Winter Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

PCNSE Exam Dumps - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

Go to page:
Question # 17

An engineer is monitoring an active/active high availability (HA) firewall pair.

Which HA firewall state describes the firewall that is currently processing traffic?

A.

Initial

B.

Passive

C.

Active

D.

Active-primary

Full Access
Question # 18

An engineer configures SSL decryption in order to have more visibility to the internal users' traffic when it is regressing the firewall.

Which three types of interfaces support SSL Forward Proxy? (Choose three.)

A.

High availability (HA)

B.

Layer 3

C.

Layer 2

D.

Tap

E.

Virtual Wire

Full Access
Question # 19

A firewall administrator is investigating high packet buffer utilization in the company firewall. After looking at the threat logs and seeing many flood attacks coming from a single source that are dropped by the firewall, the administrator decides to enable packet buffer protection to protect against similar attacks.

The administrator enables packet buffer protection globally in the firewall but still sees a high packet buffer utilization rate.

What else should the administrator do to stop packet buffers from being overflowed?

A.

Apply DOS profile to security rules allow traffic from outside.

B.

Add the default Vulnerability Protection profile to all security rules that allow traffic from outside.

C.

Enable packet buffer protection for the affected zones.

D.

Add a Zone Protection profile to the affected zones.

Full Access
Question # 20

An administrator is attempting to create policies tor deployment of a device group and template stack. When creating the policies, the zone drop down list does not include the required zone.

What must the administrator do to correct this issue?

A.

Specify the target device as the master device in the device group

B.

Enable "Share Unused Address and Service Objects with Devices" in Panorama settings

C.

Add the template as a reference template in the device group

D.

Add a firewall to both the device group and the template

Full Access
Question # 21

A firewall administrator needs to check which egress interface the firewall will use to route the IP 10.2.5.3.

Which command should they use?

A.

test routing route ip 10.2.5.3 *

B.

test routing route ip 10.2.5.3 virtual-router default

C.

test routing fib-lookup ip 10.2.5.0/24 virtual-router default

D.

test routing fib-lookup ip 10.2.5.3 virtual-router default

Full Access
Question # 22

Which three statements accurately describe Decryption Mirror? (Choose three.)

A.

Decryption Mirror requires a tap interface on the firewall

B.

Use of Decryption Mirror might enable malicious users with administrative access to the firewall to harvest sensitive information that is submitted via an encrypted channel

C.

Only management consent is required to use the Decryption Mirror feature.

D.

Decryption, storage, inspection, and use of SSL traffic are regulated in certain countries.

E.

You should consult with your corporate counsel before activating and using Decryption Mirror in a production environment.

Full Access
Question # 23

What is the best definition of the Heartbeat Interval?

A.

The interval in milliseconds between hello packets

B.

The frequency at which the HA peers check link or path availability

C.

The frequency at which the HA peers exchange ping

D.

The interval during which the firewall will remain active following a link monitor failure

Full Access
Question # 24

What must be configured to apply tags automatically based on User-ID logs?

A.

Device ID

B.

Log Forwarding profile

C.

Group mapping

D.

Log settings

Full Access
Go to page: