1. Home
  2. Paloalto Networks
  3. Palo Alto Certifications and Accreditations
  4. PCNSE
  5. Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0 Questions and Answers

Pass the Paloalto Networks Palo Alto Certifications and Accreditations PCNSE Questions and answers with CertsForce

 Paloalto Networks Exams      Go to Exam Detail      Get Premium Access
Viewing page 6 out of 12 pages
Viewing questions 51-60 out of questions
Questions # 51:

Which three actions can Panorama perform when deploying PAN-OS images to its managed devices? (Choose three.)

Options:
A.

upload-onlys

B.

install and reboot

C.

upload and install

D.

upload and install and reboot

E.

verify and install

Questions # 52:

What would allow a network security administrator to authenticate and identify a user with a new BYOD-type device that is not joined to the corporate domain?

Options:
A.

an Authentication policy with 'unknown' selected in the Source User field

B.

an Authentication policy with 'known-user' selected in the Source User field

C.

a Security policy with 'known-user' selected in the Source User field

D.

a Security policy with 'unknown' selected in the Source User field

Questions # 53:

A company is expanding its existing log storage and alerting solutions All company Palo Alto Networks firewalls currently forward logs to Panorama. Which two additional log forwarding methods will PAN-OS support? (Choose two)

Options:
A.

SSL

B.

TLS

C.

HTTP

D.

Email

Questions # 54:

An administrator configures HA on a customer's Palo Alto Networks firewalls with path monitoring by using the default configuration values.

What are the default values for ping interval and ping count before a failover is triggered?

Options:
A.

Ping interval of 200 ms and ping count of three failed pings

B.

Ping interval of 5000 ms and ping count of 10 failed pings

C.

Ping interval of 200 ms and ping count of 10 failed pings

D.

Ping interval of 5000 ms and ping count of three failed pings

Questions # 55:

A firewall engineer is investigating high dataplane CPU utilization. To decrease the load on this CPU, what should be reduced?

Options:
A.

The amount of decrypted traffic

B.

The timeout value for admin sessions

C.

The number of mapped User-ID groups

D.

The number of permitted IP addresses on the management interface

Questions # 56:

What are two requirements of IPSec in transport mode? (Choose two.)

Options:
A.

IKEv1

B.

NAT traversal

C.

DH-group 20 (ECP-384 bits)

D.

Auto-generated key

Questions # 57:

An administrator configures two VPN tunnels to provide for failover and uninterrupted VPN service. What should an administrator configure to enable automatic failover to the backup tunnel?

Options:
A.

Zone protection

B.

Passive Mode

C.

Tunnel Monitor

D.

Replay Protection

Questions # 58:

A firewall engineer is managing a Palo Alto Networks NGFW that does not have the DHCP server on DHCP agent configuration. Which interface mode can the broadcast DHCP traffic?

Options:
A.

Virtual ware

B.

Tap

C.

Layer 2

D.

Layer 3

Questions # 59:

Which source is the most reliable for collecting User-ID user mapping?

Options:
A.

Syslog Listener

B.

Microsoft Exchange

C.

Microsoft Active Directory

D.

GlobalProtect

Questions # 60:

An administrator is troubleshooting application traffic that has a valid business use case, and observes the following decryption log message: "Received fatal alert UnknownCA from client."

How should the administrator remediate this issue?

Options:
A.

Contact the site administrator with the expired certificate to request updates or renewal.

B.

Enable certificate revocation checking to deny access to sites with revoked certificates. -"

C.

Add the server's hostname to the SSL Decryption Exclusion List to allow traffic without decryption.

D.

Check for expired certificates and take appropriate actions to block or allow access based on business needs.

Viewing page 6 out of 12 pages
Viewing questions 51-60 out of questions