Download Palo Alto Networks Certified Network Security Engineer.PCNSE.TestKing.2018-11-18.79q.vcex

Vendor: Palo Alto Networks
Exam Code: PCNSE
Exam Name: Palo Alto Networks Certified Network Security Engineer
Date: Nov 18, 2018
File Size: 1 MB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
Which method will dynamically register tags on the Palo Alto Networks NGFW?
  1. Restful API or the VMWare API on the firewall or on the User-ID agent or the read-only domain controller (RODC)
  2. Restful API or the VMware API on the firewall or on the User-ID agent
  3. XML-API or the VMware API on the firewall or on the User-ID agent or the CLI
  4. XML API or the VM Monitoring agent on the NGFW or on the User-ID agent
Correct answer: D
Explanation:
Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/policy/register-ip-addresses-and-tags-dynamically
Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/policy/register-ip-addresses-and-tags-dynamically
Question 2
How does an administrator schedule an Applications and Threats dynamic update while delaying installation of the update for a certain amount of time?
  1. Configure the option for “Threshold”.
  2. Disable automatic updates during weekdays.
  3. Automatically “download only” and then install Applications and Threats later, after the administrator approves the update.
  4. Automatically “download and install” but with the “disable new applications” option used.
Correct answer: C
Question 3
Decrypted packets from the website https://www.microsoft.com will appear as which application  and service within the Traffic log?
  1. web-browsing and 443
  2. SSL and 80
  3. SSL and 443
  4. web-browsing and 80
Correct answer: B
Question 4
Which PAN-OS® policy must you configure to force a user to provide additional credentials before he is allowed to access an internal application that contains highly-sensitive business data?
  1. Security policy
  2. Decryption policy
  3. Authentication policy
  4. Application Override policy
Correct answer: C
Question 5
A Security policy rule is configured with a Vulnerability Protection Profile and an action of ‘Deny”. 
Which action will this cause configuration on the matched traffic?
  1. The configuration is invalid. The Profile Settings section will be grayed out when the Action is set to “Deny”.
  2. The configuration will allow the matched session unless a vulnerability signature is detected. The “Deny” action will supersede the per-severity defined actions defined in the associated Vulnerability Protection Profile.
  3. The configuration is invalid. It will cause the firewall to skip this Security policy rule. A warning will be displayed during a commit. 
  4. The configuration is valid. It will cause the firewall to deny the matched sessions. Any configured Security Profiles have no effect if the Security policy rule action is set to “Deny.”
Correct answer: B
Question 6
A user’s traffic traversing a Palo Alto Networks NGFW sometimes can reach http://www.company.com. At other times the session times out. The NGFW has been configured with a PBF rule that the user’s traffic matches when it goes to http://www.company.com.
How can the firewall be configured automatically disable the PBF rule if the next hop goes down?
  1. Create and add a Monitor Profile with an action of Wait Recover in the PBF rule in question.
  2. Create and add a Monitor Profile with an action of Fail Over in the PBF rule in question.
  3. Enable and configure a Link Monitoring Profile for the external interface of the firewall.
  4. Configure path monitoring for the next hop gateway on the default route in the virtual router.
Correct answer: D
Question 7
What are two benefits of nested device groups in Panorama? (Choose two.)
  1. Reuse of the existing Security policy rules and objects
  2. Requires configuring both function and location for every device
  3. All device groups inherit settings form the Shared group
  4. Overwrites local firewall configuration
Correct answer: BC
Explanation:
Question 8
Which Captive Portal mode must be configured to support MFA authentication?
  1. NTLM
  2. Redirect
  3. Single Sign-On
  4. Transparent
Correct answer: B
Explanation:
Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/authentication/configure-multi-factor-authentication
Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/authentication/configure-multi-factor-authentication
Question 9
An administrator needs to implement an NGFW between their DMZ and Core network. EIGRP Routing between the two environments is required.  
Which interface type would support this business requirement? 
  1. Virtual Wire interfaces to permit EIGRP routing to remain between the Core and DMZ
  2. Layer 3 or Aggregate Ethernet interfaces, but configuring EIGRP on subinterfaces only
  3. Tunnel interfaces to terminate EIGRP routing on an IPsec tunnel (with the GlobalProtect License to support LSVPN and EIGRP protocols)
  4. Layer 3 interfaces, but configuring EIGRP on the attached virtual router
Correct answer: B
Explanation:
Question 10
Which method does an administrator use to integrate all non-native MFA platforms in PAN-OS® software?
  1. Okta
  2. DUO
  3. RADIUS
  4. PingID
Correct answer: C
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!