• Home
  • Articles
  • 2021 PCNSE dumps review - Professional Quiz Study Materials [Q47-Q66]

2021 PCNSE dumps review - Professional Quiz Study Materials [Q47-Q66]

Share

2021 PCNSE dumps review - Professional Quiz Study Materials

PCNSE Test Prep Training Practice Exam Questions Practice Tests

NEW QUESTION 47
Which option would an administrator choose to define the certificate and protocol that Panorama and its managed devices use for SSL/TLS services?

  • A. Set up Security policy rule to allow SSL communication.
  • B. Configure a Decryption Profile and select SSL/TLS services.
  • C. Set up SSL/TLS under Polices > Service/URL Category>Service.
  • D. Configure an SSL/TLS Profile.

Answer: D

 

NEW QUESTION 48
Which two features does PAN-OS software use to identify applications? (Choose two)

  • A. application layer payload
  • B. transaction characteristics
  • C. port number
  • D. session number

Answer: A,B

Explanation:
Explanation
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/app-id/application-level-gateways#

 

NEW QUESTION 49
Refer to the exhibit.

Which will be the egress interface if the traffic's ingress interface is ethernet 1/7 sourcing from
192.168.111.3 and to the destination 10.46.41.113?

  • A. ethernet1/6
  • B. ethernet1/7
  • C. ethernet1/3
  • D. ethernet1/5

Answer: D

 

NEW QUESTION 50
An administrator needs to optimize traffic to prefer business-critical applications over non-critical applications. QoS natively integrates with which feature to provide service quality?

  • A. Certificate revocation
  • B. Content-ID
  • C. Port Inspection
  • D. App-ID

Answer: D

Explanation:
Reference:
https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/quality-of-service/qos-for-applications-and-users

 

NEW QUESTION 51
Site-A and Site-B have a site-to-site VPN set up between them. OSPF is configured to dynamically create the routes between the sites. The OSPF configuration in Site-A is configured properly, but the route for the tunner is not being established. The Site-B interfaces in the graphic are using a broadcast Link Type. The administrator has determined that the OSPF configuration in Site-B is using the wrong Link Type for one of its interfaces.

Which Link Type setting will correct the error?

  • A. Set tunnel. 1 to p2p
  • B. Set Ethernet 1/1 to p2p
  • C. Set tunnel. 1 to p2mp
  • D. Set Ethernet 1/1 to p2mp

Answer: A

 

NEW QUESTION 52
In the following image from Panorama, why are some values shown in red?

  • A. us3 has a logging rate that deviates from the administrator-configured thresholds.
  • B. sg2 has misconfigured session thresholds.
  • C. sg2 session count is the lowest compared to the other managed devices.
  • D. uk3 has a logging rate that deviates from the seven-day calculated baseline.

Answer: D

 

NEW QUESTION 53
If a template stack is assigned to a device and the stack includes three templates with overlapping settings, which settings are published to the device when the template stack is pushed?

  • A. All the settings configured in all templates.
  • B. Depending on the firewall location, Panorama decides with settings to send.
  • C. The administrator will be promoted to choose the settings for that chosen firewall.
  • D. The settings assigned to the template that is on top of the stack.

Answer: D

Explanation:
Reference:
https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/manage-firewalls/manag templates-and-template-stacks/configure-a-template-stack

 

NEW QUESTION 54
A company.com wants to enable Application Override. Given the following screenshot:
Which two statements are true if Source and Destination traffic match the Application Override policy? (Choose two)

  • A. Traffic utilizing UDP Port 16384 will now be identified as "rtp-base".
  • B. Traffic utilizing UDP Port 16384 will bypass the App-ID and Content-ID engines.
  • C. Traffic that matches "rtp-base" will bypass the App-ID and Content-ID engines.
  • D. Traffic will be forced to operate over UDP Port 16384.

Answer: A,B

Explanation:
An application override policy is changes how the Palo Alto Networks firewall classifies network traffic into applications. An application override with a custom application prevents the session from being processed by the App-ID engine, which is a Layer-7 inspection.
https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Create-an-Application-Override-Policy/ta-p/60044

 

NEW QUESTION 55
How does Panorama handle incoming logs when it reaches the maximum storage capacity?

  • A. Panorama discards incoming logs when storage capacity full.
  • B. Panorama stops accepting logs until licenses for additional storage space are applied
  • C. Panorama stops accepting logs until a reboot to clean storage space.
  • D. Panorama automatically deletes older logs to create space for new ones.

Answer: D

Explanation:
Explanation
(https://www.paloaltonetworks.com/documentation/60/panorama/panorama_adminguide/set-up-panorama/determ

 

NEW QUESTION 56
Site-A and Site-B have a site-to-site VPN set up between them. OSPF is configured to dynamically create the routes between the sites. The OSPF configuration in Site-A is configured properly, but the route for the tunnel is not being established. The Site-B interfaces in the graphic are using a broadcast Link Type. The administrator has determined that the OSPF configuration in Site-B is using the wrong Link Type for one of its interfaces.

Which Link Type setting will correct the error?

  • A. Set tunnel.10 to p2p
  • B. Set tunnel.10 to p2mp
  • C. Set ethernet1/21 to p2p
  • D. Set ethernet1/21 to p2mp

Answer: A

Explanation:
We need to reconfigure the tunnel with the p2p link type.
Note: Link type -Choose Broadcast if you want all neighbors that are accessible through the interface to be discovered automatically by multicasting OSPF hello messages, such as an Ethernet interface. Choose p2p (point-to-point) to automatically discover the neighbor.
Choose p2mp (point-to-multipoint) when neighbors must be defined manually. Defining neighbors manually is allowed only for p2mp mode.
References:
https://www.paloaltonetworks.com/documentaiion/7l/pan-os/pan-os/vons/site-to-site-vpn-with-ospf

 

NEW QUESTION 57
Which Zone Pair and Rule Type will allow a successful connection for a user on the Internet zone to a web server hosted on the DMZ zone? The web server is reachable using a Destination NAT policy in the Palo Alto Networks firewall.
A:

B:

C:

D:

  • A. Option B
  • B. Option A
  • C. Option C
  • D. Option D

Answer: A

 

NEW QUESTION 58
How would an administrator monitor/capture traffic on the management interface of the Palo Alto Networks NGFW?

  • A. Use the debug dataplane packet-diag set capture stage management file command.
  • B. Use the tcpdump command.
  • C. Use the debug dataplane packet-diag set capture stage firewall file command.
  • D. Enable all four stages of traffic capture (TX, RX, DROP, Firewall).

Answer: B

 

NEW QUESTION 59
The certificate information displayed in the following image is for which type of certificate?
Exhibit:

  • A. Web Server certificate
  • B. Public CA signed certificate
  • C. Forward Trust certificate
  • D. Self-Signed Root CA certificate

Answer: D

 

NEW QUESTION 60
Which two options prevent the firewall from capturing traffic passing through it? (Choose two.)

  • A. The firewall is in multi-vsys mode.
  • B. The firewall's DP CPU is higher than 50%.
  • C. The traffic is offloaded.
  • D. The traffic does not match the packet capture filter.

Answer: C,D

 

NEW QUESTION 61
Which CLI command is used to simulate traffic going through the firewall and determine which Security policy rule, NAT translation, static route, or PBF rule will be triggered by the traffic?

  • A. check
  • B. test
  • C. sim
  • D. find

Answer: B

Explanation:
Reference: http://www.shanekillen.com/2014/02/palo-alto-useful-cli-commands.html
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClQSCA0

 

NEW QUESTION 62
If the firewall is configured for credential phishing prevention using the "Domain Credential Filter" method, which login will be detected as credential theft?

  • A. Mapping to the IP address of the logged-in user.
  • B. First four letters of the username matching any valid corporate username.
  • C. Using the same user's corporate username and password.
  • D. Marching any valid corporate username.

Answer: A

Explanation:
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-new-features/content-inspection-features/credential-phishing-prevention Reference:
https://www.paloaltonetworks.com/documentation/80/pan-os/newfeaturesguide/content-inspection-features/credential- phishing-prevention

 

NEW QUESTION 63
Based on the image, what caused the commit warning?

  • A. The FWDtrust certificate has not been flagged as Trusted Root CA.
  • B. The FWDtrust certificate does not have a certificate chain.
  • C. The CA certificate for FWDtrust has not been imported into the firewall.
  • D. SSL Forward Proxy requires a public certificate to be imported into the firewall.

Answer: B

 

NEW QUESTION 64
In the following image from Panorama, why are some values shown in red?

  • A. sg2 session count is the lowest compared to the other managed devices.
  • B. us3 has a logging rate that deviates from the administrator-configured thresholds.
  • C. sg2 has misconfigured session thresholds.
  • D. uk3 has a logging rate that deviates from the seven-day calculated baseline.

Answer: A

 

NEW QUESTION 65
The administrator has enabled BGP on a virtual router on the Palo Alto Networks NGFW, but new routes do not seem to be populating the virtual router.
Which two options would help the administrator troubleshoot this issue? (Choose two.)

  • A. Perform a traffic pcap on the NGFW to see any BGP problems.
  • B. View the Runtime Stats and look for problems with BGP configuration.
  • C. View the System logs and look for the error messages about BGP.
  • D. View the ACC tab to isolate routing issues.

Answer: B,D

 

NEW QUESTION 66
......


Certification Path

PCNSE is an advanced exam and PCNSA - Palo Alto Networks Certified Network Security Administrator is a prerequisite for this Palo Alto Networks PCNSE exam.

 

Exam Questions Answers Braindumps PCNSE Exam Dumps PDF Questions: https://www.realexamfree.com/PCNSE-real-exam-dumps.html

PCNSE Exam Dumps, PCNSE Practice Test Questions: https://drive.google.com/open?id=1nZkd2ILE-whuoiZpSzJKsAaNyam9pCk5

Related Articles

more
Palo Alto Networks PCNSE Certification Practice Exam

The passing rate of our valid exam braindumps for most certifications is high up to 99%. A small PDF dumps free is ready to download for new customers to tell if our exam dumps are suitable for their real exam.

Latest Exams Dumps

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 RealExamFree NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy