Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

PCNSE Exam Dumps - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

Go to page:
Question # 57

A company has a PA-3220 NGFW at the edge of its network and wants to use active directory groups in its Security policy rules. There are 1500 groups in its active directory. An engineer has been provided 800 active directory groups to be used in the Security policy rules.

What is the engineer's next step?

A.

Create a Group Mapping with 800 groups in the Group Include List.

B.

Create two Group Include Lists, each with 400 Active Directory groups.

C.

Create a Group Include List with the 800 Active Directory groups.

D.

Create two Group Mappings, each with 400 groups in the Group Include List.

Full Access
Question # 58

A firewall engineer needs to patch the company’s Palo Alto Network firewalls to the latest version of PAN-OS. The company manages its firewalls by using panorama. Logs are forwarded to Dedicated Log Collectors, and file samples are forwarded to WildFire appliances for analysis. What must the engineer consider when planning deployment?

A.

Only Panorama and Dedicated Log Collectorss must be patched to the target PAN-OS version before updating the firewalls

B.

Panorama, Dedicated Log Collectors and WildFire appliances must be patched to the target PAN-OS version before updating the firewalls.

C.

Panorama, Dedicated Log Collectors and WildFire appliances must have the target PAN-OS version downloaded, after which the order of patching does not matter.

D.

Only Panorama must be patched to the PAN-OS version before updating the firewalls

Full Access
Question # 59

What must be taken into consideration when preparing a log forwarding design for all of a customer’s deployed Palo Alto Networks firewalls?

A.

The logs will not contain the names of the identified applications unless the "Enable enhanced application logging" option is selected

B.

Traffic and threat logs will not be forwarded unless the relevant Log Forwarding profile is attached to the security rules

C.

App-ID engine will not identify any application traffic unless the "Enable enhanced application logging" option is selected

D.

Traffic and threat logs will not be forwarded unless the relevant Log Forwarding profile is selected in "Logging and Reporting Settings"

Full Access
Question # 60

A company has configured a URL Filtering profile with override action on their firewall. Which two profiles are needed to complete the configuration? (Choose two)

A.

SSL/TLS Service

B.

HTTP Server

C.

Decryption

D.

Interface Management

Full Access
Question # 61

Which new PAN-OS 11.0 feature supports IPv6 traffic?

A.

DHCPv6 Client with Prefix Delegation

B.

OSPF

C.

DHCP Server

D.

IKEv1

Full Access
Question # 62

An administrator plans to install the Windows-Based User-ID Agent to prevent credential phishing.

Which installer package file should the administrator download from the support site?

A.

UaCredlnstall64-11.0.0.msi

B.

GlobalProtect64-6.2.1.msi

C.

Talnstall-11.0.0.msi

D.

Ualnstall-11.0.0msi

Full Access
Question # 63

An internal audit team has requested additional information to be included inside traffic logs forwarded from Palo Alto Networks firewalls to an internal syslog server.

Where can the firewall engineer define the data to be added into each forwarded log?

A.

Custom Log Format within Device > Server Profiles > Syslog

B.

Built-in Actions within Objects > Log Forwarding Profile

C.

Logging and Reporting Settings within Device > Setup > Management

D.

Data Patterns within Objects > Custom Objects

Full Access
Question # 64

A firewall administrator is investigating high packet buffer utilization in the company firewall. After looking at the threat logs and seeing many flood attacks coming from a single source that are dropped by the firewall, the administrator decides to enable packet buffer protection to protect against similar attacks.

The administrator enables packet buffer protection globally in the firewall but still sees a high packet buffer utilization rate.

What else should the administrator do to stop packet buffers from being overflowed?

A.

Apply DOS profile to security rules allow traffic from outside.

B.

Add the default Vulnerability Protection profile to all security rules that allow traffic from outside.

C.

Enable packet buffer protection for the affected zones.

D.

Add a Zone Protection profile to the affected zones.

Full Access
Go to page: