Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

PCNSE Exam Dumps - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

Go to page:
Question # 9

A firewall engineer needs to update a company's Panorama-managed firewalls to the latest version of PAN-OS. Strict security requirements are blocking internet access to Panorama and to the firewalls. The PAN-OS images have previously been downloaded to a secure host on the network.

Which path should the engineer follow to deploy the PAN-OS images to the firewalls?

A.

Upload the image to Panorama > Software menu, and deploy it to the firewalls. *

B.

Upload the image to Panorama > Device Deployment > Dynamic Updates menu, and deploy it to the firewalls.

C.

Upload the image to Panorama > Dynamic Updates menu, and deploy it to the firewalls.

D.

Upload the image to Panorama > Device Deployment > Software menu, and deploy it to the firewalls.

Full Access
Question # 10

Which two actions can the administrative role called "vsysadmin" perform? (Choose two)

A.

Configure resource limits for the NGFW system

B.

Commit changes made to the candidate configuration of the assigned vsys

C.

Create and edit Security policies and security profiles for only the assigned vsys

D.

Configure interfaces and subinterfaces that exist in the assigned vsys

Full Access
Question # 11

An administrator troubleshoots an issue that causes packet drops.

Which log type will help the engineer verify whether packet buffer protection was activated?

A.

Data Filtering

B.

Configuration

C.

Threat

D.

Traffic

Full Access
Question # 12

Which two are required by IPSec in transport mode? (Choose two.)

A.

Auto generated key

B.

NAT Traversal

C.

IKEv1

D.

DH-group 20 (ECP-384 bits)

Full Access
Question # 13

Given the following configuration, which route is used for destination 10 10 0 4?

A.

Route 2

B.

Route 3

C.

Route 1

D.

Route 4

Full Access
Question # 14

A network security administrator wants to enable Packet-Based Attack Protection in a Zone Protection profile. What are two valid ways to enable Packet-Based Attack Protection? (Choose two.)

A.

ICMP Drop

B.

TCP Drop

C.

SYN Random Early Drop

D.

TCP Port Scan Block

Full Access
Question # 15

Which two components are required to configure certificate-based authentication to the web Ul when an administrator needs firewall access on a trusted interface'? (Choose two.)

A.

Server certificate

B.

SSL/TLS Service Profile

C.

Certificate Profile

D.

CA certificate

Full Access
Question # 16

A company is deploying User-ID in their network. The firewall team needs to have the ability to see and choose from a list of usernames and user groups directly inside the Panorama policies when creating new security rules.

How can this be achieved?

A.

By configuring Data Redistribution Client in Panorama > Data Redistribution

B.

By configuring User-ID group mapping in Panorama > User Identification

C.

By configuring User-ID source device in Panorama > Managed Devices

D.

By configuring Master Device in Panorama > Device Groups

Full Access
Go to page: