Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

PCNSE Exam Dumps - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

Go to page:
Question # 49

While troubleshooting an issue, a firewall administrator performs a packet capture with a specific filter. The administrator sees drops for packets with a source IP address of 10.1.1.1.

How can the administrator further investigate these packet drops by looking at the global counters for this packet capture filter?

A.

> show counter global filter packet-filter yes delta yes

B.

> show counter global filter severity drop

C.

> debug dataplane packet-diag set capture stage drop

D.

> show counter global filter delta yes I match 10.1.1-1

Full Access
Question # 50

An administrator is using Panorama to manage multiple firewalls. After upgrading all devices to the latest PAN-OS software, the administrator enables log forwarding from the firewalls to Panorama.

However, pre-existing logs from the firewalls are not appearing in Panorama.

Which action should be taken to enable the firewalls to send their pre-existing logs to Panorama?

A.

Export the log database.

B.

Use the import option to pull logs.

C.

Use the scp logdb export command.

D.

Use the ACC to consolidate the logs.

Full Access
Question # 51

Which DoS Protection Profile detects and prevents session exhaustion attacks against specific destinations?

A.

Resource Protection

B.

TCP Port Scan Protection

C.

Packet Based Attack Protection

D.

Packet Buffer Protection

Full Access
Question # 52

A security engineer needs firewall management access on a trusted interface.

Which three settings are required on an SSL/TLS Service Profile to provide secure Web UI authentication? (Choose three.)

A.

Minimum TLS version

B.

Certificate

C.

Encryption Algorithm

D.

Maximum TLS version

E.

Authentication Algorithm

Full Access
Question # 53

Which three external authentication services can the firewall use to authenticate admins into the Palo Alto Networks NGFW without creating administrator account on the firewall? (Choose three.)

A.

RADIUS

B.

TACACS+

C.

Kerberos

D.

LDAP

E.

SAML

Full Access
Question # 54

Which two items must be configured when implementing application override and allowing traffic through the firewall? (Choose two.)

A.

Application filter

B.

Application override policy rule

C.

Security policy rule

D.

Custom app

Full Access
Question # 55

A network administrator configured a site-to-site VPN tunnel where the peer device will act as initiator None of the peer addresses are known

What can the administrator configure to establish the VPN connection?

A.

Set up certificate authentication.

B.

Use the Dynamic IP address type.

C.

Enable Passive Mode

D.

Configure the peer address as an FQDN.

Full Access
Question # 56

In which two scenarios would it be necessary to use Proxy IDs when configuring site-to-site VPN Tunnels? (Choose two.)

A.

Firewalls which support policy-based VPNs.

B.

The remote device is a non-Palo Alto Networks firewall.

C.

Firewalls which support route-based VPNs.

D.

The remote device is a Palo Alto Networks firewall.

Full Access
Go to page: