Free Palo Alto PCNSE Practice Exam Questions and Answers

A network security administrator wants to enable Packet-Based Attack Protection in a Zone Protection profile. What are two valid ways to enable Packet-Based Attack Protection? (Choose two.)

An administrator wants to use LDAP, TACACS+, and Kerberos as external authentication services for authenticating users. What should the administrator be aware of regarding the authentication sequence, based on the Authentication profiles in the order Kerberos, LDAP, and TACACS+?

An administrator has two pairs of firewalls within the same subnet. Both pairs of firewalls have been configured to use High Availability mode with Active/Passive. The ARP tables for upstream routes display the same MAC address being shared for some of these firewalls. What can be configured on one pair of firewalls to modify the MAC addresses so they are no longer in conflict?

How can Panorama help with troubleshooting problems such as high CPU or resource exhaustion on a managed firewall?

Which log type would provide information about traffic blocked by a Zone Protection profile?

A network security administrator has been tasked with deploying User-ID in their organization. What are three valid methods of collecting User-ID information in a network? (Choose three.)

A firewall engineer is managing a Palo Alto Networks NGFW that does not have the DHCP server or DHCP agent configuration. Which interface mode can the engineer use to generate Enhanced Application logs (EALs) for classifying Internet of Things (loT) devices while receiving broadcast DHCP traffic?

Which statement about High Availability timer settings is true?

An organization wants to begin decrypting guest and BYOD traffic. Which NGFW feature can be used to identify guests and BYOD users, instruct them how to download and install the CA certificate, and clearly notify them that their trafficlwill be decrypted?