[Free] 2019(Nov) EnsurePass Palo Alto Networks PCNSE Dumps with VCE and PDF 221-230

Get Full Version of the Exam

Question No.221

A host attached toEthernet 1/4 cannot ping the default gateway. The widget on the dashboard shows Ethernet 1/1 and Ethernet 1/4 to be green. The IP address of Ethernet 1/1 is and the IP address of Ethernet 1/4 is The default gateway is attached to Ethernet 1/1. A default route is properly configured. What can be the cause of this problem?

  1. No Zone has been configured on Ethernet 1/4.

  2. Interface Ethernet 1/1 is in Virtual Wire Mode.

  3. DNS has not been properly configured on the firewall.

  4. DNS has not been properly configured on the host.

Correct Answer: A

Question No.222

Which CLI command displays the current management plan memory utilization?

  1. gt;show system info

  2. gt; show system resources

  3. gt; debug management-server show

  4. gt; show running resource-monitor

Correct Answer: B


https://live.paloaltonetworks.com/t5/Management-Articles/Show-System-Resource-Command- Displays-CPU-Utilization-of-9999/ta-p/58149

Question No.223

A distributed log collection deployment has dedicatedlog Collectors. A developer needs a device to send logs to Panorama instead of sending logs to the Collector Group. What should be done first?

  1. Remove the cable from the management interface, reload the log Collector and then re-connect that cable

  2. Contact Palo Alto Networks Support team to enter kernel mode commands to allow adjustments

  3. remove the device from the Collector Group

  4. Revert to a previous configuration

Correct Answer: C

Question No.224

A network security engineer is asked to perform a Return Merchandise Authorization (RMA) on a firewall. Which part of files needs to be imported back into the replacement firewall that is using Panorama?

  1. Device state and license files

  2. Configuration and serial number files

  3. Configuration and statistics files

  4. Configuration and Large Scale VPN (LSVPN) setups file

Correct Answer: A

Question No.225

Which two statements are correct for the out-of-box configuration for Palo Alto Networks NGFWs? (Choose two)

  1. The devices are pre-configured with a virtual wire pair out the first two interfaces.

  2. The devices are licensed and ready for deployment.

  3. The management interface has an IP address of and allows SSH and HTTPS connections.

  4. A default bidirectional rule is configured that allows Untrust zone traffic to go to the Trust zone.

  5. The interface are pingable.

Correct Answer: BC

Question No.226

A firewall administrator is troubleshooting problems with traffic passing through the Palo Alto Networks firewall. Which method shows the global counters associated with the traffic after configuring the appropriate packet filters?

  1. From the CLI, issue the show counter global filter pcap yes command.

  2. From the CLI, issue the show counter global filter packet-filteryes command.

  3. From the GUI, select show global counters under the monitor tab.

  4. From the CLI, issue the show counter interface command for the ingress interface.

Correct Answer: B

Question No.227

Which authentication source requires the installation of Palo Alto Networks software, other than PAN-OS 7x, to obtain a username-to-IP-address mapping?

  1. Microsoft Active Directory

  2. Microsoft Terminal Services

  3. Aerohive Wireless Access Point

  4. Palo Alto Networks Captive Portal

Correct Answer: B

Question No.228

A company has a policy that denies all applications it classifies as bad and permits only application it classifies as good. The firewall administrator created the following security policy on the company#39;s firewall.


Which two benefits are gained from having both rule 2 and rule 3 presents? (Choose two)

  1. A report can be created thatidentifies unclassified traffic on the network.

  2. Different security profiles can be applied to traffic matching rules 2 and 3.

  3. Rule 2 and 3 apply to traffic on different ports.

  4. Separate Log Forwarding profiles can be applied to rules 2 and 3.

Correct Answer: BD

Question No.229

Which three options are available when creating a security profile? (Choose three)

  1. Anti-Malware

  2. File Blocking

  3. Url Filtering

  4. IDS/ISP

  5. Threat Prevention

  6. Antivirus

Correct Answer: ABF

Question No.230

How is the Forward Untrust Certificate used?

  1. It issues certificates encountered on the Untrust security zone when clients attempt to connect to asite that has be decrypted.

  2. It is used when web servers request a client certificate.

  3. It is presented to clients when the server they are connecting to is signed by a certificate authority that is not trusted by firewall.

  4. It is used for CaptivePortal to identify unknown users.

Correct Answer: C


Get Full Version of the Exam