Download Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 9-0.PCNSE9.CertDumps.2020-05-29.20q.vcex

Vendor: Palo Alto Networks
Exam Code: PCNSE9
Exam Name: Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 9-0
Date: May 29, 2020
File Size: 949 KB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAMFILESCOM

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator

Demo Questions

Question 1
Which two actions would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL Forward Proxy? (Choose two.)
  1. Create a no-decrypt Decryption Policy rule.
  2. Configure an EDL to pull IP addresses of known sites resolved from a CRL.
  3. Create a Dynamic Address Group for untrusted sites
  4. Create a Security Policy rule with vulnerability Security Profile attached.
  5. Enable the "Block sessions with untrusted issuers" setting.
Correct answer: AD
Question 2
Which two features does PAN-OS® software use to identify applications? (Choose two)
  1. port number
  2. session number
  3. transaction characteristics
  4. application layer payload
Correct answer: CD
Explanation:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/app-id/application-levelgateways#
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/app-id/application-levelgateways#
Question 3
The certificate information displayed in the following image is for which type of certificate?
Exhibit:
  1. Forward Trust certificate
  2. Self-Signed Root CA certificate
  3. Web Server certificate
  4. Public CA signed certificate
Correct answer: B
Question 4
A global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck near the User-ID agent server. Which solution in PAN-OS® software would help in this case?
  1. Application override
  2. Redistribution of user mappings
  3. Virtual Wire mode
  4. Content inspection
Correct answer: B
Question 5
When configuring a GlobalProtect Portal, what is the purpose of specifying an
Authentication Profile?
  1. To enable Gateway authentication to the Portal
  2. To enable Portal authentication to the Gateway
  3. To enable user authentication to the Portal
  4. To enable client machine authentication to the Portal
Correct answer: C
Explanation:
The additional options of Browser and Satellite enable you to specify the authentication profile to use for specific scenarios. Select Browser to specify the authentication profile to use to authenticate a user accessing the portal from a web browser with the intent of downloading the GlobalProtect agent (Windows and Mac). Select Satellite to specify the authentication profile to use to authenticate the satellite.Reference:https://www.paloaltonetworks.com/documentation/71/pan-os/web-interfacehelp/globalprotect/network-globalpr
The additional options of Browser and Satellite enable you to specify the authentication profile to use for specific scenarios. Select Browser to specify the authentication profile to use to authenticate a user accessing the portal from a web browser with the intent of downloading the GlobalProtect agent (Windows and Mac). Select Satellite to specify the authentication profile to use to authenticate the satellite.
Reference:
https://www.paloaltonetworks.com/documentation/71/pan-os/web-interfacehelp/globalprotect/network-globalpr
Question 6
A customer wants to combine multiple Ethernet interfaces into a single virtual interface using link aggregation. Which two formats are correct for naming aggregate interfaces? (Choose two.)
  1. ae.8
  2. aggregate.1
  3. ae.1
  4. aggregate.8
Correct answer: AC
Question 7
View the GlobalProtect configuration screen apture.
 
What is the purpose of this configuration?
  1. It configures the tunnel address of all internal clients to an IP address range starting at 192.168.10.1.
  2. It forces an internal client to connect to an internal gateway at IP address 192.168.10.1.
  3. It enables a client to perform a reverse DNS lookup on 192.168.10.1 to detect that it is an internal client.
  4. It forces the firewall to perform a dynamic DNS update, which adds the internal gateway’s hostname and IP address to the DNS server.
Correct answer: C
Question 8
Which CLI command can be used to export the tcpdump capture?
  1. scp export tcpdump from mgmt.pcap to <username@host:path>
  2. scp extract mgmt-pcap from mgmt.pcap to <username@host:path>
  3. scp export mgmt-pcap from mgmt.pcap to <username@host:path>
  4. download mgmt.-pcap
Correct answer: C
Question 9
In High Availability, which information is transferred via the HA data link?
  1. session information
  2. heartbeats
  3. HA state information
  4. User-ID information
Correct answer: A
Question 10
Which three user authentication services can be modified to provide the Palo Alto Networks NGFW with both usernames and role names? (Choose three.)
  1. TACACS+
  2. Kerberos
  3. PAP
  4. LDAP
  5. SAML
  6. RADIUS
Correct answer: AEF
Explanation:
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/firewalladministration/manage-firewall-administra
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/firewalladministration/manage-firewall-administra
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!