Palo Alto Networks PCNSE Exam Practice Test Instant Access

Question 1

A firewall administrator is changing a packet capture filter to troubleshoot a specific traffic flow Upon opening the newly created packet capture, the administrator still sees traffic for the previous fitter What can the administrator do to limit the captured traffic to the newly configured filter?

ACommand line > debug dataplane packet-diag clear filter-marked-session all

BIn the GLH under Monitor > Packet Capture > Manage Filters under Ingress Interface select an interface

CCommand line> debug dataplane packet-diag clear filter all

DIn the GUI under Monitor > Packet Capture > Manage Filters under the Non-IP field, select 'exclude'

Answer : C

Question 2

What are three prerequisites to enable Credential Phishing Prevention over SSL? (Choose three

AConfigure a URL profile to block the phishing category.

BCreate a URL filtering profile

CEnable User-ID.

DCreate an anti-virus profile.

ECreate a decryption policy rule.

Answer : B, C, E

Question 3

Which two components are required to configure certificate-based authentication to the web Ul when an administrator needs firewall access on a trusted interface'? (Choose two.)

AServer certificate

BSSL/TLS Service Profile

CCertificate Profile

DCA certificate

Answer : C, D

Question 4

A firewall engineer needs to patch the company's Palo Alto Network firewalls to the latest version of PAN-OS. The company manages its firewalls by using panoram

a. Logs are forwarded to Dedicated Log Collectors, and file samples are forwarded to WildFire appliances for analysis. What must the engineer consider when planning deployment?

AOnly Panorama and Dedicated Log Collectorss must be patched to the target PAN-OS version before updating the firewalls

BPanorama, Dedicated Log Collectors and WildFire appliances must be patched to the target PAN-OS version before updating the firewalls.

CPanorama, Dedicated Log Collectors and WildFire appliances must have the target PAN-OS version downloaded, after which the order of patching does not matter.

DOnly Panorama must be patched to the PAN-OS version before updating the firewalls

Answer : B

Question 5

A threat intelligence team has requested more than a dozen Short signatures to be deployed on all perimeter Palo Alto Networks firewalls. How does the firewall engineer fulfill this request with the least time to implement?

AUse Expedition to create custom vulnerability signatures, deploy them to Panorama using API and push them to the firewalls.

BCreate custom vulnerability signatures manually on one firewall export them, and then import them to the rest of the firewalls

CUse Panorama IPs Signature Converter to create custom vulnerability signatures, and push them to the firewalls.

DCreate custom vulnerability signatures manually in Panorama, and push them to the firewalls

Answer : C

Question 6

An engineer is tasked with decrypting web traffic in an environment without an established PKI When using a self-signed certificate generated on the firewall which type of certificate should be in? approved web traffic?

AAn Enterprise Root CA certificate

BThe same certificate as the Forward Trust certificate

CA Public Root CA certificate

DThe same certificate as the Forward Untrust certificate

Answer : B

Question 7

What are three prerequisites for credential phishing prevention to function? (Choose three.)

AIn the URL filtering profile, use the drop-down list to enable user credential detection.

BEnable Device-ID in the zone.

CSelect the action for Site Access for each category.

DAdd the URL filtering profile to one or more Security policy rules.

ESet phishing category to block in the URL Filtering profile.

Answer : A, D, E

Palo Alto Networks Certified Security Engineer PAN-OS 11.0 Exam Practice Test