PCNSE Paloalto-Networks Exam Questions and Free Practice Test

Question 43

- (Exam Topic 3)
Several offices are connected with VPNs using static IPv4 routes. An administrator has been tasked with implementing OSPF to replace static routing.
Which step is required to accomplish this goal?

A. Assign an IP address on each tunnel interface at each site

B. Enable OSPFv3 on each tunnel interface and use Area ID 0.0.0.0

C. Assign OSPF Area ID 0.0.0.0 to all Ethernet and tunnel interfaces

D. Create new VPN zones at each site to terminate each VPN connection

Correct Answer:C

Question 44

- (Exam Topic 2)
Which option would an administrator choose to define the certificate and protocol that Panorama and its managed devices use for SSL/TLS services?

A. Configure a Decryption Profile and select SSL/TLS services.

B. Set up SSL/TLS under Polices > Service/URL Category>Service.

C. Set up Security policy rule to allow SSL communication.

D. Configure an SSL/TLS Profile.

Correct Answer:D
Reference:
https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/device/device-certificate-mana ssltls-service-profile

Question 45

- (Exam Topic 1)
Please match the terms to their corresponding definitions.
PCNSE dumps exhibit
Solution:

Does this meet the goal?

A. Yes

B. No

Correct Answer:A

Question 46

- (Exam Topic 2)
VPN traffic intended for an administrator’s Palo Alto Networks NGFW is being maliciously intercepted and retransmitted by the interceptor. When creating a VPN tunnel, which protection profile can be enabled to prevent this malicious behavior?

A. Zone Protection

B. DoS Protection

C. Web Application

D. Replay

Correct Answer:D
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/vpns/set-up-site-to-site-vpn/set-up-an-ipsec

Question 47

- (Exam Topic 1)
The UDP-4501 protocol-port is used between which two GlobalProtect components?

A. GlobalProtect app and GlobalProtect gateway

B. GlobalProtect portal and GlobalProtect gateway

C. GlobalProtect app and GlobalProtect satellite

D. GlobalProtect app and GlobalProtect portal

Correct Answer:A

Question 48

- (Exam Topic 2)
A user’s traffic traversing a Palo Alto Networks NGFW sometimes can reach http://www.company.com. At other times the session times out. The NGFW has been configured with a PBF rule that the user’s traffic matches when it goes to http://www.company.com.
How can the firewall be configured automatically disable the PBF rule if the next hop goes down?

A. Create and add a Monitor Profile with an action of Wait Recover in the PBF rule in question:.

B. Create and add a Monitor Profile with an action of Fail Over in the PBF rule in question.

C. Enable and configure a Link Monitoring Profile for the external interface of the firewall.

D. Configure path monitoring for the next hop gateway on the default route in the virtual router.

Correct Answer:B
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFiCAK

START PCNSE EXAM