PCNSE Exam Dumps - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

Go to page:

<< First
Prev
2
3
4
5
6
7
8
9
10
11
Next
Last >>

Question # 49

â€˜SSL Forward Proxy decryption is configured, but the firewall uses Untrusted-CA to sign the website https://www important-website com certificate, End-users are receiving the "security certificate is no: trustedâ€ warning, Without SSL decryption, the web browser shows chat the website certificate is trusted and signet by well-known certificate chain Well-Known-intermediate and Wako Hebe CA Security administrator who represents the customer requires the following two behaviors when SSL Forward Proxy is enabled:

1. End-users must not get the warning for the https:///www.very-import-website.com/ website.

2. End-users should get the warning for any other untrusted website.

Which approach meets the two customer requirements?

Install the Well-Known-intermediate-CA and Well:Known Root-CA certificates on all end-user systems in the user and local computer stores:

Clear the Forward Untrust-CA Certificate check box on the Untrusted-CA certificate= and commit the configuration

Navigate to Device > Certificate Management > Certificates > Default Trusted Certificate Authorities, import Well-Known-Intermediate-CA 2nd Well-Known-Root-CA select the Trusted Root CA check box, aid commit the configuration.

Navigate to Device > Certificate Management > Certificates > Device Certificates, import Well-known-Intermediate-CA and Well-Know5-Root-CA, Select the Trusted Root CA check box, and commit the configuration.

Full Access

Question # 50

An engineer has been asked to limit which routes are shared by running two different areas within an OSPF implementation. However, the devices share a common link for communication. Which virtual router configuration supports running multiple instances of the OSPF protocol over a single link?

OSPFV3

ECMP

ASBR

OSBF

Full Access

Question # 51

An engineer is monitoring an active/active high availability (HA) firewall pair.

Which HA firewall state describes the firewall that is experiencing a failure of a monitored path?

Initial

Tentative

Passive

Active-secondary

Full Access

Question # 52

When configuring explicit proxy on a firewall, which interface should be selected under the Listening interface option?

ingress for the outgoing traffic to the internet

Loopback for the proxy

Firewall management

ingress for the client traffic

Full Access

Question # 53

Which interface type should a firewall administrator configure as an upstream to the ingress trusted interface when configuring transparent web proxy on a Palo Alto Networks firewall?

Tunnel

Ethernet

VLAN

Lookback

Full Access

Question # 54

An engineer decides to use Panorama to upgrade devices to PAN-OS 10.2.

Which three platforms support PAN-OS 10.2? (Choose three.)

PA-220

PA-800 Series

PA-5000 Series

PA-500

PA-3400 Series

Full Access

Question # 55

Where is Palo Alto Networks Device Telemetry data stored on a firewall with a device certificate installed?

On Palo Alto Networks Update Servers

M600 Log Collectors

Cortex Data Lake

Panorama

Full Access

Question # 56

A firewall administrator is changing a packet capture filter to troubleshoot a specific traffic flow Upon opening the newly created packet capture, the administrator still sees traffic for the previous fitter What can the administrator do to limit the captured traffic to the newly configured filter?

Command line > debug dataplane packet-diag clear filter-marked-session all

In the GLH under Monitor > Packet Capture > Manage Filters under Ingress Interface select an interface

Command line> debug dataplane packet-diag clear filter all

In the GUI under Monitor > Packet Capture > Manage Filters under the Non-IP field, select "exclude"

Full Access

Go to page: