[Free] 2019(Nov) EnsurePass Palo Alto Networks PCNSE Dumps with VCE and PDF 181-190

Get Full Version of the Exam

Question No.181

What must be used in Security Policy Rule that contain addresses where NAT policy applies?

  1. Pre-NAT addresse and Pre-NAT zones

  2. Post-NAT addresse and Post-Nat zones

  3. Pre-NAT addresse and Post-Nat zones

  4. Post-Nat addresses and Pre-NAT zones

Correct Answer: C

Question No.182

Support for which authentication method was added in PAN-OS 8.0?


  2. LDAP

  3. Diameter


Correct Answer: D



Question No.183

The GlobalProtect Portal interface and IP address havebeen configured. Which other value needs to be defined to complete the network settings configuration of GlobalPortect Portal?

  1. Server Certificate

  2. Client Certificate

  3. Authentication Profile

  4. Certificate Profile Correct Answer: A Explanation:

https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-GlobalProtect/ta- p/58351

Question No.184

A network security engineer has been asked to analyze Wildfire activity. However, the Wildfire Submissions item is not visible form the Monitor tab. What could cause this condition?

  1. The firewall does not have an active WildFire subscription.

  2. The engineer#39;s account does not have permission to view WildFire Submissions.

  3. A policy is blocking WildFire Submission traffic.

  4. Though WildFire is working, there are currently no WildFire Submissions log entries.

Correct Answer: B

Question No.185

A company.com wants to enable Application Override. Given the following screenshot:


Which two statements are true if Source and Destination traffic match the Application Overridepolicy? (Choose two)

  1. Traffic that matches quot;rtp-basequot; will bypass the App-ID and Content-ID engines.

  2. Traffic will be forced to operate over UDP Port 16384.

  3. Traffic utilizing UDP Port 16384 will now be identified as quot;rtp-basequot;.

  4. Traffic utilizingUDP Port 16384 will bypass the App-ID and Content-ID engines.

Correct Answer: AC

Question No.186

In an enterprise deployment, a network security engineerwants to assign to a group of administrators without creating local administrator accounts on the firewall. Which authentication method must be used?

  1. LDAP

  2. Kerberos

  3. Certification based authentication

  4. RADIUS with Vendor-Specific Attributes

Correct Answer: D

Question No.187

Site-A and Site-B have a site-to-site VPN set up between them. OSPF is configured to dynamically create the routes between the sites. The OSPF configuration in Site-A is configured properly, but the route for the tunner is not being established. The Site-B interfaces in the graphic are using a broadcast Link Type. The administrator has determined that the OSPF configuration in Site-B is using the wrong Link Type for one of its interfaces. Which Link Type setting will correct the error?


  1. Set tunnel. 1 to p2p

  2. Set tunnel. 1 to p2mp

  3. Set Ethernet 1/1 to p2mp

  4. Set Ethernet 1/1 to p2p

Correct Answer: A

Question No.188

Which URL Filtering Security Profile action logs the URL Filtering category to the URL Filtering log?

  1. Log

  2. Alert

  3. Allow

  4. Default

Correct Answer: B


https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/url-filtering/url-filtering- profile-actions

Question No.189

Given the following table. Which configuration change on thefirewall would cause it to use as the next hop for the network?


  1. Configuring the administrative Distance for RIP to be lower than that of OSPF Int.

  2. Configuring the metric for RIP to be higher than that of OSPF Int.

  3. Configuring the administrative Distance for RIP to be higher than that of OSPF Ext.

  4. Configuring the metric for RIP to be lower than that OSPF Ext.

Correct Answer: A

Question No.190

A network design calls for a quot;router on a stickquot; implementation with a PA-5060 performing inter- VLAN routing All VLAN-tagged traffic will be forwarded to the PA-5060 through a single dot1q trunk interface. Which interface type and configuration setting will support this design?

  1. Trunk interface type with specified tag

  2. Layer 3 interface type with specified tag

  3. Layer 2 interface type with a VLAN assigned

  4. Layer 3 subinterface type with specified tag

Correct Answer: D

Get Full Version of the Exam