[Free] 2019(Nov) EnsurePass Palo Alto Networks PCNSE Dumps with VCE and PDF 141-150

Get Full Version of the Exam

Question No.141

When a malware-infected host attemptsto resolve a known command-and-control server, the traffic matches a security policy with DNS sinhole enabled, generating a traffic log. What will be the destination IP Address in that log entry?

  1. The IP Address of sinkhole.paloaltonetworks.com

  2. The IP Address of the command-and-control server

  3. The IP Address specified in the sinkhole configuration

  4. The IP Address of one of the external DNS servers identified in the anti-spyware database

Correct Answer: C


https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Verify-DNS-Sinkhole-Function- is-Working/ta-p/65864

Question No.142

Palo Alto Networks maintains a dynamic database of malicious domains. Which two Security Platform components use this database to prevent threats? (Choose two)

  1. Brute-force signatures

  2. BrightCloud Url Filtering

  3. PAN-DB URL Filtering

  4. DNS-based command-and-control signatures

Correct Answer: CD

Question No.143

Which two methods can be used to mitigate resource exhaustion of an application server? (Choose two)

  1. Vulnerability Object

  2. DoS Protection Profile

  3. Data Filtering Profile

  4. Zone Protection Profile

Correct Answer: BD

Question No.144

Several offices are connected with VPNs using static IPv4 routes. An administrator has been tasked with implementing OSPF to replace static routing. Which step is required to accomplish this goal?

  1. Assign an IP address on each tunnel interface at each site

  2. Enable OSPFv3 on each tunnel interface and use Area ID

  3. Assign OSPF Area ID to all Ethernet and tunnel interfaces

  4. Create new VPN zones at each site toterminate each VPN connection

Correct Answer: C

Question No.145

How can a Palo Alto Networks firewall be configured to send syslog messages in a format compatible with non-standard syslog servers?

  1. Enable support for non-standard syslog messages under device management

  2. Check the custom-format check box in the syslog server profile

  3. Select a non-standard syslog server profile

  4. Create a custom log format under the syslog server profile

Correct Answer: D

Question No.146

Which two mechanisms help prevent a spilt brain scenario an Active/Passive High Availability (HA) pair? (Choose two)

  1. Configure the management interface as HA3 Backup

  2. Configure Ethernet 1/1 as HA1 Backup

  3. Configure Ethernet 1/1 as HA2 Backup

  4. Configure the management interface as HA2 Backup

  5. Configure the management interface as HA1 Backup

  6. Configure ethernet1/1 as HA3 Backup

Correct Answer: BE

Question No.147

Which Palo Alto Networks VM-Seriesfirewall is supported for VMware NSX?

  1. VM-100

  2. VM-200

  3. VM-1000-HV

  4. VM-300

Correct Answer: C

Question No.148

A network engineer has revived a report of problems reaching through vr1 onthe firewall. The routing table on this firewall is extensive and complex. Which CLI command will help identify the issue?

  1. test routing fib virtual-router vr1

  2. show routing route type static destination

  3. test routing fib-lookup ip98.139.183.24 virtual-router vr1

  4. show routing interface

Correct Answer: C

Question No.149

Which URL Filtering Security Profile action togs the URL Filtering category to the URLFiltering log?

  1. Log

  2. Alert

  3. Allow

  4. Default

Correct Answer: B

Question No.150

A client is deploying a pair of PA-5000 series firewalls using High Availability (HA) in Active/Passive mode. Which statement is true about this deployment?

  1. The two devices must share a routable floating IP address

  2. The two devices may be different models within the PA-5000 series

  3. The HA1 IP address from each peer must be on a different subnet

  4. The management port may be used for a backup control connection

Correct Answer: D

Get Full Version of the Exam