Real Exam Questions PCNSE Dumps Exam Questions in here [Sep-2021]
Get Latest Sep-2021 Conduct effective penetration tests using PCNSE
NEW QUESTION 190
Which data flow describes redistribution of user mappings?
- A. firewall to firewall
- B. User-ID agent to firewall
- C. Domain Controller to User-ID agent
- D. User-ID agent to Panorama
Answer: A
Explanation:
https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/user-id/configure-firewalls-to- redistribute-user-mapping-informatio
NEW QUESTION 191
Which Captive Portal mode must be configured to support MFA authentication?
- A. Redirect
- B. NTLM
- C. Transparent
- D. Single Sign-On
Answer: A
Explanation:
Explanation/Reference:
Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/authentication/configure- multi-factor-authentication
NEW QUESTION 192
Refer to the exhibit. A web server in the DMZ is being mapped to a public address through DNAT.
Which Security policy rule will allow traffic to flow to the web server?
- A. Untrust (any) to DMZ (1.1.1.100), web browsing -Allow
- B. Untrust (any) to Untrust (10.1.1.100), web browsing -Allow
- C. Untrust (any) to DMZ (10.1.1.100), web browsing -Allow
- D. Untrust (any) to Untrust (1.1.1.100), web browsing -Allow
Answer: A
NEW QUESTION 193
Which feature must you configure to prevent users form accidentally submitting their corporate credentials to a phishing website?
- A. Anti-Spyware profile
- B. Vulnerability Protection profile
- C. Zone Protection profile
- D. URL Filtering profile
Answer: D
Explanation:
Reference:
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/threat-prevention/prevent-credential-phishing
NEW QUESTION 194
Which three split tunnel methods are supported by a GlobalProtect Gateway?
- A. video streaming application
- B. Client Application Process
- C. Source Domain
- D. Destination Domain
- E. URL Category
- F. Destination user/group
Answer: A,B,D
Explanation:
Explanation/Reference:
Reference: https://www.paloaltonetworks.com/documentation/81/pan-os/newfeaturesguide/globalprotect-
features/split-tunnel-for-public-applications
NEW QUESTION 195
Click the Exhibit button below,

A firewall has three PBF rules and a default route with a next hop of 172.20.10.1 that is configured in the default VR. A user named Will has a PC with a 192.168.10.10 IP address. He makes an HTTPS connection to
172.16.10.20.
Which is the next hop IP address for the HTTPS traffic from Will's PC?
- A. 172.20.10.1
- B. 172.20.30.1
- C. 172.20.40.1
- D. 172.20.20.1
Answer: D
NEW QUESTION 196
Which two benefits come from assigning a Decryption Profile to a Decryption policy rule with a "No Decrypt" action? (Choose two.)
- A. Block sessions with unsupported cipher suites
- B. Block sessions with expired certificates
- C. Block sessions with untrusted issuers
- D. Block credential phishing
- E. Block sessions with client authentication
Answer: A,B,E
Explanation:
Explanation/Reference:
Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/decryption/define-traffic- to-decrypt/create-a-decryption-profile
NEW QUESTION 197
An administrator just submitted a newly found piece of spyware for WildFire analysis. The spyware monitors behavior without the user's knowledge.
What is the expected verdict from WildFire?
- A. Malware
- B. Grayware
- C. Spyware
- D. Phishing
Answer: B
Explanation:
Explanation/Reference:
NEW QUESTION 198
What is the purpose of the firewall decryption broker?
- A. inspect traffic within IPsec tunnels
- B. reduce SSL traffic to a weaker cipher before sending it to a security chain of inspection tools.
- C. decrypt SSL traffic and then send it as cleartext to a security chain of inspection tools.
- D. force decryption of previously unknown cipher suites
Answer: C
Explanation:
Explanation/Reference: https://www.paloaltonetworks.com/documentation/81/pan-os/newfeaturesguide/decryption- features/decryption-broker
NEW QUESTION 199
Refer to the exhibit.
An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the specific server based on the application, where Host A (10.1.1.100) received HTTP traffic and host B(10.1.1.101) receives SSH traffic.
Which two security policy rules will accomplish this configuration? (Choose two)
- A. Untrust (Any) to DMZ (1.1.1.100) Web-browsing -Allow
- B. Untrust (Any) to Untrust (10.1.1.1) Ssh-Allow
- C. Untrust (Any) to DMZ (1.1.1.100) Ssh-Allow
- D. Untrust (Any) to Untrust (10.1.1.1) Web-browsing -Allow
Answer: A,D
NEW QUESTION 200
Refer to the exhibit.
Which certificates can be used as a Forwarded Trust certificate?
- A. Certificate from Default Trust Certificate Authorities
- B. Forward_Trust
- C. Domain Sub-CA
- D. Domain-Root-Cert
Answer: C
NEW QUESTION 201
Which CLI command enables an administrator to view details about the firewall including uptime, PAN-OS version, and serial number?
- A. show session info
- B. show system info
- C. debug system details
- D. show system details
Answer: B
Explanation:
Explanation/Reference: https://live.paloaltonetworks.com/t5/Learning-Articles/Quick-Reference-Guide-Helpful-Commands/ ta-p/56511
NEW QUESTION 202
Which option would an administrator choose to define the certificate and protocol that Panorama and its managed devices use for SSL/TLS services?
- A. Configure a Decryption Profile and select SSL/TLS services.
- B. Set up Security policy rule to allow SSL communication.
- C. Set up SSL/TLS under Polices > Service/URL Category>Service.
- D. Configure an SSL/TLS Profile.
Answer: D
Explanation:
Explanation/Reference:
Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/device/device- certificate-management-ssltls-service-profile
NEW QUESTION 203
An administrator wants to upgrade an NGFW from PAN-OS 7.1.2 to PAN-OS 8.0.2. The firewall is not a part of an HA pair.
What needs to be updated first?
- A. PAN-OS Upgrade Agent
- B. WildFire
- C. Applications and Threats
- D. XML Agent
Answer: C
Explanation:
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-new-features/upgrade-to-pan-os-
80/upgrade-the-firewall-to-pan-os-80/upgrade-a-firewall-to-pan-os-80
NEW QUESTION 204
Which option describes the operation of the automatic commit recovery feature?
- A. It enables a firewall to revert to the previous configuration if rule shadowing is detected
- B. It enables a firewall to revert to the previous configuration if a commit causes Panorama connectivity failure.
- C. It enables a firewall to revert to the previous configuration if application dependency errors are found
- D. It enables a firewall to revert to the previous configuration if a commit causes HA partner connectivity failure
Answer: A
NEW QUESTION 205
View the GlobalProtect configuration screen capture.
What is the purpose of this configuration?
- A. It forces the firewall to perform a dynamic DNS update, which adds the internal gateway's hostname and IP address to the DNS server.
- B. It configures the tunnel address of all internal clients to an IP address range starting at 192.168.10.1.
- C. It enables a client to perform a reverse DNS lookup on 192.168.10.1 to detect that it is an internal client.
- D. It forces an internal client to connect to an internal gateway at IP address 192.168.10.1.
Answer: C
Explanation:
Reference: https://www.paloaltonetworks.com/documentation/80/globalprotect/globalprotect-admin-guide/globalprotect-portals/define-the-globalprotect-client-authentication-configurations/define-the-globalprotect-agent-configurations
NEW QUESTION 206
Which CLI command displays the physical media that are connected to ethernetl/8?
- A. > show system state filter-pretty sys.si.p8.med
- B. > show system state filter-pretty sys.sl.p8.phy
- C. > show interface ethernetl/8
- D. > show system state filter-pretty sys.si.p8.stats
Answer: A
NEW QUESTION 207
Click the Exhibit button below,
A firewall has three PBF rules and a default route with a next hop of 172.20.10.1 that is configured in the default VR. A user named Will has a PC with a 192.168.10.10 IP address. He makes an HTTPS connection to 172.16.10.20.
Which is the next hop IP address for the HTTPS traffic from Will's PC?
- A. 172.20.10.1
- B. 172.20.30.1
- C. 172.20.40.1
- D. 172.20.20.1
Answer: D
NEW QUESTION 208
Which option is an IPv6 routing protocol?
- A. OSPFv2
- B. RIPv3
- C. BGP NG
- D. OSPFv3
Answer: D
Explanation:
OSPFv3 provides support for the OSPF routing protocol within an IPv6 network. As such, it provides support for IPv6 addresses and prefixes.
https://www.paloaltonetworks.com/documentation/60/pan-os/newfeaturesguide/networking- features/ospf- v3-support
NEW QUESTION 209
An administrator has a requirement to export decrypted traffic from the Palo Alto Networks NGFW to a third-party, deep-level packet inspection appliance.
Which interface type and license feature are necessary to meet the requirement?
- A. Virtual Wire interface with the Decryption Port Export license
- B. Decryption Mirror interface with the associated Decryption Port Mirror license
- C. Tap interface with the Decryption Port Mirror license
- D. Decryption Mirror interface with the Threat Analysis license
Answer: B
Explanation:
Explanation/Reference:
Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/decryption/decryption- concepts/decryption-mirroring
NEW QUESTION 210
......
Authentic Best resources for PCNSE Online Practice Exam: https://www.actual4test.com/PCNSE_examcollection.html
Get the superior quality PCNSE Dumps with explanations waiting just for you, get it now: https://drive.google.com/open?id=1ND86MP0jCyr1muyr5mXe7b08nfl2grWH