[Free] 2019(Nov) EnsurePass Palo Alto Networks PCNSE Dumps with VCE and PDF 1-10

Get Full Version of the Exam

Question No.1

What are two benefits of nested device groups in Panorama? (Choose two.)

  1. Reuse of the existing Security policy rules and objects

  2. Requires configuring both function and location for every device

  3. All device groups inherit settings form the Shared group

  4. Overwrites local firewall configuration

Correct Answer: BC

Question No.2

An administrator has enabled OSPF on a virtual router on the NGFW. OSPF is not adding new routes to the virtual router. Which two options enable the administrator to troubleshoot this issue? (Choose two.)

  1. View Runtime Stats in the virtual router.

  2. View System logs.

  3. Add a redistribution profile to forward as BGP updates.

  4. Perform a traffic pcap at the routing stage.

Correct Answer: AB

Question No.3

A PaloAlto Networks NGFW just submitted a file to WildFire for analysis. Assume a 5-minute window for analysis. The firewall is configured to check for verdicts every 5 minutes. How quickly will the firewall receive back a verdict?

  1. More than 15 minutes

  2. 5 minutes

  3. 10 to 15 minutes

  4. 5 to 10 minutes

Correct Answer: D

Question No.4

An administrator has created an SSL Decryption policy rule that decrypts SSL sessions on any port. Which log entry can the administrator use to verify that sessions are being decrypted?

  1. In the details of the Traffic log entries

  2. Decryption log

  3. Data Filtering log

  4. In the details of the Threat log entries

Correct Answer: A


https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Implement-and-Test-SSL- Decryption/ta-p/59719

Question No.5

Refer to the exhibit. An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the specific server based on the application, where Host A

( received HTTP traffic and hostB( receives SSH traffic. Which two security policy rules will accomplish this configuration? (Choose two)


  1. Untrust (Any) to Untrust ( Ssh-Allow

  2. Untrust (Any) to DMZ ( Ssh-Allow

  3. Untrust (Any) to DMZ ( Web-browsing -Allow

  4. Untrust (Any) to Untrust ( Web-browsing -Allow

Correct Answer: CD

Question No.6

Which two benefits come from assigning a Decryption Profile to a Decryption policy rule with a quot;No Decryptquot; action? (Choose two.)

  1. Block sessions with expired certificates

  2. Block sessions with client authentication

  3. Block sessions with unsupported cipher suites

  4. Block sessions with untrusted issuers

  5. Block credential phishing

Correct Answer: ABC


https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/decryption/create-a- decryption-profile

Question No.7

Which two methods can be used to verify firewall connectivity to AutoFocus? (Choose two.)

  1. Verify AutoFocus status using CLI.

  2. Check the WebUI Dashboard AutoFocus widget.

  3. Check for WildFire forwarding logs.

  4. Check the license

  5. Verify AutoFocus is enabled below Device Management tab.

Correct Answer: BD


https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/getting-started/enable- autofocus-threat-intelligence

Question No.8

A Security policy rule is configured with a Vulnerability Protection Profile and an action of `Denyquot;. Which action will this cause configuration on the matched traffic?

  1. The configuration is invalid. The Profile Settings section will be grayed out when the Action is set to quot;Denyquot;.

  2. The configuration will allow the matched session unless a vulnerability signature is detected. The quot;Denyquot; action will supersede theper-severity defined actions defined in the associated Vulnerability Protection Profile.

  3. The configuration is invalid. It will cause the firewall to skip this Security policy rule. A warning will be displayed during a commit.

  4. The configuration is valid. It will cause the firewall to deny the matched sessions. Any configured Security Profiles have no effect ifthe Security policy rule action is set to quot;Deny.quot;

Correct Answer: B

Question No.9

Refer to the exhibit. An administrator cannot see any if the Traffic logs from the Palo Alto Networks NGFW on Panorama. The configuration problem seems to be on the firewall side. Where is the best place on the Palo Alto Networks NGFW to check whetherthe configuration is correct?








Correct Answer: D

Question No.10

If an administrator does not possess a website#39;s certificate, which SSL decryption mode will allow the Palo Alto networks NGFW to inspect when users browse to HTTP(S) websites?

  1. SSL Forward Proxy

  2. SSL Inbound Inspection

  3. TLS Bidirectional proxy

  4. SSL Outbound Inspection

Correct Answer: A

Get Full Version of the Exam