PCNSE Online Practice Questions and Answers

In a Panorama template which three types of objects are configurable? (Choose three)

A. HIP objects

B. QoS profiles

C. interface management profiles

D. certificate profiles

E. security profiles

Which CLI command is used to simulate traffic going through the firewall and determine which Security policy rule, NAT translation, static route, or PBF rule will be triggered by the traffic?

A. check

B. find

C. test

D. sim

Which two interface types can be used when configuring GlobalProtect Portal? (Choose two)

A. Virtual Wire

B. Loopback

C. Layer 3

D. Tunnel

Which operation will impact performance of the management plane?

A. DoS protection

B. WildFire submissions

C. generating a SaaS Application report

D. decrypting SSL sessions

Which Panorama feature allows for logs generated by Panorama to be forwarded to an external Security Information and Event Management(SIEM) system?

A. Panorama Log Settings

B. Panorama Log Templates

C. Panorama Device Group Log Forwarding

D. Collector Log Forwarding for Collector Groups

The same route appears in the routing table three times using three different protocols. Which mechanism determines how the firewall chooses which route to use?

A. Administrative distance

B. Round Robin load balancing

C. Order in the routing table

D. Metric

An internal audit team has requested additional information to be included inside traffic logs forwarded from Palo Alto Networks firewalls to an internal syslog server. Where can the firewall engineer define the data to be added into each forwarded log?

A. Custom Log Format within Device > Server Profiles > Syslog

B. Built-in Actions within Objects > Log Forwarding Profile

C. Logging and Reporting Settings within Device > Setup > Management

D. Data Patterns within Objects > Custom Objects

After switching to a different WAN connection, users have reported that various websites will not load, and timeouts are occurring. The web servers work fine from other locations.

The firewall engineer discovers that some return traffic from these web servers is not reaching the users behind the firewall. The engineer later concludes that the maximum transmission unit (MTU) on an upstream router interface is set to

1400 bytes.

The engineer reviews the following CLI output for ethernet1/1.

Which setting should be modified on ethernet1/1 to remedy this problem?

A. Change the subnet mask from /23 to /24.

B. Lower the interface MTU value below 1500.

C. Adjust the TCP maximum segment size (MSS) value.

D. Enable the Ignore IPv4 Don't Fragment (DF) setting.

Review the screenshots and consider the following information:

1.

FW-1 is assigned to the FW-1_DG device group and FW-2 is assigned to OFFICE_FW_DG

2.

There are no objects configured in REGIONAL_DG and OFFICE_FW_DG device groups Which IP address will be pushed to the firewalls inside Address Object Server-1?

A. Server-1 on FW-1 will have IP 2.2.2.2 Server-1 will not be pushed to FW-2

B. Server-1 on FW-1 will have IP 3.3.3.3 Server-1 will not be pushed to FW-2

C. Server-1 on FW-1 will have IP 1.1.1.1 Server-1 will not be pushed to FW-2

D. Server-1 on FW-1 will have IP 4.4.4.4 Server-1 on FW-2 will have IP 1.1.1.1

An administrator is assisting a security engineering team with a decryption rollout for inbound and forward proxy traffic. Incorrect firewall sizing is preventing the team from decrypting all of the traffic they want to decrypt.

Which three items should be prioritized for decryption? (Choose three.)

A. Financial, health, and government traffic categories

B. Less-trusted internal IP subnets

C. Known malicious IP space

D. High-risk traffic categories

E. Public-facing servers