Palo Alto PCNSE Exam Questions and Answers: Your Free Practice Resource

An administrator wants to enable the firewall to forward Decrypted SSL traffic for Wildfire analysis. Where is this configured?

An auditor is evaluating the configuration of Panorama and notices a discrepancy between the Panorama template and the local firewall configuration.

A customer wants to combine multiple Ethernet interfaces into a single virtual interface using link aggregation. Which two formats are correct for naming aggregate interfaces? (Choose two.)

Which value in the Application column indicates UDP traffic that did not match an App-ID signature?

Which Panorama objects restrict administrative access to specific device-groups?

A network security administrator wants to begin inspecting bulk user HTTPS traffic flows egressing out of the internet edge firewall. Which certificate is the best choice to configure as an SSL Forward Trust certificate?

Four configuration choices are listed, and each could be used to block access to a specific URL. If you configured each choice to block the same URL, then which choice would be evaluated last in the processing order to block access to the URL?

An engineer needs to configure SSL Forward Proxy to decrypt traffic on a PA-5260. The engineer uses a forward trust certificate from the enterprise PKI that expires December 31, 2025. The validity date on the PA-generated certificate is taken from what?

What is the dependency for users to access services that require authentication?

An engineer troubleshooting a site-to-site VPN finds a Security policy dropping the peer's IKE traffic at the edge firewall. Both VPN peers are behind a NAT, and NAT-T is enabled. How can the engineer remediate this issue?