Palo Alto Networks Certified Security Engineer PAN-OS 11.0 Exam Practice Test

Page: 1 / 14
Total 124 questions
Question 1

An engineer troubleshoots a high availability (HA) link that is unreliable.

Where can the engineer view what time the interface went down?



Answer : C

Question 2

An enterprise Information Security team has deployed policies based on AD groups to restrict user access to critical infrastructure systems. However, a recent phishing campaign against the organization has prompted Information Security to look for more controls that can secure access to critical assets. For users that need to access these systems. Information Security wants to use PAN-OS multi-factor authentication (MFA) integration to enforce MFA.

What should the enterprise do to use PAN-OS MFA?



Answer : A

Question 3

An engineer must configure a new SSL decryption deployment.

Which profile or certificate is required before any traffic that matches an SSL decryption rule is decrypted?



Answer : A

Question 4

Which two key exchange algorithms consume the most resources when decrypting SSL traffic? (Choose two.)



Answer : B, D

Question 5

An organization wants to begin decrypting guest and BYOD traffic.

Which NGFW feature can be used to identify guests and BYOD users, instruct them how to download and install the CA certificate, and clearly notify them that their traffic will be decrypted?



Answer : A

Question 6

Which three multi-factor authentication methods can be used to authenticate access to the firewall? (Choose three.)



Answer : C, D, E

Question 7

During the process of developing a decryption strategy and evaluating which websites are required for corporate users to access, several sites have been identified that cannot be decrypted due to technical reasons. In this case, the technical reason is unsupported ciphers Traffic to these sites will therefore be blocked if decrypted.

How should the engineer proceed?



Answer : C

Page:    1 / 14   
Total 124 questions