لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Which two methods can be configured to validate the revocation status of a certificate? (Choose two.)
A. CRL
B. CRT
C. OCSP
D. Cert-Validation-Profile
E. SSL/TLS Service Profile
عرض الإجابة
اجابة صحيحة: A

View The Updated PCNSE Exam Questions

SPOTO Provides 100% Real PCNSE Exam Questions for You to Pass Your PCNSE Exam!

Get PCNSE Practice Test
السؤال #2
A file sharing application is being permitted and no one knows what this application is used for. How should this application be blocked?
A. Block all unauthorized applications using a security policy
B. Block all known internal custom applications
C. Create a WildFire Analysis Profile that blocks Layer 4 and Layer 7 attacks
D. Create a File blocking profile that blocks Layer 4 and Layer 7 attacks
عرض الإجابة
اجابة صحيحة: C
السؤال #3
Support for which authentication method was added in PAN-OS 8.0?
A. RADIUS
B. LDAP
C. Diameter
D. TACACS+
عرض الإجابة
اجابة صحيحة: A
السؤال #4
In a firewall, which three decryption methods are valid? (Choose three )
A. SSL Inbound Inspection
B. SSL Outbound Proxyless Inspection
C. SSL Inbound Proxy
D. Decryption Mirror
E. SSH Proxy
عرض الإجابة
اجابة صحيحة: A
السؤال #5
A client is deploying a pair of PA-5000 series firewalls using High Availability (HA) in Active/Passive mode. Which statement is true about this deployment?
A. The two devices must share a routable floating IP address
B. The two devices may be different models within the PA-5000 series
C. The HA1 IP address from each peer must be on a different subnet
D. The management port may be used for a backup control connection
عرض الإجابة
اجابة صحيحة: DE
السؤال #6
Palo Alto Networks maintains a dynamic database of malicious domains. Which two Security Platform components use this database to prevent threats? (Choose two)
A. Brute-force signatures
B. BrightCloud Url Filtering
C. PAN-DB URL Filtering
D. DNS-based command-and-control signatures
عرض الإجابة
اجابة صحيحة: BC
السؤال #7
An engineer must configure the Decryption Broker feature Which Decryption Broker security chain supports bi-directional traffic flow?
A. Layer 2 security chain
B. Layer 3 security chain
C. Transparent Bridge security chain
D. Transparent Proxy security chain
عرض الإجابة
اجابة صحيحة: AC
السؤال #8
Which two actions would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL Forward Proxy? (Choose two.)
A. Create a no-decrypt Decryption Policy rule
B. Configure an EDL to pull IP addresses of known sites resolved from a CRL
C. Create a Dynamic Address Group for untrusted sites
D. Create a Security Policy rule with vulnerability Security Profile attached
E. Enable the “Block sessions with untrusted issuers” setting
عرض الإجابة
اجابة صحيحة: D
السؤال #9
In a Panorama template which three types of objects are configurable? (Choose three)
A. HIP objects
B. QoS profiles
C. interface management profiles
D. certificate profiles
E. security profiles
عرض الإجابة
اجابة صحيحة: A
السؤال #10
An administrator needs to implement an NGFW between their DMZ and Core network EIGRP Routing between the two environments is required Which interface type would support this business requirement?
A. Layer 3 interfaces but configuring EIGRP on the attached virtual router
B. Virtual Wire interfaces to permit EIGRP routing to remain between the Core and DMZ
C. Layer 3 or Aggregate Ethernet interfaces but configuring EIGRP on subinterfaces only
D. Tunnel interfaces to terminate EIGRP routing on an IPsec tunnel {with the GlobalProtect License to support LSVPN and EIGRP protocols)
عرض الإجابة
اجابة صحيحة: D
السؤال #11
Which two virtualized environments support Active/Active High Availability (HA) in PAN-OS 8.0? (Choose two.)
A. KVM
B. VMware ESX
C. VMware NSX
D. AWS
عرض الإجابة
اجابة صحيحة: A
السؤال #12
What are three possible verdicts that WildFire can provide for an analyzed sample? (Choose three)
A. Clean
B. Bengin
C. Adware
D. Suspicious
E. Grayware
F. Malware
عرض الإجابة
اجابة صحيحة: BD
السؤال #13
In the following image from Panorama, why are some values shown in red?
A. sg2 session count is the lowest compared to the other managed devices
B. us3 has a logging rate that deviates from the administrator-configured thresholds
C. uk3 has a logging rate that deviates from the seven-day calculated baseline
D. sg2 has misconfigured session thresholds
عرض الإجابة
اجابة صحيحة: C
السؤال #14
A network security engineer is asked to provide a report on bandwidth usage. Which tab in the ACC provides the information needed to create the report?
A. Blocked Activity
B. Bandwidth Activity
C. Threat Activity
D. Network Activity
عرض الإجابة
اجابة صحيحة: A
السؤال #15
How would an administrator monitor/capture traffic on the management interface of the Palo Alto Networks NGFW?
A. Use the debug dataplane packet-diag set capture stage firewall file command
B. Enable all four stages of traffic capture (TX, RX, DROP, Firewall)
C. Use the debug dataplane packet-diag set capture stage management file command
D. Use the tcpdump command
عرض الإجابة
اجابة صحيحة: D
السؤال #16
The administrator has enabled BGP on a virtual router on the Palo Alto Networks NGFW, but new routes do not seem to be populating the virtual router. Which two options would help the administrator troubleshoot this issue? (Choose two.)
A. View the System logs and look for the error messages about BGP
B. Perform a traffic pcap on the NGFW to see any BGP problems
C. View the Runtime Stats and look for problems with BGP configuration
D. View the ACC tab to isolate routing issues
عرض الإجابة
اجابة صحيحة: AD
السؤال #17
A users traffic traversing a Palo Alto networks NGFW sometimes can reach http //www company com At other times the session times out. At other times the session times out The NGFW has been configured with a PBF rule that the user traffic matches when it goes to http://www.company.com goes to http://www company com How can the firewall be configured to automatically disable the PBF rule if the next hop goes down?
A. Create and add a monitor profile with an action of fail over in the PBF rule in question
B. Create and add a monitor profile with an action of wait recover in the PBF rule in question
C. Configure path monitoring for the next hop gateway on the default route in the virtual router
D. Enable and configure a link monitoring profile for the external interface of the firewall
عرض الإجابة
اجابة صحيحة: C
السؤال #18
What are three valid actions in a File Blocking Profile? (Choose three)
A. Forward
B. Block
C. Alret
D. Upload
E. Reset-both
F. Continue
عرض الإجابة
اجابة صحيحة: AC
السؤال #19
For which two reasons would a firewall discard a packet as part of the packet flow sequence? (Choose two )
A. equal-cost multipath
B. ingress processing errors
C. rule match with action "allow"
D. rule match with action "deny"
عرض الإجابة
اجابة صحيحة: B
السؤال #20
When setting up a security profile which three items can you use? (Choose three )
A. Wildfire analysis
B. anti-ransom ware
C. antivirus
D. URL filtering
E. decryption profile
عرض الإجابة
اجابة صحيحة: A
السؤال #21
An administrator needs to optimize traffic to prefer business-critical applications over non-critical applications. QoS natively integrates with which feature to provide service quality?
A. Port Inspection
B. Certificate revocation
C. Content-ID
D. App-ID
عرض الإجابة
اجابة صحيحة: AC
السؤال #22
How does Panorama handle incoming logs when it reaches the maximum storage capacity?
A. Panorama discards incoming logs when storage capacity full
B. Panorama stops accepting logs until licenses for additional storage space are applied
C. Panorama stops accepting logs until a reboot to clean storage space
D. Panorama automatically deletes older logs to create space for new ones
عرض الإجابة
اجابة صحيحة: AD
السؤال #23
Which operation will impact performance of the management plane?
A. DoS protection
B. WildFire submissions
C. generating a SaaS Application report
D. decrypting SSL sessions
عرض الإجابة
اجابة صحيحة: D
السؤال #24
What file type upload is supported as part of the basic WildFire service?
A. PE
B. BAT
C. VBS
D. ELF
عرض الإجابة
اجابة صحيحة: B
السؤال #25
Which three rule types are available when defining policies in Panorama? (Choose three.)
A. Pre Rules
B. Post Rules
C. Default Rules
D. Stealth Rules
E. Clean Up Rules
عرض الإجابة
اجابة صحيحة: BC
السؤال #26
Which option describes the operation of the automatic commit recovery feature?
A. It enables a firewall to revert to the previous configuration if rule shadowing is detected
B. It enables a firewall to revert to the previous configuration if a commit causes Panorama connectivity failure
C. It enables a firewall to revert to the previous configuration if application dependency errors are found
D. It enables a firewall to revert to the previous configuration if a commit causes HA partner connectivity failure
عرض الإجابة
اجابة صحيحة: AD
السؤال #27
In SSL Forward Proxy decryption, which two certificates can be used for certificate signing? (Choose two.)
A. wildcard server certificate
B. enterprise CA certificate
C. client certificate
D. server certificate
E. self-signed CA certificate
عرض الإجابة
اجابة صحيحة: D
السؤال #28
A web server is hosted in the DMZ and the server is configured to listen for incoming connections on TCP port 443. A Security policies rules allowing access from the Trust zone to the DMZ zone needs to be configured to allow web-browsing access. The web server hosts its contents over HTTP(S). Traffic from Trust to DMZ is being decrypted with a Forward Proxy rule. Which combination of service and application, and order of Security policy rules, needs to be configured to allow cleartext web- browsing traffic
A. Rule #1: application: web-browsing; service: application-default; action: allow Rule #2: application: ssl; service: application-default; action: allow
B. Rule #1: application: web-browsing; service: service-https; action: allow Rule #2: application: ssl; service: application-default; action: allow
C. Rule # 1: application: ssl; service: application-default; action: allowRule #2: application: web-browsing; service: application-default; action: allow
D. Rule #1: application: web-browsing; service: service-http; action: allow Rule #2: application: ssl; service: application-default; action: allow
عرض الإجابة
اجابة صحيحة: B
السؤال #29
A firewall administrator has completed most of the steps required to provision a standalone Palo Alto Networks Next-Generation Firewall. As a final step, the administrator wants to test one of the security policies. Which CLI command syntax will display the rule that matches the test?
A. test security -policy- match source destination destination port protocol
B. show security rule source destination destination port protocol
C. test security rule source destination destination port protocol
D. show security-policy-match source destination destination port protocol test security-policy- match source
عرض الإجابة
اجابة صحيحة: B
السؤال #30
Several offices are connected with VPNs using static IPv4 routes. An administrator has been tasked with implementing OSPF to replace static routing. Which step is required to accomplish this goal?
A. Assign an IP address on each tunnel interface at each site
B. Enable OSPFv3 on each tunnel interface and use Area ID 0
C. Assign OSPF Area ID 0
D. Create new VPN zones at each site to terminate each VPN connection
عرض الإجابة
اجابة صحيحة: ABC
السؤال #31
What are the two behavior differences between Highlight Unused Rules and the Rule Usage Hit counter when a firewall is rebooted? (Choose two.)
A. Rule Usage Hit counter will not be reset
B. Highlight Unused Rules will highlight all rules
C. Highlight Unused Rules will highlight zero rules
D. Rule Usage Hit counter will reset
عرض الإجابة
اجابة صحيحة: AB
السؤال #32
When overriding a template configuration locally on a firewall, what should you consider?
A. Only Panorama can revert the override
B. Panorama will lose visibility into the overridden configuration
C. Panorama will update the template with the overridden value
D. The firewall template will show that it is out of sync within Panorama
عرض الإجابة
اجابة صحيحة: D
السؤال #33
An administrator needs to gather information about the CPU utilization on both the management plane and the data plane Where does the administrator view the desired data?
A. Monitor > Utilization
B. Resources Widget on the Dashboard
C. Support > Resources
D. Application Command and Control Center
عرض الإجابة
اجابة صحيحة: AC
السؤال #34
A company is upgrading its existing Palo Alto Networks firewall from version 7.0.1 to 7.0.4. Which three methods can the firewall administrator use to install PAN-OS 8.0.4 across the enterprise?( Choose three)
A. Download PAN-OS 8
B. Download PAN-OS 8
C. Push the PAN-OS 8
D. Push the PAN-OS 8
E. Download and install PAN-OS 8
F. Download and push PAN-OS 8
عرض الإجابة
اجابة صحيحة: A
السؤال #35
A traffic log might list an application as "not-applicable" for which two reasons'? (Choose two )
A. 0The firewall did not install the session
B. The TCP connection terminated without identifying any application data
C. The firewall dropped a TCP SYN packet
D. There was not enough application data after the TCP connection was established
عرض الإجابة
اجابة صحيحة: B
السؤال #36
Which client software can be used to connect remote Linux client into a Palo Alto Networks Infrastructure without sacrificing the ability to scan traffic and protect against threats?
A. X-Auth IPsec VPN
B. GlobalProtect Apple IOS
C. GlobalProtect SSL
D. GlobalProtect Linux
عرض الإجابة
اجابة صحيحة: A
السؤال #37
What will be the source address in the ICMP packet?
A. 10
B. 10
C. 10
D. 192
عرض الإجابة
اجابة صحيحة: A
السؤال #38
An administrator deploys PA-500 NGFWs as an active/passive high availability pair. The devices are not participating in dynamic routing and preemption is disabled. What must be verified to upgrade the firewalls to the most recent version of PAN-OS software?
A. Wildfire update package
B. User-ID agent
C. Anti virus update package
D. Application and Threats update package
عرض الإجابة
اجابة صحيحة: ABC
السؤال #39
Which two options are required on an M-100 appliance to configure it as a Log Collector? (Choose two)
A. From the Panorama tab of the Panorama GUI select Log Collector mode and then commit changes
B. Enter the command request system system-mode logger then enter Y to confirm the change to Log Collector mode
C. From the Device tab of the Panorama GUI select Log Collector mode and then commit changes
D. Enter the command logger-mode enable the enter Y to confirm the change to Log Collector mode
E. Log in the Panorama CLI of the dedicated Log Collector
عرض الإجابة
اجابة صحيحة: C
السؤال #40
What can missing SSL packets when performing a packet capture on dataplane interfaces?
A. The packets are hardware offloaded to the offloaded processor on the dataplane
B. The missing packets are offloaded to the management plane CPU
C. The packets are not captured because they are encrypted
D. There is a hardware problem with offloading FPGA on the management plane
عرض الإجابة
اجابة صحيحة: ACE
السؤال #41
An administrator has left a firewall to use the data of port for all management service which there functions are performed by the data face? (Choose three.)
A. NTP
B. Antivirus
C. Wildfire updates
D. NAT
E. File tracking
عرض الإجابة
اجابة صحيحة: AD
السؤال #42
Which setting allow a DOS protection profile to limit the maximum concurrent sessions from a source IP address?
A. Set the type to Aggregate, clear the session’s box and set the Maximum concurrent Sessions to 4000
B. Set the type to Classified, clear the session’s box and set the Maximum concurrent Sessions to 4000
C. Set the type Classified, check the Sessions box and set the Maximum concurrent Sessions to 4000
D. Set the type to aggregate, check the Sessions box and set the Maximum concurrent Sessions to 4000
عرض الإجابة
اجابة صحيحة: D
السؤال #43
An administrator has been asked to configure active/passive HA for a pair of Palo Alto Networks NGFWs. The administrator assigns priority 100 to the active firewall. Which priority is correct for the passive firewall?
A. 99
B. 1
C. 255
عرض الإجابة
اجابة صحيحة: B
السؤال #44
View the GlobalProtect configuration screen capture. What is the purpose of this configuration?
A. It configures the tunnel address of all internal clients to an IP address range starting at 192
B. It forces an internal client to connect to an internal gateway at IP address 192
C. It enables a client to perform a reverse DNS lookup on 192
D. It forces the firewall to perform a dynamic DNS update, which adds the internal gateway’s hostname and IP address to the DNS server
عرض الإجابة
اجابة صحيحة: B

View The Updated PALO-ALTO Exam Questions

SPOTO Provides 100% Real PALO-ALTO Exam Questions for You to Pass Your PALO-ALTO Exam!

Get PALO-ALTO Practice Test

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.