PCNSE Exam Dumps - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

Go to page:

<< First
Prev
1
2
3
4
5
6
7
8
9
10
Next
Last >>

Question # 33

A network security administrator wants to enable Packet-Based Attack Protection in a Zone Protection profile. What are two valid ways to enable Packet-Based Attack Protection? (Choose two.)

ICMP Drop

TCP Drop

SYN Random Early Drop

TCP Port Scan Block

Full Access

Question # 34

Which operation will impact the performance of the management plane?

Decrypting SSL sessions

Generating a SaaS Application report

Enabling DoS protection

Enabling packet buffer protection

Full Access

Question # 35

How can Panorama help with troubleshooting problems such as high CPU or resource exhaustion on a managed firewall?

Panorama provides information about system resources of the managed devices in the Managed Device > Health menu.

Firewalls send SNMP traps to Panorama wen resource exhaustion is detected Panorama generates a system log and can send email alerts.

Panorama monitors all firewalls using SNMP. It generates a system log and can send email alerts when resource exhaustion is detected on a managed firewall.

Panorama provides visibility all the system and traffic logs received from firewalls it does not offer any ability to see or monitor resource utilization on managed firewalls

Full Access

Question # 36

A network administrator is troubleshooting an issue with Phase 2 of an IPSec VPN tunnel The administrator determines that the lifetime needs to be changed to match the peer. Where should this change be made?

IPSec Tunnel settings

IKE Crypto profile

IPSec Crypto profile

IKE Gateway profile

Full Access

Question # 37

A network administrator wants to deploy SSL Forward Proxy decryption. What two attributes should a forward trust certificate have? (Choose two.)

A subject alternative name

A private key

A server certificate

A certificate authority (CA) certificate

Full Access

Question # 38

A firewall administrator has configured User-ID and deployed GlobalProtect, but there is no User-ID showing in the traffic logs.

How can the administrator ensure that User-IDs are populated in the traffic logs?

Create a Group Mapping for the GlobalProtect Group.

Enable Captive Portal on the expected source interfaces.

Add the users to the proper Dynamic User Group.

Enable User-ID on the expected trusted zones.

Full Access

Question # 39

A network administrator is trying to prevent domain username and password submissions to phishing sites on some allowed URL categories

Which set of steps does the administrator need to take in the URL Filtering profile to prevent credential phishing on the firewall?

Choose the URL categories in the User Credential Submission column and set action to block Select the User credential Detection tab and select Use Domain Credential Filter Commit

Choose the URL categories in the User Credential Submission column and set action to block Select the User credential Detection tab and select use IP User Mapping Commit

Choose the URL categories on Site Access column and set action to block Click the User credential Detection tab and select IP User Mapping Commit

Choose the URL categories in the User Credential Submission column and set action to block Select the URL filtering settings and enable Domain Credential Filter Commit

Full Access