[Free] 2019(Nov) EnsurePass Palo Alto Networks PCNSE Dumps with VCE and PDF 121-130

Get Full Version of the Exam

Question No.121

Which tool provides an administrator the ability to see trends in traffic over periods of time, such as threats detected in the last 30 days?

  1. Session Browser

  2. Application Command Center

  3. TCP Dump

  4. Packet Capture

Correct Answer: B


https://live.paloaltonetworks.com/t5/Management-Articles/Tips-amp-Tricks-How-to-Use-the- Application-Command-Center-ACC/ta-p/67342

Question No.122

When backing up and saving configuration files, what is achieved using only the firewall and is not available in Panorama?

  1. Load named configuration snapshot

  2. Load configuration version

  3. Save candidate config

  4. Export device state

Correct Answer: A

Question No.123

When configuring the firewall for packet capture, what are the valid stage types?

  1. Receive, management, transmit, and drop

  2. Receive, firewall, send, and non-syn

  3. Receive management, transmit, and non-syn

  4. Receive, firewall, transmit, and drop

Correct Answer: D

Question No.124

Which data flow describes redistribution of user mappings?

  1. User-ID agent to firewall

  2. firewall to firewall

  3. Domain Controller to User-ID agent

  4. User-ID agent to Panorama

Correct Answer: B

Question No.125

Which feature must you configure to prevent users form accidentally submitting their corporate credentials to a phishing website?

  1. URL Filtering profile

  2. Zone Protection profile

  3. Anti-Spyware profile

  4. Vulnerability Protection profile

Correct Answer: A


https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/threat-prevention/prevent- credential-phishing

Question No.126

An administrator sees several inbound sessions identified as unknown-tcp in the traffic logs. The administrator determines that these sessions are from external users accessing the company#39;s proprietary accounting application. The administrator wants to reliablyidentify this as their accounting application and to scan this traffic for threats. Which option would achieve this result?

  1. Create an Application Override policy and a custom threat signature for the application

  2. Create an Application Override policy

  3. Create a custom App-ID and use the quot;ordered conditionsquot; check box

  4. Create a custom App ID and enable scanning on the advanced tab

Correct Answer: A

Question No.127

An administrator wants a new Palo Alto Networks NGFW to obtain automatic application updates daily, so it is configured to use a scheduler for the application database. Unfortunately,they required the management network to be isolated so that it cannot reach the internet. Which configuration will enable the firewall to download and install application updates automatically?

  1. Configure a Policy Based Forwarding policy rule for the update server IP address so that traffic sourced from themanagement interfaced destined for the update servers goes out of the interface acting as your internet connection.

  2. Configure a security policy rule to allow all traffic to and from the update servers.

  3. Download and install application updates cannot be done automatically if the MGT port cannot reach the internet.

  4. Configure a service route for Palo Alto networks services that uses a dataplane interface that can route traffic to the internet, and create a security policy rule to allow the traffic from that interface to the update servers if necessary.

Correct Answer: B

Question No.128

Which Zone Pair and Rule Type will allow a successful connection for a user on the internet zone to a web server hosted in the DMZ zone? The web server is reachableusing a destination Nat policy in the Palo Alto Networks firewall.

  1. Zone Pair:

    Source Zone: Internet Destination Zone: DMZ Rule Type:


  2. Zone Pair:

    Source Zone: Internet Destination Zone: DMZ

    Rule Type:

    quot;intrazonequot; or quot;universalquot;

  3. Zone Pair:

    Source Zone: Internet Destination Zone: Internet Rule Type:

    quot;intrazonequot; or quot;universalquot;

  4. Zone Pair:

Source Zone: Internet Destination Zone: Internet Rule Type:


Correct Answer: B

Question No.129

Which three firewall states are valid? (Choose three.)

  1. Active

  2. Functional

  3. Pending

  4. Passive

  5. Suspended

Correct Answer: ADE


https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/high-availability/ha-firewall- states

Question No.130

Refer to the exhibit. An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the specific server based on the application, where Host A ( receives HTTP traffic and HOST B ( receives SSH traffic. Which two security policy rules will accomplish this configuration? (Choose two.)


  1. Untrust (Any) to Untrust (, web-browsing -Allow

  2. Untrust (Any) to Untrust (, ssh -Allow

  3. Untrust (Any) to DMZ (, web-browsing -Allow

  4. Untrust (Any) to DMZ (, ssh -Allow

  5. Untrust (Any) to DMZ (, ssh, web-browsing -Allow

Correct Answer: CD

Get Full Version of the Exam