[Free] 2019(Nov) EnsurePass Palo Alto Networks PCNSE Dumps with VCE and PDF 161-170

Get Full Version of the Exam

Question No.161

Which two actions are required to make MicrosoftActive Directory users appear in a firewall traffic log? (Choose two.)

  1. Run the User-ID Agent using an Active Directory account that has quot;event log viewerquot; permissions

  2. Enable User-ID on the zone object for the destination zone

  3. Run the User-ID Agentusing an Active Directory account that has quot;domain administratorquot; permissions

  4. Enable User-ID on the zone object for the source zone

  5. Configure a RADIUS server profile to point to a domain controller

Correct Answer: AD

Question No.162

Which field is optional when creating a new Security Policy rule?

  1. Name

  2. Description

  3. Source Zone

  4. Destination Zone

  5. Action

Correct Answer: B

Question No.163

Which three function are found on the dataplane of a PA-5050? (Choose three)

  1. Protocol Decoder

  2. Dynamic routing

  3. Management

  4. Network Processing

  5. Signature Match

Correct Answer: BDE

Question No.164

After pushing a security policy from Panorama to a PA-3020 firwall, the firewall administrator notices that traffic logs from the PA-3020 are not appearing in Panorama#39;s traffic logs. What could be the problem?

  1. A Server Profile has not been configured for logging to this Panorama device.

  2. Panorama is not licensed to receive logs from this particular firewall.

  3. The firewall is not licensed for logging to this Panorama device.

  4. None of the firwwall#39;s policies have been assigned a Log Forwarding profile

Correct Answer: D

Question No.165

An Administrator is configuring an IPSec VPN toa Cisco ASA at the administrator#39;s home and experiencing issues completing the connection. The following is th output from the command:


What could be the cause of this problem?

  1. The public IP addresse do not match forboth the Palo Alto Networks Firewall and the ASA.

  2. The Proxy IDs on the Palo Alto Networks Firewall do not match the settings on the ASA.

  3. The shared secerts do not match between the Palo Alto firewall and the ASA

  4. The deed peer detection settings do not match between the Palo Alto Networks Firewall and the ASA

Correct Answer: B

Question No.166

Site-A and Site-B need to use IKEv2 to establish a VPN connection. Site A connects directlyto the internet using a public IP address. Site-B uses a private IP address behind an ISP router to connect to the internet. How should NAT Traversal be implemented for the VPN connection to be established between Site-A and Site-B?

  1. Enable on Site-A only

  2. Enable on Site-B only

  3. Enable on Site-B only with passive mode

  4. Enable on Site-A and Site-B

Correct Answer: D

Question No.167

When is it necessary to activate a license when provisioning a new Palo Alto Networks firewall?

  1. When configuring Certificate Profiles

  2. When configuring GlobalProtect portal

  3. When configuring User Activity Reports

  4. When configuring Antivirus Dynamic Updates

Correct Answer: D

Question No.168

Click the Exhibit button. An administrator has noticed a large increase in bittorrent activity. The administrator wants to determine where the traffic is going on the company. What would be the administrator#39;s next step?


  1. Right-Click on the bittorrent link and select Value from the context menu

  2. Create a global filter for bittorrent traffic and then view Traffic logs.

  3. Create local filter for bittorrent traffic and then view Trafficlogs.

  4. Click on the bittorrent application link to view network activity

Correct Answer: D

Question No.169

Several offices are connected with VPNs using static IPV4 routes. An administrator has been tasked with implementing OSPF to replace static routing. Which step is required to accoumplish this goal?

  1. Assign an IP address on each tunnel interface at each site

  2. Enable OSPFv3 on each tunnel interface and use Area ID

  3. Assign OSPF Area ID to all Ethernet and tunnel interfaces

  4. Create new VPN zones at each site to terminate each VPN connection

Correct Answer: C

Question No.170

Which option is an IPv6 routing protocol?

  1. RIPv3

  2. OSPFv3

  3. OSPv3

  4. BGP NG

Correct Answer: B

Get Full Version of the Exam