[Free] 2019(Nov) EnsurePass Palo Alto Networks PCNSE Dumps with VCE and PDF 51-60

Get Full Version of the Exam

Question No.51

An administrator has been asked to create 100 virtual firewalls in a local, on-premise lab

environment (not in quot;the cloudquot;). Bootstrapping is the most expedient way to perform this task. Which option describes deployment of a bootstrap package in an on-premise virtual environment?

  1. Use config-drive on a USB stick.

  2. Use an S3 bucket with an ISO.

  3. Create and attach a virtual hard disk (VHD).

  4. Use a virtual CD-ROM with an ISO.

Correct Answer: D


https://www.paloaltonetworks.com/documentation/71/pan-os/newfeaturesguide/management- features/bootstrapping-firewalls-for-rapid-deployment.html

Question No.52

A customer has an applicationthat is being identified as unknown-top for one of their custom PostgreSQL database connections. Which two configuration options can be used to correctly categorize their custom database application? (Choose two.)

  1. Application Override policy.

  2. Securitypolicy to identify the custom application.

  3. Custom application.

  4. Custom Service object.

Correct Answer: BD

Question No.53

The firewall determines if a packet is the first packet of a new session or if a packet is part of an existing session using which kind of match?

  1. 5-tuple match

    Source IP Address, Destination IP Address, Source Port, Destination Port, Protocol

  2. 7-tuple match

    Source IP Address, Destination IP Address, Source Port, Destination Port ,Source User, URLCategory and Source Security Zone.

  3. 6-tuple match

    Source IP Address, Destination IP Address, Source Port, Destination Port, Protocol and Source Security Zone

  4. 9-tuple match

Source IP Address, Destination IP Address, Source Port, Destination Port, Source User, Source Security Zone, Destination Security Zone, Application and URL Category

Correct Answer: A

Question No.54

Which processing order will be enabled when a Panorama administrator selects the setting quot;Objects defined in ancestors will take higher precedencequot;?

  1. Descendant objects will take precedence over other descendant objects.

  2. Descendant objects will take precedence over ancestor objects.

  3. Ancestor objects will have precedence over descendant objects.

  4. Ancestor objects will have precedence over other ancestor objects.

Correct Answer: C


https://www.paloaltonetworks.com/documentation/71/pan-os/web-interface-help/device/device- setup-management

Question No.55

Which CLI command can be used to export the tcpdumpcapture?

  1. scp export tcpdump from mgmt.pcap to lt;username@host:pathgt;

  2. scp extract mgmt-pcap from mgmt.pcap to lt;username@host:pathgt;

  3. scp export mgmt-pcap from mgmt.pcap to lt;username@host:pathgt;

  4. download mgmt.-pcap

Correct Answer: C


https://live.paloaltonetworks.com/t5/Management-Articles/How-To-Packet-Capture-tcpdump-On- Management-Interface/ta-p/55415

Question No.56

Anadministrator using an enterprise PKI needs to establish a unique chain of trust to ensure mutual authentication between Panorama and the managed firewalls and Log Collectors. How would the administrator establish the chain of trust?

  1. Use custom certificates

  2. Enable LDAP or RADIUS integration

  3. Set up multi-factor authentication

  4. Configure strong password authentication

Correct Answer: A

Explanation: https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/panoram a-overview/plan-your-panorama-deployment

Question No.57

An administrator needs to upgrade a Palo Alto Networks NGFW to the most current version of PAN-OS庐 software. The firewall hasinternet connectivity through an Ethernet interface, but no internet connectivity from the management interface. The Security policy has the default security rules and a rule that allows all web-browsing traffic from any to any zone. What must the administrator configure so that the PAN-OS庐 software can be upgraded?

  1. Security policy rule

  2. CRL

  3. Service route

  4. Scheduler

Correct Answer: A

Question No.58

VPN traffic intended for an administrator#39;s Palo Alto Networks NGFW is being maliciously intercepted and retransmitted by the interceptor. When creating a VPN tunnel, which protection profile can be enabled to prevent this malicious behavior?

  1. Zone Protection

  2. Replay

  3. Web Application

  4. DoS Protection

Correct Answer: A

Question No.59

Which CLI command is used to simulate traffic goingthrough the firewall and determine which Security policy rule, NAT translation, static route, or PBF rule will be triggered by the traffic?

  1. check

  2. find

  3. test

  4. sim

Correct Answer: C



Question No.60

A client is concerned about resource exhaustion because of denial-of-service attacks against their DNS servers. Which option will protect theindividual servers?

  1. Enable packet buffer protection on the Zone Protection Profile.

  2. Apply an Anti-Spyware Profile with DNS sinkholing.

  3. Use the DNS App-ID with application-default.

  4. Apply a classified DoS Protection Profile.

Correct Answer: A

Get Full Version of the Exam