[Free] 2019(Nov) EnsurePass Palo Alto Networks PCNSE Dumps with VCE and PDF 151-160

Get Full Version of the Exam

Question No.151

Click the Exhibit button below. A firewall has three PBF rules and a default route with a next hop of that is configured in the default VR. A user named Will has a PC with a IP address. He makes an HTTPS connection to Which is the next hop IP address for the HTTPS traffic from Will#39;s PC?






Correct Answer: C

Question No.152

A file sharing application is being permitted and no one knows what this application is used for. How should this application be blocked?

  1. Block all unauthorized applications using a security policy

  2. Block all known internal custom applications

  3. Create a WildFire Analysis Profile that blocks Layer 4 and Layer 7 attacks

  4. Create a File blocking profile that blocks Layer 4 and Layer 7 attacks

Correct Answer: D

Question No.153

What are three possible verdicts that WildFire can provide for an analyzed sample? (Choose three)

  1. Clean

  2. Bengin

  3. Adware

  4. Suspicious

  5. Grayware

  6. Malware

Correct Answer: BEF


https://www.paloaltonetworks.com/documentation/70/pan-os/newfeaturesguide/wildfire- features/wildfire-grayware-verdict

Question No.154

What can missing SSL packets when performing a packet capture on dataplane interfaces?

  1. The packets are hardware offloaded to the offloaded processor on the dataplane

  2. The missing packets are offloaded to the management plane CPU

  3. The packets are not captured because they are encrypted

  4. There is a hardware problem with offloading FPGA on the management plane

Correct Answer: A

Question No.155

Acompany hosts a publically accessible web server behind a Palo Alto Networks next generation firewall with the following configuration information.




Users outside the company are in the quot;Untrust-L3quot; zone The web server physically resides in the quot;Trust-L3quot;zone. Web server public IP address:


Web server private IP address:

Which two items must be NAT policy contain to allow users in the untrust-L3 zone to access the web server? (Choose two)

  1. Untrust-L3 for both Source and Destination zone

  2. Destination IP of

  3. Untrust-L3 for Source Zone and Trust-L3 for Destination Zone

  4. Destination IP of

Correct Answer: CD

Question No.156

A network Administrator needs to view the default action for a specific spyware signature. The administrator follows the tabs and menus through Objectsgt; Security Profilesgt; Anti-Spyware and select default profile. What should be done next?

  1. Click the simple-critical rule and then click the Action drop-down list.

  2. Click the Exceptions tab and then click show all signatures .

  3. View the default actions displayed in theAction column.

  4. Click the Rules tab and then look for rules with quot;defaultquot; in the Action column.

Correct Answer: B

Question No.157

Which three log-forwarding destinations require a server profile to be configured? (Choose three)

  1. SNMP Trap

  2. Email


  4. Kerberos

  5. Panorama

  6. Syslog

Correct Answer: ABF

Question No.158

A company has a web server behind a Palo Alto Networks next-generation firewall that it wants to make accessible to the public at The company has decided to configure a destination NAT Policy rule.

Giventhe following zone information:


DMZ zone: DMZ-L3




Public zone: Untrust-L3 Guest zone: Guest-L3 Web server zone: Trust-L3



Public IP address (Untrust-L3): Private IP address (Trust-L3):

What should be configured as the destination zone on the Original Packet tab of NAT Policy rule?

  1. Untrust-L3

  2. DMZ-L3

  3. Guest-L3

  4. Trust-L3

Correct Answer: A

Question No.159

A logging infrastructure may need to handle more than 10,000 logs per second. Which two options support a dedicated log collector function? (Choose two)

A. Panorama virtual appliance on ESX(i) only B. M-500

C. M-100 with Panorama installed D. M-100

Correct Answer: BC


https://live.paloaltonetworks.com/t5/Management-Articles/Panorama-Sizing-and-Design-Guide/ta- p/72181

Question No.160

Which command can be used to validate a Captive Portal policy?

  1. eval captive-portal policy lt;criteriagt;

  2. request cp-policy-eval lt;criteriagt;

  3. test cp-policy-match lt;criteriagt;

  4. debug cp-policy lt;criteriagt;

Correct Answer: C

Get Full Version of the Exam