[Free] 2019(Nov) EnsurePass Palo Alto Networks PCNSE Dumps with VCE and PDF 211-220

Get Full Version of the Exam

Question No.211

What are two prerequisites for configuring a pair of Palo Alto Networks firewalls in an active/passive High Availability (HA) pair? (Choose two.)

  1. Thefirewalls must have the same set of licenses.

  2. The management interfaces must to be on the same network.

  3. The peer HA1 IP address must be the same on both firewalls.

  4. HA1 should be connected to HA1. Either directly or with an intermediate Layer 2 device.

Correct Answer: AD

Question No.212

The IT department has received complaints abou VoIP call jitter when the sales staff is making or receiving calls. QoS is enabled on all firewall interfaces, but there is no QoS policy written in the rulebase. The IT manager wants to find out what traffic is causing the jitter in real time when a user reports the jitter. Which feature can be used to identify, in real time, the applications taking

up the most bandwidth?

  1. QoS Statistics

  2. Applications Report

  3. Application Command Center (ACC)

  4. QoS Log

Correct Answer: A

Question No.213

Which three fields can be included in a pcap filter? (Choose three)

  1. Egress interface

  2. Source IP

  3. Rule number

  4. Destination IP

  5. Ingress interface

Correct Answer: BCD



Question No.214

Which client software can be used to connect remote Linux client into a Palo Alto Networks Infrastructure without sacrificing the ability to scan traffic and protect against threats?

  1. X-Auth IPsec VPN

  2. GlobalProtect Apple IOS

  3. GlobalProtect SSL

  4. GlobalProtect Linux

Correct Answer: A



Question No.215

A Network Administrator wants to deploy a Large Scale VPN solution. The Network Administrator has chosen a GlobalProtect Satellite solution. This configuration needs to be deployed tomultiple remote offices and the Network Administrator decides to use Panorama to deploy the configurations. How should this be accomplished?

  1. Create a Template with the appropriate IKE Gateway settings

  2. Create a Template with the appropriate IPSec tunnel settings

  3. Create a Device Group with the appropriate IKE Gateway settings

  4. Create a Device Group with the appropriate IPSec tunnel settings

Correct Answer: B

Question No.216

A Palo Alto Networks firewall is being targeted by an NTP Amplification attack and is being flooded with tens thousands of bogus UDP connections per second to a single destination IP address and post. Which option when enabled withthe correction threshold would mitigate this attack without dropping legitirnate traffic to other hosts insides the network?

  1. Zone Protection Policy with UDP Flood Protection

  2. QoS Policy to throttle traffic below maximum limit

  3. Security Policy ruleto deny trafic to the IP address and port that is under attack

  4. Classified DoS Protection Policy using destination IP only with a Protect action

Correct Answer: D

Question No.217

Which Public Key infrastructure component is used to authenticate users for GlobalProtect whenthe Connect Method is set to pre-logon?

  1. Certificate revocation list

  2. Trusted root certificate

  3. Machine certificate

  4. Online Certificate Status Protocol

Correct Answer: C

Question No.218

Which setting allow a DOS protection profile to limit the maximum concurrent sessions from a source IP address?

  1. Set the type to Aggregate, clear the session#39;s box and set the Maximum concurrent Sessions to 4000.

  2. Set the type to Classified, clear the session#39;s box and set the Maximum concurrent Sessions to 4000.

  3. Set the type Classified, check the Sessions box and set the Maximum concurrent Sessions to 4000.

  4. Set the type to aggregate, check the Sessions box and set the Maximum concurrent Sessions to 4000.

Correct Answer: C

Question No.219

A network security engineer needs to configure a virtual router using IPv6 addresses. Which two routing options supportthese addresses? (Choose two)

  1. BGP not sure

  2. OSPFv3

  3. RIP

  4. Static Route

Correct Answer: BD


https://live.paloaltonetworks.com/t5/Management-Articles/Does-PAN-OS-Support-Dynamic- Routing-Protocols-OSPF-or-BGP-with/ta-p/62773

Question No.220

Which CLI command displays the current management plane memory utilization?

  1. gt; debug management-server show

  2. gt; show running resource-monitor

  3. gt; show system info

  4. gt; show system resources

Correct Answer: D


https://live.paloaltonetworks.com/t5/Learning-Articles/How-to-Interpret-show-system-resources/ta- p/59364

quot;The command show system resources gives a snapshot of Management Plane (MP) resource utilization including memory and CPU. This is similar to the `top#39; command in Linux.quot;

Get Full Version of the Exam