Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

PCNSE Questions and Answers

Question # 6

The manager of the network security team has asked you to help configure the company's Security Profiles according to Palo Alto Networks best practice As part of that effort, the manager has assigned you the Vulnerability Protection profile for the internet gateway firewall.

Which action and packet-capture setting for items of high severity and critical severity best matches Palo Alto Networks best practice?

A.

action 'reset-both' and packet capture 'extended-capture'

B.

action 'default' and packet capture 'single-packet'

C.

action 'reset-both' and packet capture 'single-packet'

D.

action 'reset-server' and packet capture 'disable'

Full Access
Question # 7

What type of address object would be useful for internal devices where the addressing structure assigns meaning to certain bits in the address, as illustrated in the diagram?

A.

IP Netmask

B.

IP Wildcard Mask

C.

IP Address

D.

IP Range

Full Access
Question # 8

In the screenshot above which two pieces ot information can be determined from the ACC configuration shown? (Choose two )

A.

The Network Activity tab will display all applications, including FTP.

B.

Threats with a severity of "high" are always listed at the top of the Threat Name list

C.

Insecure-credentials, brute-force and protocol-anomaly are all a part of the vulnerability Threat Type

D.

The ACC has been filtered to only show the FTP application

Full Access
Question # 9

Using multiple templates in a stack to manage many firewalls provides which two advantages? (Choose two.)

A.

inherit address-objects from templates

B.

define a common standard template configuration for firewalls

C.

standardize server profiles and authentication configuration across all stacks

D.

standardize log-forwarding profiles for security polices across all stacks

Full Access
Question # 10

An engineer is configuring Packet Buffer Protection on ingress zones to protect from single-session DoS attacks Which sessions does Packet Buffer Protection apply to?

A.

It applies to existing sessions and is not global

B.

It applies to new sessions and is global

C.

It applies to new sessions and is not global

D.

It applies to existing sessions and is global

Full Access
Question # 11

What best describes the HA Promotion Hold Time?

A.

the time that is recommended to avoid an HA failover due to the occasional flapping of neighboring devices

B.

the time that is recommended to avoid a failover when both firewalls experience the same link/path monitor failure simultaneously

C.

the time that the passive firewall will wait before taking over as the active firewall after communications with the HA peer have been lost

D.

the time that a passive firewall with a low device priority will wait before taking over as the active firewall if the firewall is operational again

Full Access
Question # 12

Which function is handled by the management plane (control plane) of a Palo Alto Networks firewall?

A.

signature matching for content inspection

B.

IPSec tunnel standup

C.

Quality of Service

D.

logging

Full Access
Question # 13

Which statement is true regarding a Best Practice Assessment?

A.

It shows how your current configuration compares to Palo Alto Networks recommendations

B.

It runs only on firewalls

C.

When guided by an authorized sales engineer, it helps determine the areas of greatest risk where you should focus prevention activities.

D.

It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture

Full Access
Question # 14

What are two valid deployment options for Decryption Broker? (Choose two)

A.

Transparent Bridge Security Chain

B.

Layer 3 Security Chain

C.

Layer 2 Security Chain

D.

Transparent Mirror Security Chain

Full Access