DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Master PCNSE Exams with Exam Questions & Study Materials, Palo Alto Networks Certified | SPOTO

Achieving success in the PCNSE certification exam demands meticulous preparation and thorough practice. Our comprehensive array of resources, including practice tests, free test samples, online exam questions, exam dumps, and mock exams, equips you with the necessary tools to excel. With our latest practice tests and exam materials, you'll gain confidence in tackling even the most challenging aspects of the exam. The PCNSE certification distinguishes individuals with profound expertise in designing, installing, configuring, maintaining, and troubleshooting Palo Alto Networks implementations. Serving as the pivotal exam for the Palo Alto Networks Certified Network Security Engineer (PCNSE) certification, it validates your proficiency in safeguarding networks with Palo Alto's cutting-edge technologies. Prepare effectively with our extensive range of exam questions and answers, and embark on your journey to becoming a certified Palo Alto Networks expert.
Take other online exams

Question #1
Which CLI command displays the current management plane memory utilization?
A. > debug management-server show
B. > show running resource-monitor
C. > show system info
D. > show system resources
View answer
Correct Answer: ABDF
Question #2
Which log file can be used to identify SSL decryption failures?
A. Configuration
B. Threats
C. ACC
D. Traffic
View answer
Correct Answer: B
Question #3
A bootstrap USB flash drive has been prepared using a Windows workstation to load the initial configuration of a Palo Alto Networks firewall that was previously being used in a lab. The USB flash drive was formatted using file system FAT32 and the initial configuration is stored in a file named init-cfg txt. The firewall is currently running PAN-OS 10.0 and using a lab config The contents of init-cfg txi in the USB flash drive are as follows: The USB flash drive has been inserted in the firewalls' USB port,
A. Firewall must be m factory default state or have all private data deleted for bootstrapping
B. The hostname is a required parameter, but it is missing in imt-cfg txt
C. The USB must be formatted using the ext3 file system, FAT32 is not supported
D. PANOS version must be 91
E. The bootstrap
View answer
Correct Answer: AD
Question #4
Site-A and Site-B need to use IKEv2 to establish a VPN connection. Site A connects directly to the internet using a public IP address. Site-B uses a private IP address behind an ISP router to connect to the internet. How should NAT Traversal be implemented for the VPN connection to be established between Site-A and Site-B?
A. Enable on Site-A only
B. Enable on Site-B only
C. Enable on Site-B only with passive mode
D. Enable on Site-A and Site-B
View answer
Correct Answer: D
Question #5
A client has a sensitive application server in their data center and is particularly concerned about session flooding because of denial of-service attacks. How can the Palo Alto Networks NGFW be configured to specifically protect this server against session floods originating from a single IP address?
A. Define a custom App-ID to ensure that only legitimate application traffic reaches the server
B. Add QoS Profiles to throttle incoming requests
C. Add a tuned DoS Protection Profile
D. Add an Anti-Spyware Profile to block attacking IP address
View answer
Correct Answer: AC
Question #6
Starting with PAN-OS version 9.1, application dependency information is now reported in which new locations? (Choose two.)
A. On the App Dependency tab in the Commit Status window
B. On the Application tab in the Security Policy Rule creation window
C. On the Objects > Applications browsers pages
D. On the Policy Optimizer's Rule Usage page
View answer
Correct Answer: A
Question #7
An administrator pushes a new configuration from Panorama to a pair of firewalls that are configured as an active/passive HA pair. Which NGFW receives the configuration from Panorama?
A. The Passive firewall, which then synchronizes to the active firewall
B. The active firewall, which then synchronizes to the passive firewall
C. Both the active and passive firewalls, which then synchronize with each other
D. Both the active and passive firewalls independently, with no synchronization afterward
View answer
Correct Answer: B
Question #8
An administrator needs to upgrade a Palo Alto Networks NGFW to the most current version of PAN-OS? software. The firewall has internet connectivity through an Ethernet interface, but no internet connectivity from the management interface. The Security policy has the default security rules and a rule that allows all web- browsing traffic from any to any zone. What must the administrator configure so that the PAN-OS? software can be upgraded?
A. Security policy rule
B. CRL
C. Service route
D. Scheduler
View answer
Correct Answer: C
Question #9
Which three options does the WF-500 appliance support for local analysis? (Choose three)
A. E-mail links
B. APK files
C. jar files
D. PNG files
E. Portable Executable (PE) files
View answer
Correct Answer: D
Question #10
When is it necessary to activate a license when provisioning a new Palo Alto Networks firewall?
A. When configuring Certificate Profiles
B. When configuring GlobalProtect portal
C. When configuring User Activity Reports
D. When configuring Antivirus Dynamic Updates
View answer
Correct Answer: ACE
Question #11
Which three fields can be included in a pcap filter? (Choose three)
A. Egress interface
B. Source IP
C. Rule number
D. Destination IP
E. Ingress interface
View answer
Correct Answer: ADE
Question #12
Which interface configuration will accept specific VLAN IDs?
A. Tab Mode
B. Subinterface
C. Access Interface
D. Trunk Interface
View answer
Correct Answer: BD
Question #13
A host attached to ethernet1/3 cannot access the internet. The default gateway is attached to ethernet1/4. After troubleshooting. It is determined that traffic cannot pass from the ethernet1/3 to ethernet1/4. What can be the cause of the problem?
A. DHCP has been set to Auto
B. Interface ethernet1/3 is in Layer 2 mode and interface ethernet1/4 is in Layer 3 mode
C. Interface ethernet1/3 and ethernet1/4 are in Virtual Wire Mode
D. DNS has not been properly configured on the firewall
View answer
Correct Answer: BC
Question #14
When using the predefined default profile, the policy will inspect for viruses on the decoders. Match each decoder with its default action. Answer options may be used more than once or not at all.
A. Mastered
B. Not Mastered
View answer
Correct Answer: AD
Question #15
During the packet flow process, which two processes are performed in application identification? (Choose two.)
A. Pattern based application identification
B. Application override policy match
C. Application changed from content inspection
D. Session application identified
View answer
Correct Answer: AB
Question #16
Which URL Filtering Security Profile action logs the URL Filtering category to the URL Filtering log?
A. Log
B. Alert
C. Allow
D. Default
View answer
Correct Answer: CE
Question #17
What should an administrator consider when planning to revert Panorama to a pre-PAN-OS 8.1 version?
A. Panorama cannot be reverted to an earlier PAN-OS release if variables are used in templates or template stacks
B. An administrator must use the Expedition tool to adapt the configuration to the pre-PAN-OS 8
C. When Panorama is reverted to an earlier PAN-OS release, variables used in templates or template stacks will be removed automatically
D. Administrators need to manually update variable characters to those used in pre-PAN-OS 8
View answer
Correct Answer: B
Question #18
A firewall administrator is troubleshooting problems with traffic passing through the Palo Alto Networks firewall. Which method shows the global counters associated with the traffic after configuring the appropriate packet filters?
A. From the CLI, issue the show counter global filter pcap yes command
B. From the CLI, issue the show counter global filter packet-filter yes command
C. From the GUI, select show global counters under the monitor tab
D. From the CLI, issue the show counter interface command for the ingress interface
View answer
Correct Answer: C
Question #19
How is the Forward Untrust Certificate used?
A. It issues certificates encountered on the Untrust security zone when clients attempt to connect to a site that has be decrypted/
B. It is used when web servers request a client certificate
C. It is presented to clients when the server they are connecting to is signed by a certificate authority that is not trusted by firewall
D. It is used for Captive Portal to identify unknown users
View answer
Correct Answer: BD
Question #20
Company.com has an in-house application that the Palo Alto Networks device doesn't identify correctly. A Threat Management Team member has mentioned that this in-house application is very sensitive and all traffic being identified needs to be inspected by the Content-ID engine. Which method should company.com use to immediately address this traffic on a Palo Alto Networks device?
A. Create a custom Application without signatures, then create an Application Override policy that includes the source, Destination, Destination Port/Protocol and Custom Application of the traffic
B. Wait until an official Application signature is provided from Palo Alto Networks
C. Modify the session timer settings on the closest referanced application to meet the needs of the in-house application
D. Create a Custom Application with signatures matching unique identifiers of the in-house application traffic
View answer
Correct Answer: D
Question #21
In a security-first network what is the recommended threshold value for content updates to be dynamically updated?
A. 1 to 4 hours
B. 6 to 12 hours
C. 24 hours
D. 36 hours
View answer
Correct Answer: D
Question #22
When you import the configuration of an HA pair into Panorama, how do you prevent the import from affecting ongoing traffic?
A. Disable HA
B. Disable the HA2 link
C. Disable config sync
D. Set the passive link state to 'shutdown
View answer
Correct Answer: D
Question #23
Which option is part of the content inspection process?
A. Packet forwarding process
B. SSL Proxy re-encrypt
C. IPsec tunnel encryption
D. Packet egress process
View answer
Correct Answer: B
Question #24
What are two prerequisites for configuring a pair of Palo Alto Networks firewalls in an active/passive High Availability (HA) pair? (Choose two.)
A. The firewalls must have the same set of licenses
B. The management interfaces must to be on the same network
C. The peer HA1 IP address must be the same on both firewalls
D. HA1 should be connected to HA1
View answer
Correct Answer: A
Question #25
An administrator has enabled OSPF on a virtual router on the NGFW. OSPF is not adding new routes to the virtual router. Which two options enable the administrator to troubleshoot this issue? (Choose two.)
A. View Runtime Stats in the virtual router
B. View System logs
C. Add a redistribution profile to forward as BGP updates
D. Perform a traffic pcap at the routing stage
View answer
Correct Answer: C
Question #26
How can a Palo Alto Networks firewall be configured to send syslog messages in a format compatible with non-standard syslog servers?
A. Enable support for non-standard syslog messages under device management
B. Check the custom-format check box in the syslog server profile
C. Select a non-standard syslog server profile
D. Create a custom log format under the syslog server profile
View answer
Correct Answer: A
Question #27
What are the differences between using a service versus using an application for Security Policy match?
A. Use of a "service" enables the firewall to take action after enough packets allow for App-ID identification
B. Use of a "service" enables the firewall to take immediate action with the first observed packet based on port numbers Use of an "application" allows the firewall to take action after enough packets allow for App-ID identification regardless of the ports being used
C. There are no differences between "service" or "application” Use of an "application" simplifies configuration by allowing use of a friendly application name instead of port numbers
D. Use of a "service" enables the firewall to take immediate action with the first observed packet based on port number
E. Use of an "application" allows the firewall to take immediate action it the port being used is a member of the application standardport list
View answer
Correct Answer: D
Question #28
An administrator accidentally closed the commit window/screen before the commit was finished. Which two options could the administrator use to verify the progress or success of that commit task? (Choose two.)
A. Exhibit A
B. Exhibit B
C. Exhibit C
D. Exhibit D
View answer
Correct Answer: A
Question #29
An administrator wants to upgrade an NGFW from PAN-OS? 9.0 to PAN-OS? 10.0. The firewall is not a part of an HA pair. What needs to be updated first?
A. XML Agent
B. Applications and Threats
C. WildFire
D. PAN-OS? Upgrade Agent
View answer
Correct Answer: B
Question #30
Which two logs on the firewall will contain authentication-related information useful for troubleshooting purpose (Choose two)
A. ms
B. traffic
C. system
D. dp-monitor
E. authd
View answer
Correct Answer: C
Question #31
A global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck near the User-ID agent server. Which solution in PAN-OS? software would help in this case?
A. application override
B. Virtual Wire mode
C. content inspection
D. redistribution of user mappings
View answer
Correct Answer: A
Question #32
Which Palo Alto Networks VM-Series firewall is supported for VMware NSX?
A. VM-100
B. VM-200
C. VM-1000-HV
D. VM-300
View answer
Correct Answer: ABC
Question #33
An Administrator is configuring Authentication Enforcement and they would like to create an exemption rule to exempt a specific group from authentication. Which authentication enforcement object should they select?
A. default-browser-challenge
B. default-authentication-bypass
C. default-web-format
D. default-no-captive-portal
View answer
Correct Answer: D
Question #34
An administrator sees several inbound sessions identified as unknown-tcp in the traffic logs. The administrator determines that these sessions are from external users accessing the company’s proprietary accounting application. The administrator wants to reliably identify this as their accounting application and to scan this traffic for threats. Which option would achieve this result?
A. Create an Application Override policy and a custom threat signature for the application
B. Create an Application Override policy
C. Create a custom App-ID and use the "ordered conditions" check box
D. Create a custom App ID and enable scanning on the advanced tab
View answer
Correct Answer: AB
Question #35
A network engineer has revived a report of problems reaching 98.139.183.24 through vr1 on the firewall. The routing table on this firewall is extensive and complex. Which CLI command will help identify the issue?
A. test routing fib virtual-router vr1
B. show routing route type static destination 98
C. test routing fib-lookup ip 98
D. show routing interface
View answer
Correct Answer: D
Question #36
What are two benefits of nested device groups in Panorama? (Choose two.)
A. Reuse of the existing Security policy rules and objects
B. Requires configuring both function and location for every device
C. All device groups inherit settings form the Shared group
D. Overwrites local firewall configuration
View answer
Correct Answer: A
Question #37
The IT department has received complaints abou VoIP call jitter when the sales staff is making or receiving calls. QoS is enabled on all firewall interfaces, but there is no QoS policy written in the rulebase. The IT manager wants to find out what traffic is causing the jitter in real time when a user reports the jitter. Which feature can be used to identify, in real time, the applications taking up the most bandwidth?
A. QoS Statistics
B. Applications Report
C. Application Command Center (ACC)
D. QoS Log
View answer
Correct Answer: B
Question #38
If the firewall has the link monitoring configuration, what will cause a failover?
A. ethernet1/3 and ethernet1/6 going down
B. ethernet1/3 going down
C. ethernet1/3 or Ethernet1/6 going down
D. ethernet1/6 going down
View answer
Correct Answer: D
Question #39
Which tool provides an administrator the ability to see trends in traffic over periods of time, such as threats detected in the last 30 days?
A. Session Browser
B. Application Command Center
C. TCP Dump
D. Packet Capture
View answer
Correct Answer: B
Question #40
The SSL Forward Proxy decryption policy is configured. The following four certificate authority (CA) certificates are installed on the firewall. An end-user visits the untrusted website https //www firewall-do-not-trust-website com Which certificate authority (CA) certificate will be used to sign the untrusted webserver certificate?
A. Forward-Untrust-Certificate
B. Forward-Trust-Certificate
C. Firewall-CA
D. Firewall-Trusted-Root-CA
View answer
Correct Answer: D
Question #41
Which value in the Application column indicates UDP traffic that did not match an App-ID signature?
A. not-applicable
B. incomplete
C. unknown-ip
D. unknown-udp
View answer
Correct Answer: A
Question #42
A firewall administrator has been asked to configure a Palo Alto Networks NGFW to prevent against compromised hosts trying to phone-home or beacon out to external command-and-control (C2) servers. Which security Profile type will prevent these behaviors?
A. WildFire
B. Anti-Spyware
C. Vulnerability Protection
D. Antivirus
View answer
Correct Answer: AC
Question #43
A Palo Alto Networks firewall is being targeted by an NTP Amplification attack and is being flooded with tens thousands of bogus UDP connections per second to a single destination IP address and post. Which option when enabled with the correction threshold would mitigate this attack without dropping legitirnate traffic to other hosts insides the network?
A. Zone Protection Policy with UDP Flood Protection
B. QoS Policy to throttle traffic below maximum limit
C. Security Policy rule to deny trafic to the IP address and port that is under attack
D. Classified DoS Protection Policy using destination IP only with a Protect action
View answer
Correct Answer: D
Question #44
Which action disables Zero Touch Provisioning (ZTP) functionality on a ZTP firewall during the onboarding process?
A. performing a local firewall commit
B. removing the firewall as a managed device in Panorama
C. performing a factory reset of the firewall
D. removing the Panorama serial number from the ZTP service
View answer
Correct Answer: A
Question #45
Which two statements are correct for the out-of-box configuration for Palo Alto Networks NGFWs? (Choose two)
A. The devices are pre-configured with a virtual wire pair out the first two interfaces
B. The devices are licensed and ready for deployment
C. The management interface has an IP address of 192
D. A default bidirectional rule is configured that allows Untrust zone traffic to go to the Trust zone
E. The interface are pingable
View answer
Correct Answer: BD
Question #46
A company has a policy that denies all applications it classifies as bad and permits only application it classifies as good. The firewall administrator created the following security policy on the company's firewall. Which interface configuration will accept specific VLAN IDs? Which two benefits are gained from having both rule 2 and rule 3 presents? (choose two)
A. A report can be created that identifies unclassified traffic on the network
B. Different security profiles can be applied to traffic matching rules 2 and 3
C. Rule 2 and 3 apply to traffic on different ports
D. Separate Log Forwarding profiles can be applied to rules 2 and 3
View answer
Correct Answer: A
Question #47
An administrator has a PA-820 firewall with an active Threat Prevention subscription The administrator is considering adding a WildFire subscription How does adding the WildFire subscription improve the security posture of the organization1?
A. Protection against unknown malware can be provided in near real-time
B. WildFire and Threat Prevention combine to provide the utmost security posture for the firewall
C. After 24 hours WildFire signatures are included in the antivirus update
D. WildFire and Threat Prevention combine to minimize the attack surface
View answer
Correct Answer: A
Question #48
Starling with PAN-OS version 9.1, GlobalProtect logging information is now recorded in which firewall log?
A. Configuration
B. GlobalProtect
C. Authentication
D. System
View answer
Correct Answer: D

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: