Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

PCNSE Exam Dumps - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

Go to page:
Question # 33

An administrator has been tasked with configuring decryption policies,

Which decryption best practice should they consider?

A.

Consider the local, legal, and regulatory implications and how they affect which traffic can be decrypted.

B.

Decrypt all traffic that traverses the firewall so that it can be scanned for threats.

C.

Place firewalls where administrators can opt to bypass the firewall when needed.

D.

Create forward proxy decryption rules without Decryption profiles for unsanctioned applications.

Full Access
Question # 34

An administrator needs to build Security rules in a Device Group that allow traffic to specific users and groups defined in Active Directory. What must be configured in order to select users and groups for those rules from Panorama? The Security rules must be targeted to a firewall in the device group and have Group Mapping configured.

A.

A master device with Group Mapping configured must be set in the device group where the Security rules are configured

B.

User-ID Redistribution must be configured on Panorama to ensure that all firewalls have the same mappings

C.

A User-ID Certificate profile must be configured on Panorama

D.

N/A

Full Access
Question # 35

If a URL is in multiple custom URL categories with different actions, which action will take priority?

A.

Allow

B.

Override

C.

Block

D.

Alert

Full Access
Question # 36

Which CLI command displays the physical media that are connected to ethernet1/8?

A.

> show system state filter-pretty sys.si. p8. stats

B.

> show system state filter-pretty sys.sl.p8.phy

C.

> show system state filter-pretty sys.sl.p8.med

D.

> show interface ethernet1/8

Full Access
Question # 37

An administrator is required to create an application-based Security policy rule to allow Evernote. The Evernote application implicitly uses SSL and web browsing.

What is the minimum the administrator needs to configure in the Security rule to allow only Evernote?

A.

Add the Evernote application to the Security policy rule, then add a second Security policy rule containing both HTTP and SSL.

B.

Create an Application Override using TCP ports 443 and 80.

C.

Add the HTTP. SSL. and Evernote applications to the same Security policy.

D.

Add only the Evernote application to the Security policy rule.

Full Access
Question # 38

A firewall architect is attempting to install a new Palo Alto Networks NGFW. The company has previously had issues moving all administrative functions onto a data plane interface to meet the design limitations of the environment. The architect is able to access the device for HTTPS and SSH; however, the NGFW can neither validate licensing nor get updates. Which action taken by the architect will resolve this issue?

A.

Create a service route that sets the source interface to the data plane interface in question

B.

Validate that all upstream devices will allow and properly route the outbound traffic to the external destinations needed

C.

Create a loopback from the management interface to the data plane interface, then make a service route from the management interface to the data plane interface

D.

Enable OCSP for the data plane interface so the firewall will create a certificate with the data plane interface’s IP

Full Access
Question # 39

An organization is interested in migrating from their existing web proxy architecture to the Web Proxy feature of their PAN-OS 11.0 firewalls. Currently. HTTP and SSL requests contain the c IP address of the web server and the client browser is redirected to the proxy

Which PAN-OS proxy method should be configured to maintain this type of traffic flow?

A.

DNS proxy

B.

Explicit proxy

C.

SSL forward proxy

D.

Transparent proxy

Full Access
Question # 40

A decryption policy has been created with an action of "No Decryption." The decryption profile is configured in alignment to best practices.

What protections does this policy provide to the enterprise?

A.

It allows for complete visibility into certificate data, ensuring secure connections to all websites.

B.

It ensures that the firewall checks its certificate store, enabling sessions with trusted self-signed certificates even when an alternative trust anchor exists.

C.

It encrypts all certificate information to maintain privacy and compliance with local regulations.

D.

It enhances security by actively blocking access to potentially insecure sites with expired certificates or untrusted issuers.

Full Access
Go to page: