Paloalto-Networks PCNSE Free Practice Questions

NEW QUESTION 1
Which three function are found on the dataplane of a PA-5050? (Choose three)

• A. Protocol Decoder
• B. Dynamic routing
• C. Management
• D. Network Processing
• E. Signature Match

Answer: BDE

NEW QUESTION 2
An administrator wants multiple web servers in the DMZ to receive connections initiated from the internet. Traffic destined for 206.15.22.9 port 80/TCP needs to be forwarded to the server at 10.1.1.22

Based on the information shown in the image, which NAT rule will forward web-browsing traffic correctly?
A)

B)

C)

D)

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: D

NEW QUESTION 3
Exhibit:

What will be the egress interface if the traffic’s ingress interface is ethernet1/6 sourcing from 192.168.111.3 and to the destination 10.46.41.113 during the time shown in the image?

• A. ethernet1/7
• B. ethernet1/5
• C. ethernet1/6
• D. ethernet1/3

Answer: D

NEW QUESTION 4
The IT department has received complaints abou VoIP call jitter when the sales staff is making or receiving calls. QoS is enabled on all firewall interfaces, but there is no QoS policy written in the rulebase. The IT manager wants to find out what traffic is causing the jitter in real time when a user reports the jitter.
Which feature can be used to identify, in real time, the applications taking up the most bandwidth?

• A. QoS Statistics
• B. Applications Report
• C. Application Command Center (ACC)
• D. QoS Log

Answer: A

NEW QUESTION 5
Refer to the exhibit.

An administrator is using DNAT to map two servers to a single public IP address. Traffic will be
steered to the specific server based on the application, where Host A (10.1.1.100) received HTTP traffic and host B(10.1.1.101) receives SSH traffic.
Which two security policy rules will accomplish this configuration? (Choose two)

• A. Untrust (Any) to Untrust (10.1.1.1) Ssh-Allow
• B. Untrust (Any) to DMZ (1.1.1.100) Ssh-Allow
• C. Untrust (Any) to DMZ (1.1.1.100) Web-browsing -Allow
• D. Untrust (Any) to Untrust (10.1.1.1) Web-browsing -Allow

Answer: CD

NEW QUESTION 6
The certificate information displayed in the following image is for which type of certificate? Exhibit:

• A. Forward Trust certificate
• B. Self-Signed Root CA certificate
• C. Web Server certificate
• D. Public CA signed certificate

Answer: D

NEW QUESTION 7
When configuring the firewall for packet capture, what are the valid stage types?

• A. Receive, management , transmit , and drop
• B. Receive , firewall, send , and non-syn
• C. Receive management , transmit, and non-syn
• D. Receive , firewall, transmit, and drop

Answer: D

NEW QUESTION 8
A Palo Alto Networks NGFW just submitted a file to WildFire for analysis. Assume a 5-minute window for analysis. The firewall is configured to check for verdicts every 5 minutes.
How quickly will the firewall receive back a verdict?

• A. More than 15 minutes
• B. 5 minutes
• C. 10 to 15 minutes
• D. 5 to 10 minutes

Answer: D

NEW QUESTION 9
Which three settings are defined within the Templates object of Panorama? (Choose three.)

• A. Setup
• B. Virtual Routers
• C. Interfaces
• D. Security
• E. Application Override

Answer: ADE

NEW QUESTION 10
For which two reasons would a firewall discard a packet as part of the packet flow sequence? (Choose two )

• A. equal-cost multipath
• B. ingress processing errors
• C. rule match with action "allow"
• D. rule match with action "deny"

Answer: BD

NEW QUESTION 11
When is the content inspection performed in the packet flow process?

• A. after the application has been identified
• B. before session lookup
• C. before the packet forwarding process
• D. after the SSL Proxy re-encrypts the packet

Answer: A

Explanation: Reference:
https://live.paloaltonetworks.com/t5/Learning-Articles/Packet-Flow-Sequence-in-PAN-OS/ta- p/56081

NEW QUESTION 12
What is exchanged through the HA2 link?

• A. hello heartbeats
• B. User-ID information
• C. session synchronization
• D. HA state information

Answer: C

Explanation: Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/high-availability/ha-links-and-backup-links

NEW QUESTION 13
Which three authentication services can administrator use to authenticate admins into the Palo Alto
Networks NGFW without defining a corresponding admin account on the local firewall? (Choose three.)

• A. Kerberos
• B. PAP
• C. SAML
• D. TACACS+ E.RADIUS F.LDAP

Answer: D

NEW QUESTION 14
Which interface configuration will accept specific VLAN IDs?

• A. Tab Mode
• B. Subinterface
• C. Access Interface
• D. Trunk Interface

Answer: B

NEW QUESTION 15
An administrator pushes a new configuration from Panorama to a pair of firewalls that are configured as an active/passive HA pair. Which NGFW receives the configuration from Panorama?

• A. The Passive firewall, which then synchronizes to the active firewall
• B. The active firewall, which then synchronizes to the passive firewall
• C. Both the active and passive firewalls, which then synchronize with each other
• D. Both the active and passive firewalls independently, with no synchronization afterward

Answer: C

NEW QUESTION 16
A company has a pair of Palo Alto Networks firewalls configured as an Acitve/Passive High Availability (HA) pair.
What allows the firewall administrator to determine the last date a failover event occurred?

• A. From the CLI issue use the show System log
• B. Apply the filter subtype eq ha to the System log
• C. Apply the filter subtype eq ha to the configuration log
• D. Check the status of the High Availability widget on the Dashboard of the GUI

Answer: B

NEW QUESTION 17
Which three options does the WF-500 appliance support for local analysis? (Choose three)

• A. E-mail links
• B. APK files
• C. jar files
• D. PNG files
• E. Portable Executable (PE) files

Answer: ACE