Winter Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

PCNSE Exam Dumps - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

Go to page:
Question # 17

Which two scripting file types require direct upload to the Advanced WildFire portal/API for analysis? (Choose two.)

A.

Ps1

B.

Perl

C.

Python

D.

VBS

Full Access
Question # 18

Certain services in a customer implementation are not working, including Palo Alto Networks Dynamic version updates.

Which CLI command can the firewall administrator use to verify if the service routes were correctly installed and that they are active in the Management Plane?

A.

debug dataplane Internal vif route 250

B.

show routing route type service-route

C.

show routing route type management

D.

debug dataplane internal vif route 255

Full Access
Question # 19

An administrator needs to identify which NAT policy is being used for internet traffic.

From the Monitor tab of the firewall GUI, how can the administrator identify which NAT policy is in use for a traffic flow?

A.

Click Session Browser and review the session details.

B.

Click Traffic view and review the information in the detailed log view.

C.

Click Traffic view; ensure that the Source or Destination NAT columns are included and review the information in the detailed log view.

D.

Click App Scope > Network Monitor and filter the report for NAT rules.

Full Access
Question # 20

An auditor is evaluating the configuration of Panorama and notices a discrepancy between the Panorama template and the local firewall configuration.

When overriding the firewall configuration pushed from Panorama, what should you consider?

A.

The firewall template will show that it is out of sync within Panorama.

B.

The modification will not be visible in Panorama.

C.

Only Panorama can revert the override.

D.

Panorama will update the template with the overridden value.

Full Access
Question # 21

A firewall administrator needs to check which egress interface the firewall will use to route the IP 10.2.5.3.

Which command should they use?

A.

test routing route ip 10.2.5.3 *

B.

test routing route ip 10.2.5.3 virtual-router default

C.

test routing fib-lookup ip 10.2.5.0/24 virtual-router default

D.

test routing fib-lookup ip 10.2.5.3 virtual-router default

Full Access
Question # 22

An administrator is required to create an application-based Security policy rule to allow Evernote. The Evernote application implicitly uses SSL and web browsing.

What is the minimum the administrator needs to configure in the Security rule to allow only Evernote?

A.

Add the Evernote application to the Security policy rule, then add a second Security policy rule containing both HTTP and SSL.

B.

Create an Application Override using TCP ports 443 and 80.

C.

Add the HTTP. SSL. and Evernote applications to the same Security policy.

D.

Add only the Evernote application to the Security policy rule.

Full Access
Question # 23

Which link is responsible for synchronizing sessions between high availability (HA) peers?

A.

HA1

B.

HA3

C.

HA4

D.

HA2

Full Access
Question # 24

An engineer configures a new template stack for a firewall that needs to be deployed. The template stack should consist of four templates arranged according to the diagram

Which template values will be configured on the firewall If each template has an SSL/TLS Service profile configured named Management?

A.

Values in Chicago

B.

Values in efw01lab.chi

C.

Values in Datacenter

D.

Values in Global Settings

Full Access
Go to page: