DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

PCNSE Exam Practice Test: Palo Alto Network Security Engineer Exam Questions

Exam NameNetwork Security Engineer
Exam NumberPCNSE PAN-OS 10
Exam Price$175 USD
Duration80 minutes
Number of Questions75
Passing ScoreVariable (70-80 / 100 Approx.)

Take this free PCNSE practice test full of Palo Alto Network Security Engineer exam questions and answers to prepare for the PCNSE certification exam. Study with real PCNSE practice questions and detailed explanations. 

Take other online exams
Question #1
An administrator is receiving complaints about application performance degradation. After checking the CC, the administrator observes that there is an excessive amount of SSL traffic. Which three elements should the administrator configure to address this issue? (Choose three.)
A. n Application Override policy for the SSL traffic
B. oS on the egress interface for the traffic flows
C. QoS policy for each application ID
D. QoS profile defining traffic classes
E. oS on the ingress interface for the traffic flows
View answer
Correct Answer: BCD
Question #2
An engineer is troubleshooting a traffic-routing issue. What is the correct packet-flow sequence?
A. BF > Zone Protection Profiles > Packet Buffer Protection
B. AT > Security policy enforcement > OSPF
C. BF > Static route > Security policy enforcement
D. GP > PBF > NAT
View answer
Correct Answer: C
Question #3
An enterprise Information Security team has deployed policies based on AD groups to restrict user access to critical infrastructure systems. However, a recent phishing campaign against the organization has prompted Information Security to look for more controls that can secure access to critical assets. For users that need to access these systems, Information Security wants to use PAN-OS multi-factor authentication (MFA) integration to enforce MF
A. What should the enterprise do to use PAN-OS MFA?
A. onfigure a Captive Portal authentication policy that uses an authentication profile that references a RADIUS profile
B. onfigure a Captive Portal authentication policy that uses an authentication sequence
C. se a Credential Phishing agent to detect, prevent, and mitigate credential phishing campaigns
D. reate an authentication profile and assign another authentication factor to be used by a Captive Portal authentication policy
View answer
Correct Answer: D
Question #4
A network security administrator has an environment with multiple forms of authentication. There is a network access control system in place that authenticates and restricts access for wireless users, multiple Windows domain controllers, and an MDM solution for company-provided smartphones. All of these devices have their authentication events logged. Given the information, what is the best choice for deploying User-ID to ensure maximum coverage?
A. tandalone User-ID agent
B. aptive portal
C. yslog listener
D. gentless User-ID with redistribution
View answer
Correct Answer: C
Question #5
Why would a traffic log list an application as "not-applicable''?
A. he firewall denied the traffic before the application match could be performed
B. he TCP connection terminated without identifying any application data
C. here was not enough application data after the TCP connection was established
D. he application is not a known Palo Alto Networks App-ID
View answer
Correct Answer: A
Question #6
When you import the configuration of an HA pair into Panorama, how do you prevent the import from affecting ongoing traffic?
A. isable config sync
B. et the passive link state to "shutdown
C. isable the HA2 link
D. isable HA
View answer
Correct Answer: A
Question #7
During the process of developing a decryption strategy and evaluating which websites are required for corporate users to access, several sites have been identified that cannot be decrypted due to technical reasons. In this case, the technical reason is unsupported ciphers. Traffic to these sites will therefore be blocked if decrypted. How should the engineer proceed?
A. nstall the the unsupported cipher into the firewall to allow the sites to be decrypted
B. reate a Security policy to allow access to those sites
C. dd the sites to the SSL Decryption Exclusion list to exempt them from decryption
D. llow the firewall to block the sites to improve the security posture
View answer
Correct Answer: C
Question #8
lf an administrator wants to apply QoS to traffic based on source, what must be specified in a QoS policy rule?
A. re-NAT source address
B. ost-NAT destination address
C. re-NAT destination address
D. ost-NAT source address
View answer
Correct Answer: A
Question #9
An engineer is monitoring an active/passive high availability (HA) firewall pair. Which HA firewall state describes the firewall that is experiencing a failure of a monitored path?
A. uspended
B. nitial
C. on-functional
D. assive
View answer
Correct Answer: B
Question #10
An engineer needs to configure a standardized template for all Panorama-managed firewalls. These settings will be configured on a template named "Global" and will be included in all template stacks. Which three settings can be configured in this template? (Choose three.)
A. ogin banner
B. og Forwarding profile
C. SL decryption exclusion
D. mail scheduler
E. ynamic updates
View answer
Correct Answer: ABE

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.