• Home
  • Articles
  • Released Palo Alto Networks PCNSE Updated Questions PDF [Q190-Q212]

Released Palo Alto Networks PCNSE Updated Questions PDF [Q190-Q212]

Share

Released Palo Alto Networks PCNSE Updated Questions PDF

PCNSE Dumps and Practice Test (363 Exam Questions)


Palo Alto Networks PCNSE Practice Test Questions, Palo Alto Networks PCNSE Exam Practice Test Questions

The Palo Alto Networks company is the global leader in cybersecurity that provides innovations to ensure secure digital transformation even as the progress of change is rapid. Thus, if you want to validate your skills in designing, deploying, operating, managing, and troubleshooting Palo Alto Networks Next-Generation Firewalls, you can go for the Palo Alto Networks Certified Network Security Engineer (PCNSE) certificate. It also helps demonstrate your knowledge of the Palo Alto Networks product portfolio, so that you will be able to find your place in the industry.


Palo Alto PCNSE Exam Topics:

SectionWeightObjectives
Plan16%- Identify how the Palo Alto Networks products work together to detect and prevent threats
- Given a scenario, identify how to design an implementation of the firewall to meet business requirements that leverage the Palo Alto Networks product portfolio
- Given a scenario, identify how to design an implementation of firewalls in High Availability to meet business requirements that leverage the Palo Alto Networks product portfolio
- Identify the appropriate interface type and configuration for a specified network deployment
- Identify strategies for retaining logs using Distributed Log Collection
- Given a scenario, identify the strategy that should be implemented for Distributed Log Collection
- Identify how to use template stacks for administering Palo Alto Networks firewalls as a scalable solution using Panorama
- Identify how to use device group hierarchy for administering Palo Alto Networks firewalls as a scalable solution using Panorama
- Identify planning considerations unique to deploying Palo Alto Networks firewalls in a public cloud
- Identify planning considerations unique to deploying Palo Alto Networks firewalls in a hybrid cloud
- Identify planning considerations unique to deploying Palo Alto Networks firewalls in a private cloud
- Identify methods for authorization, authentication, and device administration
- Identify the methods of certificate creation on the firewall
- Identify options available in the firewall to support dynamic routing
- Given a scenario, identify ways to mitigate resource exhaustion (because of denial-of-service) in application servers
- Identify decryption deployment strategies
- Identify the impact of application override to the overall functionality of the firewall
- Identify the methods of User-ID redistribution
- Identify VM-Series bootstrap components and their function
Deploy and Configure23%- Identify the application meanings in the Traffic log (incomplete, insufficient data, non-syn TCP, not applicable, unknown TCP, unknown UDP, and unknown P2P) - Given a scenario, identify the set of Security Profiles that should be used
- Identify the relationship between URL filtering and credential theft prevention
- Implement and maintain the App-ID adoption
- Identify how to create security rules to implement App-ID without relying on port-based rules
- Identify configurations for distributed Log Collectors
- Identify the required settings and steps necessary to provision and deploy a next-generation firewall
- Identify which device of an HA pair is the active partner
- Identify various methods for authentication, authorization, and device administration within PAN-OS software for connecting to the firewall
- Identify how to configure and maintain certificates to support firewall features
- Identify the features that support IPv6
- Identify how to configure a virtual router
- Given a scenario, identify how to configure an interface as a DHCP relay agent
- Identify the configuration settings for site-to-site VPN
- Identify the configuration settings for GlobalProtect
- Identify how to configure features of NAT policy rules
- Given a configuration example including DNAT, identify how to configure security rules
- Identify how to configure decryption
- Given a scenario, identify an application override configuration and use case
- Identify how to configure VM-Series firewalls for deployment
- Identify how to configure firewalls to use tags and filtered log forwarding for integration with network automation
Core Concepts23%- Identify the correct order of the policy evaluation based on the packet flow architecture
- Given an attack scenario against firewall resources, identify the appropriate Palo Alto Networks threat prevention component to prevent or mitigate the attack
- Given an attack scenario against resources behind the firewall, identify the appropriate Palo Alto Networks threat prevention component to prevent or mitigate the attack
- Identify methods for identifying users
- Identify the fundamental functions residing on the management plane and data plane of a Palo Alto Networks firewall
- Given a scenario, determine how to control bandwidth use on a per-application basis
- Identify the fundamental functions and concepts of WildFire
- Identify the purpose of and use case for MFA and the Authentication policy
- Identify the dependencies for implementing MFA
- Given a scenario, identify how to forward traffic
- Given a scenario, identify how to configure policies and related objects
- Identify the methods for automating the configuration of a firewall
Configuration Troubleshooting18%- Identify system and traffic issues using the web interface and CLI tools
- Given a session output, identify the configuration requirements used to perform a packet capture
- Given a scenario, identify how to troubleshoot and configure interface components
- Identify how to troubleshoot SSL decryption failures
- Identify issues with the certificate chain of trust
- Given a scenario, identify how to troubleshoot traffic routing issues
Operate20%- Identify considerations for configuring external log forwarding
- Interpret log files, reports, and graphs to determine traffic and threat trends
- Identify scenarios in which there is a benefit from using custom signatures
- Given a scenario, identify the process to update a Palo Alto Networks system to the latest version of the software
- Identify how configuration management operations are used to ensure desired operational state of stability and continuity
- Identify the settings related to critical HA functions (link monitoring; path monitoring; HA1, HA2, HA3, and HA4 functionality; HA backup links; and differences between A/A and A/P HA pairs and HA clusters)
- Identify the sources of information that pertain to HA functionality
- Identify how to configure the firewall to integrate with AutoFocus and verify its functionality
- Identify the impact of deploying dynamic updates
- Identify the relationship between Panorama and devices as pertaining to dynamic updates versions and policy implementation and/or HA peers

 

NEW QUESTION 190
What are two benefits of nested device groups in Panorama? (Choose two.)

  • A. Reuse of the existing Security policy rules and objects
  • B. Overwrites local firewall configuration
  • C. Requires configuring both function and location for every device
  • D. All device groups inherit settings form the Shared group

Answer: A,D

Explanation:
Creation of a device group hierarchy enables you to organize firewalls based on common policy requirements without redundant configuration. When you create objects for use in shared or device group policy once and use them many times, you reduce administrative overhead and ensure consistency across firewall policies.

 

NEW QUESTION 191
An administrator has a requirement to export decrypted traffic from the Palo Alto Networks NGFW to a third-party, deep-level packet inspection appliance.
Which interface type and license feature are necessary to meet the requirement?

  • A. Virtual Wire interface with the Decryption Port Export license
  • B. Tap interface with the Decryption Port Mirror license
  • C. Decryption Mirror interface with the Threat Analysis license
  • D. Decryption Mirror interface with the associated Decryption Port Mirror license

Answer: D

Explanation:
Explanation/Reference:
Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/decryption/decryption- mirroring

 

NEW QUESTION 192
How would an administrator monitor/capture traffic on the management interface of the Palo Alto Networks NGFW?

  • A. Use the tcpdump command.
  • B. Use the debug dataplane packet-diag set capture stage management file command.
  • C. Use the debug dataplane packet-diag set capture stage firewall file command.
  • D. Enable all four stages of traffic capture (TX, RX, DROP, Firewall).

Answer: A

Explanation:
Reference: https://live.paloaltonetworks.com/t5/Learning-Articles/How-to-Run-a-Packet-Capture/ta-p/62390
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/monitoring/take-packet-captures/take-a-packet-captu

 

NEW QUESTION 193
Where can an administrator see both the management plane and data plane CPU utilization in the WebUI?

  • A. CPU Utilization widget
  • B. System log
  • C. System Utilization log
  • D. Resources widget

Answer: D

Explanation:
Explanation
System Resources (widget)Displays the Management CPU usage, Data Plane usage, and the Session Count (the number of sessions established through the firewall or Panorama).https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-web-interface-help/dashboard/dashboard-widge

 

NEW QUESTION 194
A web server is hosted in the DMZ and the server is configured to listen for incoming connections on TCP port 443. A Security policies rules allowing access from the Trust zone to the DMZ zone needs to be configured to allow web-browsing access. The web server hosts its contents over HTTP(S). Traffic from Trust to DMZ is being decrypted with a Forward Proxy rule.
Which combination of service and application, and order of Security policy rules, needs to be configured to allow cleartext web-browsing traffic to this server on tcp/443.

  • A. Rule # 1: application: ssl; service: application-default; action: allow Rule #2: application: web-browsing; service: application-default; action: allow
  • B. Rule #1: application: web-browsing; service: service-https; action: allow Rule #2: application: ssl; service: application-default; action: allow
  • C. Rule #1: application: web-browsing; service: service-http; action: allow Rule #2: application: ssl; service: application-default; action: allow
  • D. Rule #1: application: web-browsing; service: application-default; action: allow Rule #2: application: ssl; service: application-default; action: allow

Answer: D

 

NEW QUESTION 195
Which two virtualization platforms officially support the deployment of Palo Alto Networks VM-Series
firewalls? (Choose two.)

  • A. Boot Strap Virtualization Module (BSVM)
  • B. Kernel Virtualization Module (KVM)
  • C. Microsoft Hyper-V
  • D. Red Hat Enterprise Virtualization (RHEV)

Answer: B,C

Explanation:
Explanation/Reference:
Reference: https://www.paloaltonetworks.com/products/secure-the-network/virtualized-next-generation-
firewall/vm-series

 

NEW QUESTION 196
Exhibit:

What will be the source address in the ICMP packet?

  • A. 10.46.72.93
  • B. 10.46.64.94
  • C. 10.30.0.93
  • D. 192.168.93.1

Answer: B

 

NEW QUESTION 197
To connect the Palo Alto Networks firewall to AutoFocus, which setting must be enabled?

  • A. Device> Setup>Management >AutoFocus
  • B. Device>Setup>Services>AutoFocus
  • C. Device>Setup> Management> Logging and Reporting Settings
  • D. AutoFocus is enabled by default on the Palo Alto Networks NGFW
  • E. Device>Setup>WildFire>AutoFocus

Answer: A

Explanation:
Explanation/Reference:
Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/getting-started/enable-
autofocus-threat-intelligence

 

NEW QUESTION 198
An administrator needs to optimize traffic to prefer business-critical applications over non-critical applications.
QoS natively integrates with which feature to provide service quality?

  • A. Certificate revocation
  • B. Port Inspection
  • C. App-ID
  • D. Content-ID

Answer: C

Explanation:
Explanation/Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/quality-of-service/qos- concepts/qos-for-applications-and-users#idaed4e749-80b4-4641-a37c-c741aba562e9

 

NEW QUESTION 199
When configuring the firewall for packet capture, what are the valid stage types?

  • A. receive, management, transmit, and drop
  • B. receive, management, transmit, and non-syn
  • C. receive, firewall, transmit, and drop
  • D. receive, firewall, send, and non-syn

Answer: C

 

NEW QUESTION 200
The administrator has enabled BGP on a virtual router on the Palo Alto Networks NGFW, but new routes do not seem to be populating the virtual router.
Which two options would help the administrator troubleshoot this issue? (Choose two.)

  • A. View the Runtime Stats and look for problems with BGP configuration.
  • B. View the System logs and look for the error messages about BGP.
  • C. Perform a traffic pcap on the NGFW to see any BGP problems.
  • D. View the ACC tab to isolate routing issues.

Answer: A,B

Explanation:
Explanation
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEWCA0

 

NEW QUESTION 201
Which three authentication services can an administrator use to authenticate admins into the Palo Alto Networks NGFW without defining a corresponding admin account on the local firewall? (Choose three.)

  • A. PAP
  • B. LDAP
  • C. TACACS+
  • D. Kerberos
  • E. SAML
  • F. RADIUS

Answer: C,E,F

 

NEW QUESTION 202
If a template stack is assigned to a device and the stack includes three templates with overlapping settings, which settings are published to the device when the template stack is pushed?

  • A. Depending on the firewall location, Panorama decides with settings to send.
  • B. The settings assigned to the template that is on top of the stack.
  • C. The administrator will be promoted to choose the settings for that chosen firewall.
  • D. All the settings configured in all templates.

Answer: C

Explanation:
Explanation/Reference:
Reference: https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/ manage-firewalls/manage-templates-and-template-stacks/configure-a-template-stack

 

NEW QUESTION 203
Which two features does PAN-OS® software use to identify applications? (Choose two.)

  • A. application layer payload
  • B. session number
  • C. transaction characteristics
  • D. pot number

Answer: A,C

 

NEW QUESTION 204
A network security engineer needs to configure a virtual router using IPv6 addresses.
Which two routing options support these addresses? (Choose two)

  • A. RIP
  • B. OSPFv3
  • C. Static Route
  • D. BGP not sure

Answer: B,C

Explanation:
Explanation: https://live.paloaltonetworks.com/t5/Management-Articles/Does-PAN-OS- Support-Dynamic-Routing-Protocols-OSPF-or-BGP-with/ta-p/62773

 

NEW QUESTION 205
What should an administrator consider when planning to revert Panorama to a pre-PAN-OS 8.1 version?

  • A. When Panorama is reverted to an earlier PAN-OS release, variables used in templates or template stacks will be removed automatically.
  • B. Panorama cannot be reverted to an earlier PAN-OS release if variables are used in templates or template stacks.
  • C. An administrator must use the Expedition tool to adapt the configuration to the pre-PAN-OS 8.1 state.
  • D. Administrators need to manually update variable characters to those used in pre-PAN-OS 8.1.

Answer: B

Explanation:
Explanation/Reference: https://www.paloaltonetworks.com/documentation/81/pan-os/newfeaturesguide/upgrade-to-pan- os-81/upgradedowngrade-considerations

 

NEW QUESTION 206
Which tool provides an administrator the ability to see trends in traffic over periods of time, such as threats detected in the last 30 days?

  • A. Session Browser
  • B. TCP Dump
  • C. Application Command Center
  • D. Packet Capture

Answer: C

Explanation:
Reference: https://live.paloaltonetworks.com/t5/Management-Articles/Tips-amp-Tricks-How-to- Use-the-Application-Command-Center- ACC/ta-p/67342

 

NEW QUESTION 207
Which CLI command displays the current management plan memory utilization?

  • A. > show system resources
  • B. > show running resource-monitor
  • C. > debug management-server show
  • D. > show system info

Answer: A

Explanation:
Explanation: https://live.paloaltonetworks.com/t5/Management-Articles/Show-System- Resource-Command-Displays-CPU-Utilization-of-9999/ta-p/58149

 

NEW QUESTION 208
If the firewall has the link monitoring configuration, what will cause a failover?

  • A. ethernet1/3 or Ethernet1/6 going down
  • B. ethernet1/6 going down
  • C. ethernet1/3 going down
  • D. ethernet1/3 and ethernet1/6 going down

Answer: D

 

NEW QUESTION 209
Which three function are found on the dataplane of a PA-5050? (Choose three)

  • A. Signature Match
  • B. Protocol Decoder
  • C. Network Processing
  • D. Management
  • E. Dynamic routing

Answer: A,C,E

Explanation:
In these devices, dataplane zero, or dp0 for short, functions as the master dataplane and determines which dataplane will be used as the session owner that is responsible for processing and inspection.
The data plane provides all data processing and security detection and enforcement, including:
* (B) All networking connectivity, packet forwarding, switching, routing, and network address translation
* Application identification, using the content of the applications, not just port or protocol
* SSL forward proxy, including decryption and re-encryption
* Policy lookups to determine what security policy to enforce and what actions to take, including scanning for threats, logging, and packet marking
* Application decoding, threat scanning for all types of threats and threat prevention
* Logging, with all logs sent to the control plane for processing and storage E: The following diagram depicts both the hardware and software architecture of the next- generation firewall

Incorrect Answers:
C: Management is done in the control plane.
https://www.niap-ccevs.org/st/st_vid10392-st.pdf

 

NEW QUESTION 210
Which Panorama feature allows for logs generated by Panorama to be forwarded to an external Security Information and Event Management(SIEM) system?

  • A. Collector Log Forwarding for Collector Groups
  • B. Panorama Log Templates
  • C. Panorama Device Group Log Forwarding
  • D. Panorama Log Settings

Answer: D

Explanation:
https://www.paloaltonetworks.com/documentation/61/panorama/panorama_adminguide/ma nage-log-collection/enable-log-forwarding-from-panorama-to-external-destinations

 

NEW QUESTION 211
An administrator has been asked to configure active/active HA for a pair of Palo Alto Networks NGFWs. The firewall use Layer 3 interfaces to send traffic to a single gateway IP for the pair.
Which configuration will enable this HA scenario?

  • A. The firewalls will share the same interface IP address, and device 1 will use the floating IP if device 0 fails.
  • B. The two firewalls will share a single floating IP and will use gratuitous ARP to share the floating IP.
  • C. The firewalls do not use floating IPs in active/active HA.
  • D. Each firewall will have a separate floating IP, and priority will determine which firewall has the primary IP.

Answer: B

Explanation:
Explanation/Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/high-availability/floating-ip- address-and-virtual-mac-address

 

NEW QUESTION 212
......


Palo Alto PCNSE Exam Certification Details:

Exam RegistrationPEARSON VUE
Exam NameNetwork Security Engineer
Duration80 minutes
Recommended TrainingFirewall Essentials - Configuration and Management (EDU-210)
Panorama - Managing Firewalls at Scale (EDU-220)
Firewall - Troubleshooting (330)
Firewall 10.0 - Optimizing Firewall Threat Prevention (EDU-214)
Exam Price$175 USD
Sample QuestionsPalo Alto PCNSE Sample Questions
Exam CodePCNSE PAN-OS 10
Number of Questions75
Passing ScoreVariable (70-80 / 100 Approx.)

 

PCNSE Exam Dumps Pass with Updated 2022 Certified Exam Questions: https://www.prep4sures.top/PCNSE-exam-dumps-torrent.html

Guide (New 2022) Actual Palo Alto Networks PCNSE Exam Questions: https://drive.google.com/open?id=1Y5T8W-16RqUhP7DbrsJR1edaQkUJc_fx 

Related Articles

more
Palo Alto Networks PCNSE Certification Practice Exam