Weekend Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

  1. Home
  2. Paloalto Networks
  3. Palo Alto Certifications and Accreditations
  4. PCNSE - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

PCNSE Exam Dumps - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

Go to page:
Question # 25

An engineer is deploying multiple firewalls with common configuration in Panorama.

What are two benefits of using nested device groups? (Choose two.)

A.

Inherit settings from the Shared group

B.

Inherit IPSec crypto profiles

C.

Inherit all Security policy rules and objects

D.

Inherit parent Security policy rules and objects

Full Access
Question # 26

Refer to the exhibit.

Based on the screenshots above what is the correct order in which the various rules are deployed to firewalls inside the DATACENTER_DG device group?

A.

shared pre-rules

DATACENTER DG pre rules

rules configured locally on the firewall

shared post-rules

DATACENTER_DG post-rules

DATACENTER.DG default rules

B.

shared pre-rules

DATACENTER_DG pre-rules

rules configured locally on the firewall

shared post-rules

DATACENTER.DG post-rules

shared default rules

C.

shared pre-rules

DATACENTER_DG pre-rules

rules configured locally on the firewall

DATACENTER_DG post-rules

shared post-rules

shared default rules

D.

shared pre-rules

DATACENTER_DG pre-rules

rules configured locally on the firewall

DATACENTER_DG post-rules

shared post-rules

DATACENTER_DG default rules

Full Access
Question # 27

An administrator needs to assign a specific DNS server to an existing template variable. Where would the administrator go to edit a template variable at the device level?

A.

"Managed Devices > Device Association"

B.

PDF Export under "Panorama > Templates"

C.

Variable CSV export under "Panorama > Templates"

D.

Manage variables under "Panorama > Templates"

Full Access
Question # 28

A firewall administrator manages sets of firewalls which have two unique idle timeout values. Datacenter firewalls needs to be set to 20 minutes and BranchOffice firewalls need to be set to 30 minutes. How can the administrator assign these settings through the use of template stacks?

A.

Create one template stack and place the BranchOffice_Template in higher priority than Datacenter_Template.

B.

Create one template stack and place the Datanceter_Template in higher priority than BranchOffice_template.

C.

Create two separate template stacks one each for Datacenter and BranchOffice, and verify that Datacenter_Template and BranchOffice_template are at the bottom of their stack.

D.

Create two separate template stacks one each for Datacenter and BranchOffice, and verify that Datacenter_template are at the top of their stack

Full Access
Question # 29

A firewall administrator has confirm reports of a website is not displaying as expected, and wants to ensure that decryption is not causing the issue. Which three methods can the administrator use to determine if decryption is causing the website to fail? (Choose three.)

A.

Move the policy with action decrypt to the top of the decryption policy rulebase.

B.

Temporarily disable SSL decryption for all websites to troubleshoot the issue.

C.

Create a policy-based “No Decrypt” rule in the decryption policy to exclude specific traffic from decryption.

D.

Investigate decryption logs of the specific traffic to determine reasons for failure.

E.

Disable SSL handshake logging.

Full Access
Question # 30

A firewall administrator has been tasked with ensuring that all firewalls forward System logs to Panorama. In which section is this configured?

A.

Monitor > Logs > System

B.

Objects > Log Forwarding

C.

Panorama > Managed Devices

D.

Device > Log Settings

Full Access
Question # 31

Which three authentication types can be used to authenticate users? (Choose three.)

A.

Local database authentication

B.

PingID

C.

Kerberos single sign-on

D.

GlobalProtect client

E.

Cloud authentication service

Full Access
Question # 32

An engineer configures a specific service route in an environment with multiple virtual systems instead of using the inherited global service route configuration.

What type of service route can be used for this configuration?

A.

IPv6 Source or Destination Address

B.

Destination-Based Service Route

C.

IPv4 Source Interface

D.

Inherit Global Setting

Full Access
Go to page:

Hot Exams

ADM-201 Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
350-701 Dumps
SY0-601 Dumps
NCSE-Core Dumps
PDP9 Dumps
DP-203 Dumps
AZ-700 Dumps
NSE7_EFW-7.0 Dumps
Integration-Architect Dumps
CS0-003 Dumps