PCNSE Paloalto-Networks Exam Questions and Free Practice Test

Question 31

- (Exam Topic 2)
An administrator has created an SSL Decryption policy rule that decrypts SSL sessions on any port. Which log entry can the administrator use to verify that sessions are being decrypted?

A. In the details of the Traffic log entries

B. Decryption log

C. Data Filtering log

D. In the details of the Threat log entries

Correct Answer:A
Reference:
https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Implement-and-Test-SSL-Decryption/ta-p/5

Question 32

- (Exam Topic 2)
An administrator has a requirement to export decrypted traffic from the Palo Alto Networks NGFW to a third-party, deep-level packet inspection appliance.
Which interface type and license feature are necessary to meet the requirement?

A. Decryption Mirror interface with the Threat Analysis license

B. Virtual Wire interface with the Decryption Port Export license

C. Tap interface with the Decryption Port Mirror license

D. Decryption Mirror interface with the associated Decryption Port Mirror license

Correct Answer:D
Reference:
https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/decryption/decryption-mirroring
“Before you can enable Decryption Mirroring, you must obtain and install a Decryption Port Mirror license. The license is free of charge and can be activated through the support portal as described in the following procedure. After you install the Decryption Port Mirror license and reboot the firewall, you can enable decryption port mirroring. “

Question 33

- (Exam Topic 2)
Which three authentication services can administrator use to authenticate admins into the Palo Alto Networks NGFW without defining a corresponding admin account on the local firewall? (Choose three.)

A. Kerberos

B. PAP

C. SAML

D. TACACS+

E. RADIUS

F. LDAP

Correct Answer:ACF
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/firewall-administration/manage-firewall-administra
The administrative accounts are defined on an external SAML, TACACS+, or RADIUS server. The server performs both authentication and authorization. For authorization, you define Vendor-Specific Attributes (VSAs) on the TACACS+ or RADIUS server, or SAML attributes on the SAML server. PAN-OS maps the attributes to administrator roles, access domains, user groups, and virtual systems that you define on the firewall. For details, see:
Configure SAML AuthenticationConfigure TACACS+ AuthenticationConfigure RADIUS Authentication

Question 34

- (Exam Topic 3)
A Network Administrator wants to deploy a Large Scale VPN solution. The Network Administrator has chosen a GlobalProtect Satellite solution. This configuration needs to be deployed to multiple remote offices and the Network Administrator decides to use Panorama to deploy the configurations.
How should this be accomplished?

A. Create a Template with the appropriate IKE Gateway settings

B. Create a Template with the appropriate IPSec tunnel settings

C. Create a Device Group with the appropriate IKE Gateway settings

D. Create a Device Group with the appropriate IPSec tunnel settings

Correct Answer:B

Question 35

- (Exam Topic 2)
An administrator accidentally closed the commit window/screen before the commit was finished. Which two options could the administrator use to verify the progress or success of that commit task? (Choose two.)

A. Configuration Logs

B. System Logs

C. Task Manager

D. Traffic Logs

Correct Answer:BC

Question 36

- (Exam Topic 2)
Refer to the exhibit.
PCNSE dumps exhibit
Which certificates can be used as a Forwarded Trust certificate?

A. Certificate from Default Trust Certificate Authorities

B. Domain Sub-CA

C. Forward_Trust

D. Domain-Root-Cert

Correct Answer:B

START PCNSE EXAM