palo alto networks pcnse practice test

Palo Alto Networks Certified Network Security Engineer

Last exam update: Apr 08 ,2024
Page 1 out of 56. Viewing questions 1-10 out of 565

Question 1

Which of the following commands would you use to check the total number of the sessions that are currently going through SSL Decryption processing?

  • A. show session all filter ssl-decryption yes total-count yes
  • B. show session all ssl-decrypt yes count yes
  • C. show session all filter ssl-decrypt yes count yes
  • D. show session filter ssl-decryption yes total-count yes
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClF2CAK

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

An administrator wants to use LDAP, TACACS+, and Kerberos as external authentication services for authenticating users.

What should the administrator be aware of regarding the authentication sequence, based on the Authentication profiles in the order Kerberos, LDAP, and TACACS+?

  • A. The priority assigned to the Authentication profile defines the order of the sequence.
  • B. The firewall evaluates the profiles in the alphabetical order the Authentication profiles have been named until one profile successfully authenticates the user.
  • C. If the authentication times out for the first Authentication profile in the authentication sequence, no further authentication attempts will be made.
  • D. The firewall evaluates the profiles in top-to-bottom order until one Authentication profile successfully authenticates the user.
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

In an existing deployment, an administrator with numerous firewalls and Panorama does not see any WildFire logs in Panorama. Each firewall has an active WildFire subscription. On each firewall, WildFire logs are available.

This issue is occurring because forwarding of which type of logs from the firewalls to Panorama is missing?

  • A. System logs
  • B. WildFire logs
  • C. Threat logs
  • D. Traffic logs
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

An administrator needs firewall access on a trusted interface. Which two components are required to configure certificate-based, secure authentication to the web
UI? (Choose two.)

  • A. server certificate
  • B. SSL/TLS Service Profile
  • C. certificate profile
  • D. SSH Service Profile
Answer:

bc

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

What is the best description of the HA4 Keep-alive Threshold (ms)?

  • A. the timeframe that the local firewall waits before going to Active state when another cluster member is preventing the cluster from fully synchronizing
  • B. the timeframe within which the firewall must receive keepalives from a cluster member to know that the cluster member is functional
  • C. the maximum interval between hello packets that are sent to verify that the HA functionality on the other firewall is operational
  • D. the time that a passive or active-secondary firewall will wait before taking over as the active or active-primary firewall
Answer:

b

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

Which three options are supported in HA Lite? (Choose three.)

  • A. Virtual link
  • B. Active/passive deployment
  • C. Synchronization of IPsec security associations
  • D. Configuration synchronization
  • E. Session synchronization
Answer:

bcd

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%

Reference:
https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/device/device-high-availability/ha-lite

Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 7

If an administrator wants to decrypt SMTP traffic and possesses the server's certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to inspect traffic to the server?

  • A. TLS Bidirectional Inspection
  • B. SSL Inbound Inspection
  • C. SSH Forward Proxy
  • D. SMTP Inbound Decryption
Answer:

b

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference:
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/decryption/configure-ssl-inbound-inspection

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8





View the screenshots. A QoS profile and policy rules are configured as shown.

Based on this information, which two statements are correct? (Choose two.)

  • A. SMTP has a higher priority but lower bandwidth than Zoom.
  • B. Facetime has a higher priority but lower bandwidth than Zoom.
  • C. google-video has a higher priority and more bandwidth than WebEx.
  • D. DNS has a higher priority and more bandwidth than SSH.
Answer:

bd

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

An administrator just submitted a newly found piece of spyware for WildFire analysis. The spyware passively monitors behavior without the user's knowledge.
What is the expected verdict from WildFire?

  • A. Malware
  • B. Grayware
  • C. Phishing
  • D. Spyware
Answer:

b

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

What is the best description of the Cluster Synchronization Timeout (min)?

  • A. The maximum interval between hello packets that are sent to verify that the HA functionality on the other firewall is operational
  • B. The maximum time that the local firewall waits before going to Active state when another cluster member is preventing the cluster from fully synchronizing
  • C. The timeframe within which the firewall must receive keepalives from a cluster member to know that the cluster member is functional
  • D. The time that a passive or active-secondary firewall will wait before taking over as the active or active-primary firewall
Answer:

b

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2