Visit Official SkillCertPro Website :-
For a full set of 820+ questions. Go to
https://skillcertpro.com/product/palo-alto-security-engineer-pcnse-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.
Question 1:
Where do you set up the networking parameters (interfaces, zones, virtual-routers) of a firewall in Panorama?
A. In the Device Group Stack menu
B. In the Template menu
C. In the Device Group menu
D. In the Panorama menu
Answer: B
Explanation:
Device groups are used for policies & objects creation. A Device Group Stack doesn‘t exist. Finally, the Panorama menu can only be used to manage Panorama itself (not the firewalls).
Question 2:
What feature of a Palo Alto Networks firewall does not require extra licenses?
(Choose 2)
A. Wildfire Signatures Updates
B. Stateful Firewall
C. URL Filtering
D. Application Override
Answer: B, D
Explanation:
Wildfire Signatures Updates & URL filtering require a license to be updated. The Palo Alto Networks website provides a list of each feature where licensing is required:
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/subscriptions/all-subscriptions.html
Question 3:
Where can you set up security rules parameters such as addresses and services in Panorama?
A. In the Panorama menu
B. In the Template menu
C. In the Template stack menu
D. In the Device Group menu
Answer: D
Explanation:
Templates are used to configure networking settings (interfaces, routes, zone …). A Template stack is a mechanism to group template together. Finally, the Panorama menu can only be used to manage Panorama itself (not the firewalls).
Question 4:
What solution can be used to perform USER-ID redistribution? (Choose 2)
A. Panorama
B. Expedition
C. A Firewall running PAN-OS
D. Autofocus
Answer: A, C
Explanation:
You can use the Firewall and Panorama for USER-ID redistribution. USER-ID redistribution is a great way to enforce user authentication without necessarily enforcing it on every device. In a large-scale network, firewalls will mostly collect the mapping (user & group) via USER-ID redistribution.
Question 5:
What software should you use to establish a client-to-site IPSEC VPN?
A. Expedition
B. Cortext Enpoint Protection
C. Global Protect
D. Traps
Answer: C
Explanation:
Global Protect is a client-based solution used for internal & external user authentication. It supports both IPSEC & SSL for a client-to-site VPN. Cortext Endpoint Protection is an end-point protection solution from Palo Alto Networks. Expedition is a free tool provided by Palo Alto Networks to manipulate firewall configurations. Cortext Endpoint Protection is a behavioral analytics tool used to detect threats.
For a full set of 820+ questions. Go to
https://skillcertpro.com/product/palo-alto-security-engineer-pcnse-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.
Question 6:
You are about to push a new security rule from Panorama to a specific firewall. However there are many other firewalls in your company with security rules pending updates. How can you make sure only your change will be applied?
A. By removing those extra devices from the Push Scope Selection in the Wildfire Appliance menu
B. By removing those extra devices from the Push Scope Selection in the Device Groups menu
C. By removing those extra devices from the Push Scope Selection in the Log Collector Groups menu
D. By removing those extra devices from the Push Scope Selection in the Templates menu
Answer: B
Explanation:
Security rules are created in Panorama‘s device groups. By removing other devices from the Push scope, only your security rule will be applied.
Question 7:
What protections can be activated in a Zone Protection Profile? ( choose 2 )
A. Port Scan Protection
B. Malware Protection
C. Virus Protection
D. Host Sweep protection
Answer: A, D
Explanation:
Virus Protection & Malware protection are both Layer 7 functionalities. Zone Protection profiles protect toward Layer 3 and Layer 4 attacks only.
Question 8:
What authentication method can be used for the administrator to login to the firewall? (Choose 3)
A. LDAP
B. SAML
C. RADIUS
D. NTLM
Answer: A, B, C
Explanation:
Amongst the existing authentication method for administrator, we can find SAML, LDAP, RADIUS, TACACS+, MFA and Kerberos. NTLM, however is not a supported method.
Question 9:
What type of information should you gather on the Hub & Branch sites when planning an SD-WAN deployment (Choose 3)?
A. The Public IP
B. The PAN-OS version
C. The maximum upstream & downstream bandwidth
D. The ISP Link Type
Answer: A, C, D
Explanation:
The ISP Link Type, the maximum upstream & downstream bandwidth, the public IP but also the network prefixes and serial numbers of branch & hub firewalls are required when planning an SD-WAN deployment.
Question 10:
You must deploy hundreds of firewalls across the EMEA region and have been told the average number of logs will be around 15k/second. What strategy will you choose for logs storage?
A. A dedicated Panorama VM for configurations management and a M200 appliance for logs.
B. A dedicated Panorama for configurations management and a 3rd party Syslog server for the logs storage
C. A Panorama VM for configurations management and a M600 appliance for logs.
D. A standalone panorama doing both: configurations management and logs collector
Answer: C
Explanation:
The number of logs will put too much pressure on a standalone Panorama. An M200 will be undersized for 15k/s logs. Finally using a SYSLOG server for the logs storage will not provide the appropriate visibility when needed. The solution is to use an M600 appliance dedicated to log collection.
For a full set of 820+ questions. Go to
https://skillcertpro.com/product/palo-alto-security-engineer-pcnse-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.