[Aug-2021] PCNSE PCNSE Exam Practice Dumps [Q191-Q207]

[Aug-2021] PCNSE PCNSE Exam Practice Dumps

2021 PCNSE Premium Files Test pdf - Free Dumps Collection

NEW QUESTION 191
VPN traffic intended for an administrator's Palo Alto Networks NGFW is being maliciously intercepted and retransmitted by the interceptor.
When creating a VPN tunnel, which protection profile can be enabled to prevent this malicious behavior?

• A. DoS Protection
• B. Zone Protection
• C. Replay
• D. Web Application

Answer: B

 

NEW QUESTION 192
An administrator has users accessing network resources through Citrix XenApp 7 x.
Which User-ID mapping solution will map multiple users who are using Citrix to connect to the network and access resources?

• A. Syslog Monitoring
• B. GlobalProtect
• C. Terminal Services agent
• D. Client Probing

Answer: C

 

NEW QUESTION 193
Where can an administrator see both the management plane and data plane CPU utilization in the WebUI?

• A. Resources widget
• B. CPU Utilization widget
• C. System log
• D. System Utilization log
  System Resources (widget) Displays the Management CPU usage, Data Plane usage, and the Session Count (the number of sessions established through the firewall or Panorama). https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-web-interface-help/dashboard/dashboard-widgets#

Answer: A

 

NEW QUESTION 194
An administrator using an enterprise PKI needs to establish a unique chain of trust to ensure mutual authentication between Panorama and the managed firewalls and Log Collectors.
How would the administrator establish the chain of trust?

• A. Configure strong password authentication
• B. Set up multi-factor authentication
• C. Enable LDAP or RADIUS integration
• D. Use custom certificates

Answer: D

 

NEW QUESTION 195
Ethernet1/1 has been configured with the following subinterfaces:

The following security policy rule is applied:

The Interface Management Profile permits the following:

A customer is trying to ping 10.10.10.1 from VLAN 799 IP 10.10.10.2/24.
What will be the result of this ping?

• A. The ping will not successful because the management profile applied to ethernet1/1 allows ping.
• B. The ping will not be successful because the virtual router is different from the other subinterfaces.
• C. The ping will not successful because the security policy permits this traffic.
• D. The ping will not be successful because there is no management profile attached to ethernet1/1.799.
• E. The ping will not be successful because the security policy does not apply to VLAN 799.

Answer: D

 

NEW QUESTION 196
When configuring a GlobalProtect Portal, what is the purpose of specifying an Authentication Profile?

• A. To enable user authentication to the Portal
• B. To enable Gateway authentication to the Portal
• C. To enable Portal authentication to the Gateway
• D. To enable client machine authentication to the Portal

Answer: A

Explanation:
Explanation/Reference:
Explanation:
The additional options of Browser and Satellite enable you to specify the authentication profile to use for specific scenarios. Select Browser to specify the authentication profile to use to authenticate a user accessing the portal from a web browser with the intent of downloading the GlobalProtect agent (Windows and Mac). Select Satellite to specify the authentication profile to use to authenticate the satellite.
Reference https://www.paloaltonetworks.com/documentation/71/pan-os/web-interface-help/globalprotect/ network-globalprotect-portals

 

NEW QUESTION 197
Starting with PAN-OS version 9.1, application dependency information is now reported in which two new locations? (Choose two.)

• A. on the Policy Optimizer's Rule Usage page
• B. on the Objects > Applications browser pages
• C. on the App Dependency tab in the Commit Status window
• D. on the Application tab in the Security Policy Rule creation window

Answer: C,D

 

NEW QUESTION 198
A
users traffic traversing a Palo Alto networks NGFW sometimes can reach http //www company com At other times the session times out. At other times the session times out The NGFW has been configured with a PBF rule that the user traffic matches when it goes to http://www.company.com goes to http://www company com How can the firewall be configured to automatically disable the PBF rule if the next hop goes down?

• A. Enable and configure a link monitoring profile for the external interface of the firewall
• B. Create and add a monitor profile with an action of fail over in the PBF rule in question
• C. Create and add a monitor profile with an action of wait recover in the PBF rule in question
• D. Configure path monitoring for the next hop gateway on the default route in the virtual router

Answer: D

 

NEW QUESTION 199
Which Zone Pair and Rule Type will allow a successful connection for a user on the internet zone to a web server hosted in the DMZ zone? The web server is reachable using a destination Nat policy in the Palo Alto Networks firewall.

• A. Zone Pair:
  Source Zone: Internet
  Destination Zone: Internet
  Rule Type:
  "intrazone" or "universal"
• B. Zone Pair:
  Source Zone: Internet
  Destination Zone: DMZ
  Rule Type:
  "intrazone"
• C. Zone Pair:
  Source Zone: Internet
  Destination Zone: Internet
  Rule Type:
  "intrazone"
• D. Zone Pair:
  Source Zone: Internet
  Destination Zone: DMZ
  Rule Type:
  "intrazone" or "universal"

Answer: D

 

NEW QUESTION 200
An administrator encountered problems with inbound decryption. Which option should the administrator investigate as part of triage?

• A. Importation of a certificate from an HSM
• B. Security policy rule allowing SSL to the target server
• C. Firewall connectivity to a CRL
• D. Root certificate imported into the firewall with "Trust" enabled

Answer: B

Explanation:
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/configure-ssl-inbound-inspection.html

 

NEW QUESTION 201
An administrator accidentally closed the commit window/screen before the commit was finished. Which two options could the administrator use to verify the progress or success of that commit task? (Choose two.)

• A. Exhibit A
• B. Exhibit C
• C. Exhibit D
• D. Exhibit B

Answer: A,C

 

NEW QUESTION 202
A spike in dangerous traffic is observed. Which of the following PanOS tabs would an administrator utilize to identify culpable users.

• A. Network
• B. Objects
• C. Device
• D. Monitor
• E. Policies
• F. ACC

Answer: F

 

NEW QUESTION 203
A company wants to install a PA-3060 firewall between two core switches on a VLAN trunk link. They need to assign each VLAN to its own zone and to assign untagged (native) traffic to its own zone which options differentiates multiple VLAN into separate zones?

• A. Create V-Wire objects with two V-Wire subinterfaces and assign only a single VLAN ID to the Tag Allowed" field of the V-Wire object. Repeat for every additional VLAN and use a VLAN ID of 0 for untagged traffic. Assign each iinterface/sub interface to a unique zone.
• B. Create V-Wire objects with two V-Wire interfaces and define a range of "0-4096 in the "Tag Allowed" field of the V-Wire object.
• C. Create VLAN objects for each VLAN and assign VLAN interfaces matching each VLAN ID. Repeat for every additional VLAN and use a VLAN ID of 0 for untagged traffic. Assign each interface/sub interface to a unique zone.
• D. Create Layer 3 subinterfaces that are each assigned tA. single VLAN ID and a common virtual router.
  The physical Layer 3 interface would handle untagged traffic. Assign each interface/subinterface tA.
  unique zone. Do not assign any interface an IP address.

Answer: A

Explanation:
Explanation
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/networking/configure-interfaces/virtual-wire-interfaces/vlan-tagged-traffic
Virtual wire interfaces by default allow all untagged traffic. You can, however, use a virtual wire to connect two interfaces and configure either interface to block or allow traffic based on the virtual LAN (VLAN) tags. VLAN tag 0 indicates untagged traffic.You can also create multiple subinterfaces, add them into different zones, and then classify traffic according to a VLAN tag or a combination of a VLA N tag with IP classifiers (address, range, or subnet) to apply granular policy control for specific VLAN tags or for VLAN tags from a specific source IP address, range, or subnet.

 

NEW QUESTION 204
Which action disables Zero Touch Provisioning (ZTP) functionality on a ZTP firewall during the onboarding process?

• A. removing the Panorama serial number from the ZTP service
• B. removing the firewall as a managed device in Panorama
• C. performing a local firewall commit
• D. performing a factory reset of the firewall

Answer: A

 

NEW QUESTION 205
The certificate information displayed in the following image is for which type of certificate?

• A. Forward Trust certificate
• B. Web Server certificate
• C. Public CA signed certificate
• D. Self-Signed Root CA certificate

Answer: D

 

NEW QUESTION 206
An administrator needs to determine why users on the trust zone cannot reach certain websites. The only information available is shown on the following image.
Which configuration change should the administrator make?
A:

B:

C:

D:

E:

• A. Option D
• B. Option B
• C. Option A
• D. Option C
• E. Option E

Answer: B

 

NEW QUESTION 207
......

Get ready to pass the PCNSE Exam right now using our PCNSE  Exam Package: https://www.crampdf.com/PCNSE-exam-prep-dumps.html

A fully updated 2021 PCNSE Exam Dumps exam guide from training expert CramPDF: https://drive.google.com/open?id=1rqgbBg2_IaHqP6eGm2-q8LWlDK8nH36Y