Online PCNSE Practice TestMore Paloalto-Networks Products >

Free Paloalto-Networks PCNSE Exam Dumps Questions

Paloalto-Networks PCNSE: Palo Alto Networks Certified Security Engineer (PCNSE)PAN-OS 9.0

- Get instant access to PCNSE practice exam questions

- Get ready to pass the Palo Alto Networks Certified Security Engineer (PCNSE)PAN-OS 9.0 exam right now using our Paloalto-Networks PCNSE exam package, which includes Paloalto-Networks PCNSE practice test plus an Paloalto-Networks PCNSE Exam Simulator.

- The best online PCNSE exam study material and preparation tool is here.

4.5

(1020 ratings)

Question 1

- (Exam Topic 1)
What are three valid qualifiers for a Decryption Policy Rule match? (Choose three )

A. Destination Zone

B. App-ID

C. Custom URL Category

D. User-ID

E. Source Interface

Correct Answer:ADE

Question 3

- (Exam Topic 2)
Which two settings can be configured only locally on the firewall and not pushed from a Panorama template or template stack? (Choose two)

A. HA1 IP Address

B. Network Interface Type

C. Master Key

D. Zone Protection Profile

Correct Answer:AC
https://docs.paloaltonetworks.com/panorama/7-1/panorama-admin/manage-firewalls/template-capabilities-and-e

Question 4

- (Exam Topic 2)
An administrator wants to upgrade an NGFW from PAN-OS® 9.0 to PAN-OS® 10.0. The firewall is not a part of an HA pair. What needs to be updated first?

A. XML Agent

B. Applications and Threats

C. WildFire

D. PAN-OS® Upgrade Agent

Correct Answer:B
https://www.paloaltonetworks.com/documentation/80/pan-os/newfeaturesguide/upgrade-to-pan-os-80/upgrade-t

Question 5

- (Exam Topic 2)
Which PAN-OS® policy must you configure to force a user to provide additional credentials before he is allowed to access an internal application that contains highly-sensitive business data?

A. Security policy

B. Decryption policy

C. Authentication policy

D. Application Override policy

Correct Answer:C

Question 6

- (Exam Topic 2)
A customer has an application that is being identified as unknown-top for one of their custom PostgreSQL database connections. Which two configuration options can be used to correctly categorize their custom database application? (Choose two.)

A. Application Override policy.

B. Security policy to identify the custom application.

C. Custom application.

D. Custom Service object.

Correct Answer:AC
Unlike the App-ID engine, which inspects application packet contents for unique signature elements, the Application Override policy’s matching conditions are limited to header-based data only. Traffic matched by an Application Override policy is identified by the App-ID entered in the Application entry box.Choices are limited to applications currently in the App-ID database.Because this traffic bypasses all Layer 7 inspection, the resulting security is that of a Layer-4 firewall. Thus, this traffic should be trusted without the need for Content-ID inspection. The resulting application assignment can be used in other firewall functions such as Security policy and QoS.Use CasesThree primary uses cases for Application Override Policy are:
To identify “Unknown” App-IDs with a different or custom application signature To re-identify an existing application signature
To bypass the Signature Match Engine (within the SP3 architecture) to improve processing timesA discussion of typical uses of application override and specific implementation examples is here:https://live.paloaltonetworks.com/t5/Learning-Articles/Tips-amp-Tricks-How-to-Create-an-Application

START PCNSE EXAM