Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

PCNSE Exam Dumps - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

Go to page:
Question # 73

What action does a firewall take when a Decryption profile allows unsupported modes and unsupported traffic with TLS 1.2 protocol traverses the firewall?

A.

It blocks all communication with the server indefinitely.

B.

It downgrades the protocol to ensure compatibility.

C.

It automatically adds the server to the SSL Decryption Exclusion list.

D.

It generates an decryption error message but allows the traffic to continue decryption.

Full Access
Question # 74

An engineer is monitoring an active/active high availability (HA) firewall pair.

Which HA firewall state describes the firewall that is experiencing a failure of a monitored path?

A.

Initial

B.

Tentative

C.

Passive

D.

Active-secondary

Full Access
Question # 75

The firewall team has been asked to deploy a new Panorama server and to forward all firewall logs to this server By default, which component of the Palo Alto Networks firewall architect is responsible for log forwarding and should be checked for early signs of overutilization?

A.

Management plane CPU

B.

Dataplane CPU

C.

Packet buffers

D.

On-chip packet descriptors

Full Access
Question # 76

An administrator has a Palo Alto Networks NGFW. All security subscriptions and decryption are enabled and the system is running close to its resource limits.

Knowing that using decryption can be resource-intensive, how can the administrator reduce the load on the firewall?

A.

Use RSA instead of ECDSA for traffic that isn't sensitive or high-priority.

B.

Use the highest TLS protocol version to maximize security.

C.

Use ECDSA instead of RSA for traffic that isn't sensitive or high-priority.

D.

Use SSL Forward Proxy instead of SSL Inbound Inspection for decryption.

Full Access
Question # 77

A security engineer wants to upgrade the company's deployed firewalls from PAN-OS 10.1 to 11.0.x to take advantage of the new TLSvl.3 support for management access.

What is the recommended upgrade path procedure from PAN-OS 10.1 to 11.0.x?

A.

Required: Download PAN-OS 10.2.0 or earlier release that is not EOL.

Required: Download and install the latest preferred PAN-OS 10.2 maintenance release and reboot. Required: Download PAN-OS 11.0.0. Required: Download and install the desired PAN-OS 11.0.x.

B.

Required: Download and install the latest preferred PAN-OS 10.1 maintenance release and reboot.

Required: Download PAN-OS 10.2.0.

Required: Download and install the latest preferred PAN-OS 10.2 maintenance release and reboot. Required: Download PAN-OS 11.0.0. Required: Download and install the desired PAN-OS 11.0.x.

C.

Optional: Download and install the latest preferred PAN-OS 10.1 release. Optional: Install the latest preferred PAN-OS 10.2 maintenance release. Required: Download PAN-OS 11.0.0. Required: Download and install the desired PAN-OS 11.0.x.

D.

Required: Download and install the latest preferred PAN-OS 10.1 maintenance release and reboot. Required: Download PAN-OS 10.2.0.

Optional: Install the latest preferred PAN-OS 10.2 maintenance release. Required: Download PAN-OS 11.0.0. Required: Download and install the desired PAN-OS 11.0.x.

Full Access
Question # 78

An administrator configures a preemptive active-passive high availability (HA) pair of firewalls and configures the HA election settings on firewall-02 with a device priority value of 100, and firewall-01 with a device priority value of 90.

When firewall-01 is rebooted, is there any action taken by the firewalls?

A.

No - Neither firewall takes any action because firewall-01 cannot be rebooted when configured with device priority of 90.

B.

No - Neither firewall takes any action because firewall-02 is already the active-primary member.

C.

Yes - Firewall-02 takes over as the active-primary firewall; firewall-01 takes over as the active-primary member after it becomes functional.

D.

Yes - Firewall-02 takes over as the active-primary firewall; firewall-02 remains the active-primary member after firewall-01 becomes functional.

Full Access
Question # 79

An organization conducts research on the benefits of leveraging the Web Proxy feature of PAN-OS 11.0.

What are two benefits of using an explicit proxy method versus a transparent proxy method? (Choose two.)

A.

No client configuration is required for explicit proxy, which simplifies the deployment complexity.

B.

Explicit proxy supports interception of traffic using non-standard HTTPS ports.

C.

It supports the X-Authenticated-User (XAU) header, which contains the authenticated username in the outgoing request.

D.

Explicit proxy allows for easier troubleshooting, since the client browser is aware of the existence of the proxy.

Full Access
Question # 80

A firewall administrator has configured User-ID and deployed GlobalProtect, but there is no User-ID showing in the traffic logs.

How can the administrator ensure that User-IDs are populated in the traffic logs?

A.

Create a Group Mapping for the GlobalProtect Group.

B.

Enable Captive Portal on the expected source interfaces.

C.

Add the users to the proper Dynamic User Group.

D.

Enable User-ID on the expected trusted zones.

Full Access
Go to page: