Scribd
Upload
117 views8 pages

Vendor: Palo Alto Networks Exam Code: PCNSE Exam Name: Palo Alto Networks Certified Security Engineer

The document contains 10 questions from the Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 10.0 exam. The questions cover topics such as the license required to obtain new correlation objectives in PAN-OS 10.0, how to configure the security policy to allow an OS upgrade when the management interface lacks internet access, the settings defined in the Templates object, and functions of the dataplane such as NAT and antivirus.

Uploaded by

Jai Vj
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
117 views8 pages

Vendor: Palo Alto Networks Exam Code: PCNSE Exam Name: Palo Alto Networks Certified Security Engineer

The document contains 10 questions from the Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 10.0 exam. The questions cover topics such as the license required to obtain new correlation objectives in PAN-OS 10.0, how to configure the security policy to allow an OS upgrade when the management interface lacks internet access, the settings defined in the Templates object, and functions of the dataplane such as NAT and antivirus.

Uploaded by

Jai Vj
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

Vendor: Palo Alto Networks

Exam Code: PCNSE

Exam Name: Palo Alto Networks Certified Security Engineer


(PCNSE) PAN-OS 10.0

Version: DEMO
★ Instant Download ★ PDF And VCE ★ 100% Passing Guarantee ★ 100% Money Back Guarantee

QUESTION 1
PAN-OS 10.0 introduced an automated correlation engine that analyzes log patterns and
generates correlation events visible in the new Application Command Center (ACC).

Which license must the firewall have to obtain new correlation objectives?

A. Application Center
B. URL Filtering
C. GlobalProtect
D. Threat Prevention

Answer: D

QUESTION 2
An administrator needs to upgrade a Palo Alto Networks NGFW to the most current version of
PAN-OS software. The firewall has internet connectivity through an Ethernet interface, but no
internet connectivity from the management interface. The Security policy has the default security
rules and a rule that allows all web-browsing traffic from any to any zone.

What must the administrator configure so that the PAN-OS?software can be upgraded?

A. Security policy rule


B. CRL
C. Service route
D. Scheduler

Answer: A

QUESTION 3
Which three settings are defined within the Templates object of Panorama? (Choose three.)

A. Setup
B. Virtual Routers
C. Interfaces
D. Security
E. Application Override

Answer: ADE

QUESTION 4
An administrator has left a firewall to use the default port for all management services. Which
three functions are performed by the dataplane? (Choose three.)

A. WildFire updates
B. NAT
C. NTP
D. antivirus
E. File blocking

Answer: ABC

Get Latest & Actual PCNSE Exam's Question and Answers from Lead2pass. 2
http://www.lead2pass.com
★ Instant Download ★ PDF And VCE ★ 100% Passing Guarantee ★ 100% Money Back Guarantee

QUESTION 5
A Security policy rule is configured with a Vulnerability Protection Profile and an action of `Deny".
Which action will this cause configuration on the matched traffic?

A. The configuration is invalid. The Profile Settings section will be grayed out when the Action is set
to "Deny".
B. The configuration will allow the matched session unless a vulnerability is detected. The "Deny"
action will supersede the per-severity defined actions defined in the associated Vulnerability
Protection Profile.
C. The configuration is invalid. It will cause the firewall to skip this Security policy rule. A warning will
be displayed during a commit.
D. The configuration is valid. It will cause the firewall to deny the matched sessions. Any configured
Security Profiles have no effect if the Security policy rule action is set to "Deny."

Answer: B

QUESTION 6
If the firewall has the link monitoring configuration, what will cause a failover?

A. ethernet1/3 and ethernet1/6 going down


B. ethernet1/3 going down
C. ethernet1/3 or Ethernet1/6 going down
D. ethernet1/6 going down

Answer: A

QUESTION 7
An administrator has been asked to configure a Palo Alto Networks NGFW to provide protection
against worms and trojans.
Which Security Profile type will protect against worms and trojans?

A. Anti-Spyware
B. Instruction Prevention
C. File Blocking
D. Antivirus

Get Latest & Actual PCNSE Exam's Question and Answers from Lead2pass. 3
http://www.lead2pass.com
★ Instant Download ★ PDF And VCE ★ 100% Passing Guarantee ★ 100% Money Back Guarantee

Answer: D

QUESTION 8
Refer to the exhibit.

An administrator cannot see any if the Traffic logs from the Palo Alto Networks NGFW on
Panorama. The configuration problem seems to be on the firewall side. Where is the best place
on the Palo Alto Networks NGFW to check whether the configuration is correct?

A.

Get Latest & Actual PCNSE Exam's Question and Answers from Lead2pass. 4
http://www.lead2pass.com
★ Instant Download ★ PDF And VCE ★ 100% Passing Guarantee ★ 100% Money Back Guarantee

B.

C.

Get Latest & Actual PCNSE Exam's Question and Answers from Lead2pass. 5
http://www.lead2pass.com
★ Instant Download ★ PDF And VCE ★ 100% Passing Guarantee ★ 100% Money Back Guarantee

D.

Answer: D

QUESTION 9
A client is concerned about resource exhaustion because of denial-of-service attacks against
their DNS servers.

Which option will protect the individual servers?

A. Enable packet buffer protection on the Zone Protection Profile.


B. Apply an Anti-Spyware Profile with DNS sinkholing.
C. Use the DNS App-ID with application-default.
D. Apply a classified DoS Protection Profile.

Answer: A

QUESTION 10
Refer to the exhibit.

Get Latest & Actual PCNSE Exam's Question and Answers from Lead2pass. 6
http://www.lead2pass.com
★ Instant Download ★ PDF And VCE ★ 100% Passing Guarantee ★ 100% Money Back Guarantee

Which will be the egress interface if the traffic's ingress interface is ethernet 1/7 sourcing from
192.168.111.3 and to the destination 10.46.41.113?

A. ethernet1/6
B. ethernet1/3
C. ethernet1/7
D. ethernet1/5

Answer: D

Get Latest & Actual PCNSE Exam's Question and Answers from Lead2pass. 7
http://www.lead2pass.com
★ Instant Download ★ PDF And VCE ★ 100% Passing Guarantee ★ 100% Money Back Guarantee

Thank You for Trying Our Product

Lead2pass Certification Exam Features:

★ More than 99,900 Satisfied Customers Worldwide.

★ Average 99.9% Success Rate.

★ Free Update to match latest and real exam scenarios.

★ Instant Download Access! No Setup required.

★ Questions & Answers are downloadable in PDF format and


VCE test engine format.

★ Multi-Platform capabilities - Windows, Laptop, Mac, Android, iPhone, iPod, iPad.

★ 100% Guaranteed Success or 100% Money Back Guarantee.

★ Fast, helpful support 24x7.

View list of all certification exams: http://www.lead2pass.com/all-products.html

10% Discount Coupon Code: ASTR14

Get Latest & Actual PCNSE Exam's Question and Answers from Lead2pass. 8
http://www.lead2pass.com

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy