Download Palo Alto Networks Certified Network Security Engineer.PCNSE.SelfTestEngine.2019-10-11.96q.vcex

Vendor: Palo Alto Networks
Exam Code: PCNSE
Exam Name: Palo Alto Networks Certified Network Security Engineer
Date: Oct 11, 2019
File Size: 1 MB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
Which CLI command is used to simulate traffic going through the firewall and determine which Security policy rule, NAT translation, static route, or PBF rule will be triggered by the traffic?
  1. check
  2. find
  3. test
  4. sim
Correct answer: C
Explanation:
Reference: http://www.shanekillen.com/2014/02/palo-alto-useful-cli-commands.html
Reference: http://www.shanekillen.com/2014/02/palo-alto-useful-cli-commands.html
Question 2
An administrator has been asked to configure a Palo Alto Networks NGFW to provide protection against worms and trojans. 
Which Security Profile type will protect against worms and trojans?
  1. Anti-Spyware
  2. Instruction Prevention
  3. File Blocking
  4. Antivirus
Correct answer: D
Explanation:
Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/policy/security-profiles
Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/policy/security-profiles
Question 3
When configuring a GlobalProtect Portal, what is the purpose of specifying an Authentication Profile?
  1. To enable Gateway authentication to the Portal
  2. To enable Portal authentication to the Gateway
  3. To enable user authentication to the Portal
  4. To enable client machine authentication to the Portal
Correct answer: C
Explanation:
The additional options of Browser and Satellite enable you to specify the authentication profile to use for specific scenarios. Select Browser to specify the authentication profile to use to authenticate a user accessing the portal from a web browser with the intent of downloading the GlobalProtect agent (Windows and Mac). Select Satellite to specify the authentication profile to use to authenticate the satellite. Reference https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/globalprotect/network-globalprotect-portals
The additional options of Browser and Satellite enable you to specify the authentication profile to use for specific scenarios. Select Browser to specify the authentication profile to use to authenticate a user accessing the portal from a web browser with the intent of downloading the GlobalProtect agent (Windows and Mac). Select Satellite to specify the authentication profile to use to authenticate the satellite. 
Reference https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/globalprotect/network-globalprotect-portals
Question 4
If a template stack is assigned to a device and the stack includes three templates with overlapping settings, which settings are published to the device when the template stack is pushed?
  1. The settings assigned to the template that is on top of the stack.
  2. The administrator will be promoted to choose the settings for that chosen firewall.
  3. All the settings configured in all templates.
  4. Depending on the firewall location, Panorama decides with settings to send.
Correct answer: A
Question 5
Which method will dynamically register tags on the Palo Alto Networks NGFW?
  1. Restful API or the VMware API on the firewall or on the User-ID agent or the ready-only domain controller (RODC)
  2. Restful API or the VMware API on the firewall or on the User-ID agent
  3. XML API or the VMware API on the firewall or on the User-ID agent or the CLI
  4. XML API or the VM Monitoring agent on the NGFW or on the User-ID agent
Correct answer: D
Explanation:
Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/policy/register-ip-addresses-and-tags-dynamically
Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/policy/register-ip-addresses-and-tags-dynamically
Question 6
To connect the Palo Alto Networks firewall to AutoFocus, which setting must be enabled?
  1. Device>Setup>Services>AutoFocus
  2. Device> Setup>Management >AutoFocus
  3. AutoFocus is enabled by default on the Palo Alto Networks NGFW
  4. Device>Setup>WildFire>AutoFocus
  5. Device>Setup> Management> Logging and Reporting Settings
Correct answer: B
Explanation:
Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/getting-started/enable-autofocus-threat-intelligence
Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/getting-started/enable-autofocus-threat-intelligence
Question 7
An administrator encountered problems with inbound decryption. Which option should the administrator investigate as part of triage?
  1. Security policy rule allowing SSL to the target server
  2. Firewall connectivity to a CRL
  3. Root certificate imported into the firewall with “Trust” enabled
  4. Importation of a certificate from an HSM
Correct answer: A
Explanation:
Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/decryption/configure-ssl-inbound-inspection
Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/decryption/configure-ssl-inbound-inspection
Question 8
Which two virtualization platforms officially support the deployment of Palo Alto Networks VM-Series firewalls? (Choose two.)
  1. Red Hat Enterprise Virtualization (RHEV)
  2. Kernel Virtualization Module (KVM)
  3. Boot Strap Virtualization Module (BSVM)
  4. Microsoft Hyper-V
Correct answer: BD
Explanation:
Reference: https://www.paloaltonetworks.com/products/secure-the-network/virtualized-next-generation-firewall/vm-series
Reference: https://www.paloaltonetworks.com/products/secure-the-network/virtualized-next-generation-firewall/vm-series
Question 9
Which User-ID method maps IP addresses to usernames for users connecting through an 802.1x-enabled wireless network device that has no native integration with PAN-OS® software?
  1. XML API
  2. Port Mapping
  3. Client Probing
  4. Server Monitoring
Correct answer: A
Explanation:
Captive Portal and the other standard user mapping methods might not work for certain types of user access. For example, the standard methods cannot add mappings of users connecting from a third-party VPN solution or users connecting to a 802.1x-enabled wireless network. For such cases, you can use the PAN-OS XML API to capture login events and send them to the PAN-OS integrated User-ID agent Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/user-id/user-id-concepts/group-mapping#id93306080-fd9b-4f1b-96a6-4bfe1c8e69df
Captive Portal and the other standard user mapping methods might not work for certain types of user access. For example, the standard methods cannot add mappings of users connecting from a third-party VPN solution or users connecting to a 802.1x-enabled wireless network. For such cases, you can use the PAN-OS XML API to capture login events and send them to the PAN-OS integrated User-ID agent 
Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/user-id/user-id-concepts/group-mapping#id93306080-fd9b-4f1b-96a6-4bfe1c8e69df
Question 10
Which PAN-OS® policy must you configure to force a user to provide additional credentials before he is allowed to access an internal application that contains highly-sensitive business data?
  1. Security policy
  2. Decryption policy
  3. Authentication policy
  4. Application Override policy
Correct answer: C
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!