series and PA-5200 Series devices All device group and template configuration is managed solely within Panorama

They notice that commit times have drastically increased for the PA-220S after the migration

What can they do to reduce commit times?

ADisable 'Share Unused Address and Service Objects with Devices' in Panorama Settings.

BUpdate the apps and threat version using device-deployment

CPerform a device group push using the 'merge with device candidate config' option

DUse 'export or push device config bundle' to ensure that the firewall is integrated with the Panorama config.

Answer : A

https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/manage-firewalls/manage-device-groups/manage-unused-shared-objects

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm1CCAS

Question 4

An administrator has been tasked with configuring decryption policies,

Which decryption best practice should they consider?

AConsider the local, legal, and regulatory implications and how they affect which traffic can be decrypted.

BDecrypt all traffic that traverses the firewall so that it can be scanned for threats.

CPlace firewalls where administrators can opt to bypass the firewall when needed.

DCreate forward proxy decryption rules without Decryption profiles for unsanctioned applications.

Answer : A

The best decryption best practice that the administrator should consider isA: Consider the local, legal, and regulatory implications and how they affect which traffic can be decrypted.This is because decryption involves intercepting and inspecting encrypted traffic, which may raise privacy and compliance issues depending on the jurisdiction and the type of traffic1.Therefore, the administrator should be aware of the local, legal, and regulatory implications and how they affect which traffic can be decrypted, and follow the appropriate guidelines and policies to ensure that decryption is done in a lawful and ethical manner1.

Question 5

A company wants to use GlobalProtect as its remote access VPN solution.

Which GlobalProtect features require a Gateway license?

AMultiple external gateways

BSingle or multiple internal gateways

CSplit DNS and HIP checks

DIPv6 for internal gateways

Answer : C

Question 6

A company has configured GlobalProtect to allow their users to work from home. A decrease in performance for remote workers has been reported during peak-use hours.

Which two steps are likely to mitigate the issue? (Choose TWO)

AExclude video traffic

BEnable decryption

CBlock traffic that is not work-related

DCreate a Tunnel Inspection policy

Answer : A, C

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PP3ICAW

Question 7

What are the two behavior differences between Highlight Unused Rules and the Rule Usage Hit counter when a firewall is rebooted? (Choose two.)

ARule Usage Hit counter will not be reset

BHighlight Unused Rules will highlight all rules.

CHighlight Unused Rules will highlight zero rules.

DRule Usage Hit counter will reset.

Answer : A, B

Palo Alto Networks Certified Security Engineer PAN-OS 11.0 PCNSE Exam Practice Test