Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

PCNSE Exam Dumps - Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0

Go to page:
Question # 65

Which GloDalProtecI gateway setting is required to enable split-tunneting by access route, destination domain and application?

A.

Tunnel mode

B.

Satellite mode

C.

IPSec mode

D.

No Direct Access to local networks

Full Access
Question # 66

An engineer creates a set of rules in a Device Group (Panorama) to permit traffic to various services for a specific LDAP user group.

What needs to be configured to ensure Panorama can retrieve user and group information for use in these rules?

A.

A service route to the LDAP server

B.

A Master Device

C.

Authentication Portal

D.

A User-ID agent on the LDAP server

Full Access
Question # 67

An engineer is monitoring an active/active high availability (HA) firewall pair.

Which HA firewall state describes the firewall that is currently processing traffic?

A.

Initial

B.

Passive

C.

Active

D.

Active-primary

Full Access
Question # 68

An engineer reviews high availability (HA) settings to understand a recent HA failover event Review the screenshot below.

Which tuner determines how long the passive firewall will wart before taking over as the active firewall after losing communications with the HA peer?

A.

Additional Master Hold Up Time

B.

Promotion Hold Time

C.

Monitor Fail Hold Up Time

D.

Heartbeat Interval

Full Access
Question # 69

Refer to Exhibit:

An administrator can not see any Traffic logs from the Palo Alto Networks NGFW in Panorama reports. The configuration problem seems to be on the firewall. Which settings, if configured incorrectly, most likely would stop only Traffic logs from being sent from the NGFW to Panorama?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 70

An administrator has purchased WildFire subscriptions for 90 firewalls globally.

What should the administrator consider with regards to the WildFire infra-structure?

A.

To comply with data privacy regulations, WildFire signatures and ver-dicts are not shared globally.

B.

Palo Alto Networks owns and maintains one global cloud and four WildFire regional clouds.

C.

Each WildFire cloud analyzes samples and generates malware signatures and verdicts independently of the other WildFire clouds.

D.

The WildFire Global Cloud only provides bare metal analysis.

Full Access
Question # 71

What does SSL decryption require to establish a firewall as a trusted third party and to establish trust between a client and server to secure an SSL/TLS connection'?

A.

certificates

B.

profiles

C.

link state

D.

stateful firewall connection

Full Access
Question # 72

A network security administrator has been tasked with deploying User-ID in their organization.

What are three valid methods of collecting User-ID information in a network? (Choose three.)

A.

Windows User-ID agent

B.

GlobalProtect

C.

XMLAPI

D.

External dynamic list

E.

Dynamic user groups

Full Access
Go to page: