PCNSE Exam Dumps - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

Go to page:

<< First
Prev
3
4
5
6
7
8
9
10
11
12
Next
Last >>

Question # 57

A company has a PA-3220 NGFW at the edge of its network and wants to use active directory groups in its Security policy rules. There are 1500 groups in its active directory. An engineer has been provided 800 active directory groups to be used in the Security policy rules.

What is the engineer's next step?

Create a Group Mapping with 800 groups in the Group Include List.

Create two Group Include Lists, each with 400 Active Directory groups.

Create a Group Include List with the 800 Active Directory groups.

Create two Group Mappings, each with 400 groups in the Group Include List.

Full Access

Question # 58

A firewall engineer needs to patch the companyâ€™s Palo Alto Network firewalls to the latest version of PAN-OS. The company manages its firewalls by using panorama. Logs are forwarded to Dedicated Log Collectors, and file samples are forwarded to WildFire appliances for analysis. What must the engineer consider when planning deployment?

Only Panorama and Dedicated Log Collectorss must be patched to the target PAN-OS version before updating the firewalls

Panorama, Dedicated Log Collectors and WildFire appliances must be patched to the target PAN-OS version before updating the firewalls.

Panorama, Dedicated Log Collectors and WildFire appliances must have the target PAN-OS version downloaded, after which the order of patching does not matter.

Only Panorama must be patched to the PAN-OS version before updating the firewalls

Full Access

Question # 59

What must be taken into consideration when preparing a log forwarding design for all of a customerâ€™s deployed Palo Alto Networks firewalls?

The logs will not contain the names of the identified applications unless the "Enable enhanced application logging" option is selected

Traffic and threat logs will not be forwarded unless the relevant Log Forwarding profile is attached to the security rules

App-ID engine will not identify any application traffic unless the "Enable enhanced application logging" option is selected

Traffic and threat logs will not be forwarded unless the relevant Log Forwarding profile is selected in "Logging and Reporting Settings"

Full Access

Question # 60

A company has configured a URL Filtering profile with override action on their firewall. Which two profiles are needed to complete the configuration? (Choose two)

SSL/TLS Service

HTTP Server

Decryption

Interface Management

Full Access

Question # 61

Which new PAN-OS 11.0 feature supports IPv6 traffic?

DHCPv6 Client with Prefix Delegation

OSPF

DHCP Server

IKEv1

Full Access

Question # 62

An administrator plans to install the Windows-Based User-ID Agent to prevent credential phishing.

Which installer package file should the administrator download from the support site?

UaCredlnstall64-11.0.0.msi

GlobalProtect64-6.2.1.msi

Talnstall-11.0.0.msi

Ualnstall-11.0.0msi

Full Access

Question # 63

An internal audit team has requested additional information to be included inside traffic logs forwarded from Palo Alto Networks firewalls to an internal syslog server.

Where can the firewall engineer define the data to be added into each forwarded log?

Custom Log Format within Device > Server Profiles > Syslog

Built-in Actions within Objects > Log Forwarding Profile

Logging and Reporting Settings within Device > Setup > Management

Data Patterns within Objects > Custom Objects

Full Access

Answer:

Explanation:

To facilitate the integration with external log parsing systems, the firewall allows you to customize the log format; it also allows you to add custom Key: Value attribute pairs. Custom message formats can be configured under DeviceServer ProfilesSyslogSyslog Server ProfileCustom Log Format. https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/custom-logevent-format

Step-by-Step Explanation:

Understanding Log Forwarding in PAN-OS:

Palo Alto Networks firewalls allow forwarding logs to external systems like syslog servers, SNMP servers, or email systems for external analysis or compliance.

Traffic logs can be customized to include additional information that meets the audit or operational requirements.

Syslog Server Profiles:

Syslog Server Profiles specify the format and destination of the log data sent to the syslog server.

These profiles allow customization through the Custom Log Format option, where the firewall engineer can add or modify log fields (e.g., source address, destination address, URL category).

Custom Log Format:

Navigate to Device > Server Profiles > Syslog.

Within the Syslog Server Profile, define a Custom Log Format for traffic logs.

Using this feature, the engineer can include additional fields requested by the internal audit team, such as threat severity, application details, or user ID.

Field Specification:

In the Custom Log Format, fields are defined using variables corresponding to the log fields in PAN-OS.

Example:

$receive_time,$src,$dst,$app,$action,$rule

The engineer can include specific details as requested by the audit team.

Comparison of Other Options:

Option B: Built-in Actions within Objects > Log Forwarding Profile

Log Forwarding Profiles are used to specify what logs are forwarded based on security policy matches. However, they do not control the format of logs.

Log Forwarding Profiles define actions (e.g., forwarding to syslog, SNMP), but customization of log data happens within Syslog Server Profiles.

Option C: Logging and Reporting Settings within Device > Setup > Management

These settings control general logging behavior and settings but do not allow customization of log data for syslog forwarding.

Option D: Data Patterns within Objects > Custom Objects

Data Patterns are used for identifying sensitive data or patterns in data filtering. They are unrelated to log customization.

Why A is Correct?

The Custom Log Format under Device > Server Profiles > Syslog is the only place where additional information can be defined and added to forwarded traffic logs.

This flexibility allows the firewall engineer to meet specific compliance or audit requirements.

Documentation Reference:

PCNSA Study Guide: Logging and Monitoring section discusses Syslog Server Profiles and log forwarding configurationsâ€‹.

PAN-OS Admin Guide: Covers Custom Log Format configuration under the Syslog Server Profile.

Question # 64

A firewall administrator is investigating high packet buffer utilization in the company firewall. After looking at the threat logs and seeing many flood attacks coming from a single source that are dropped by the firewall, the administrator decides to enable packet buffer protection to protect against similar attacks.

The administrator enables packet buffer protection globally in the firewall but still sees a high packet buffer utilization rate.

What else should the administrator do to stop packet buffers from being overflowed?

Apply DOS profile to security rules allow traffic from outside.

Add the default Vulnerability Protection profile to all security rules that allow traffic from outside.

Enable packet buffer protection for the affected zones.

Add a Zone Protection profile to the affected zones.

Full Access

Go to page: