Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

PCNSE Exam Dumps - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

Go to page:
Question # 17

An engineer is tasked with deploying SSL Forward Proxy decryption for their organization.

What should they review with their leadership before implementation?

A.

Browser-supported cipher documentation

B.

Cipher documentation supported by the endpoint operating system

C.

URL risk-based category distinctions

D.

Legal compliance regulations and acceptable usage policies

Full Access
Question # 18

Which three firewall multi-factor authentication factors are supported by PAN-OS? (Choose three.)

A.

User logon

B.

Push

C.

One-Time Password

D.

SSH key

E.

Short message service

Full Access
Question # 19

An administrator plans to install the Windows-Based User-ID Agent.

What type of Active Directory (AD) service account should the administrator use?

A.

Dedicated Service Account

B.

System Account

C.

Domain Administrator

D.

Enterprise Administrator

Full Access
Question # 20

An existing log forwarding profile is currently configured to forward all threat logs to Panorama. The firewall engineer wants to add syslog as an additional log forwarding method. The requirement is to forward only medium or higher severity threat logs to syslog. Forwarding to Panorama must not be changed.

Which set of actions should the engineer take to achieve this goal?

A.

1- Open the current log forwarding profile.

2. Open the existing match list for threat log type.

3. Define the filter.

4. Select the syslog forward method.

B.

1. Create a new log forwarding profile.

2. Add a new match list for threat log type.

3. Define the filter.

4. Select the Panorama and syslog forward methods.

C.

1. Open the current log forwarding profile.

2. Add a new match list for threat log type.

3. Define the filter.

4. Select the syslog forward method.

D.

1. Create a new log forwarding profile.

2. Add a new match list for threat log type.

3. Define the filter.

4. Select the syslog forward method.

Full Access
Question # 21

A firewall administrator configures the HIP profiles on the edge firewall where GlobalProtect is enabled, and adds the profiles to security rules. The administrator wants to redistribute the HIP reports to the data center firewalls to apply the same access restrictions using HIP profiles. However, the administrator can only see the HIP match logs on the edge firewall but not on the data center firewall

What are two reasons why the administrator is not seeing HIP match logs on the data center firewall? (Choose two.)

A.

Log Forwarding Profile is configured but not added to security rules in the data center firewall.

B.

HIP profiles are configured but not added to security rules in the data center firewall.

C.

User ID is not enabled in the Zone where the users are coming from in the data center firewall.

D.

HIP Match log forwarding is not configured under Log Settings in the device tab.

Full Access
Question # 22

Which two statements correctly describe Session 380280? (Choose two.)

A.

The session went through SSL decryption processing.

B.

The session has ended with the end-reason unknown.

C.

The application has been identified as web-browsing.

D.

The session did not go through SSL decryption processing.

Full Access
Question # 23

An engineer must configure a new SSL decryption deployment.

Which profile or certificate is required before any traffic that matches an SSL decryption rule is decrypted?

A.

A Decryption profile must be attached to the Decryption policy that the traffic matches.

B.

A Decryption profile must be attached to the Security policy that the traffic matches.

C.

There must be a certificate with only the Forward Trust option selected.

D.

There must be a certificate with both the Forward Trust option and Forward Untrust option selected.

Full Access
Question # 24

Review the screenshots.

What is the most likely reason for this decryption error log?

A.

The Certificate fingerprint could not be found.

B.

The client expected a certificate from a different CA than the one provided.

C.

The client received a CA certificate that has expired or is not valid.

D.

Entrust is not a trusted root certificate authority (CA).

Full Access
Go to page: