Palo Alto Networks PCNSE Exam Practice Test Instant Access

Question 1

An administrator plans to install the Windows-Based User-ID Agent.

What type of Active Directory (AD) service account should the administrator use?

ADedicated Service Account

BSystem Account

CDomain Administrator

DEnterprise Administrator

Answer : A

Question 2

Which new PAN-OS 11.0 feature supports IPv6 traffic?

ADHCPv6 Client with Prefix Delegation

BOSPF

CDHCP Server

DIKEv1

Answer : A

https://docs.paloaltonetworks.com/compatibility-matrix/ipv6-support-by-feature/ipv6-support-by-feature-table

Question 3

With the default TCP and UDP settings on the firewall, what will be the identified application in the following session?

AIncomplete

Bunknown-tcp

CInsufficient-data

Dnot-applicable

Answer : D

Traffic didnt match any other policies and so landed at the implicit 'deny all' policy. If it's deny all, the traffic was dropped before the application could be determined. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClibCAC

Question 4

Where is Palo Alto Networks Device Telemetry data stored on a firewall with a device certificate installed?

AOn Palo Alto Networks Update Servers

BM600 Log Collectors

CCortex Data Lake

DPanorama

Answer : C

Palo Alto Networks Device Telemetry data, collected from firewalls with a device certificate installed, is stored on Palo Alto Networks Update Servers. This telemetry data includes information about threats, device health, and other operational metrics that are crucial for the continuous improvement of security services and threat intelligence. The collected data is anonymized and securely transmitted to Palo Alto Networks, where it is used to enhance the overall effectiveness of threat identification and prevention capabilities across all deployed devices. This collaborative approach helps in keeping the security ecosystem updated and resilient against emerging threats.

Question 5

A firewall engineer is managing a Palo Alto Networks NGFW that does not have the DHCP server on DHCP agent configuration. Which interface mode can the broadcast DHCP traffic?

AVirtual ware

BTap

CLayer 2

DLayer 3

Answer : B

Question 6

Which two components are required to configure certificate-based authentication to the web Ul when an administrator needs firewall access on a trusted interface'? (Choose two.)

AServer certificate

BSSL/TLS Service Profile

CCertificate Profile

DCA certificate

Answer : C, D

Question 7

An engineer is configuring secure web access (HTTPS) to a Palo Alto Networks firewall for management.

Which profile should be configured to ensure that management access via web browsers is encrypted with a trusted certificate?

AAn SSL/TLS Service profile with a certificate assigned.

BAn Interface Management profile with HTTP and HTTPS enabled.

CA Certificate profile with a trusted root CA.

DAn Authentication profile with the allow list of users.

Answer : A

Palo Alto Networks PCNSE Palo Alto Networks Certified Security Engineer PAN-OS 11.0 Exam Practice Test