[Free] 2019(Nov) EnsurePass Palo Alto Networks PCNSE Dumps with VCE and PDF 81-90

Get Full Version of the Exam

Question No.81

How would an administrator monitor/capture traffic on the managementinterface of the Palo Alto Networks NGFW?

  1. Use the debug dataplane packet-diag set capture stage firewall file command.

  2. Enable all four stages of traffic capture (TX, RX, DROP, Firewall).

  3. Use the debug dataplane packet-diag set capture stage management file command.

  4. Use the tcpdump command. Correct Answer: D Explanation:


Question No.82

Which three authentication services can administrator use to authenticate admins into the Palo Alto Networks NGFW without defining a corresponding admin account on the local firewall?

(Choose three.)

  1. Kerberos

  2. PAP

  3. SAML



  6. LDAP

Correct Answer: DEF

Question No.83

If a template stack is assigned to a device and the stack includes three templates with overlapping settings, which settings are published to the device when the template stack is pushed?

  1. The settings assigned to the template that is on top of thestack.

  2. The administrator will be promoted to choose the settings for that chosen firewall.

  3. All the settings configured in all templates.

  4. Depending on the firewall location, Panorama decides with settings to send.

Correct Answer: B

Explanation: https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/manage- firewalls/manage-templates-and-template-stacks/configure-a-template-stack

Question No.84

Which three options are supported in HA Lite? (Choose three.)

  1. Virtual link

  2. Active/passive deployment

  3. Synchronization of IPsec security associations

  4. Configuration synchronization

  5. Sessionsynchronization

Correct Answer: BCD


https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/device/device- high-availability/ha-lite

Question No.85

During the packet flow process, which two processes are performed in application identification? (Choose two.)

  1. Pattern based application identification

  2. Application override policy match

  3. Application changed from content inspection

  4. Session application identified.

Correct Answer: BD

Question No.86

Which method does an administrator use to integrate all non-native MFA platforms in PAN-OS庐 software?

  1. Okta

  2. DUO


  4. PingID

Correct Answer: C

Question No.87

What is exchanged through the HA2 link?

  1. hello heartbeats

  2. User-ID information

  3. sessionsynchronization

  4. HA state information

Correct Answer: C


https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/high-availability/ha-links-and- backup-links

Question No.88

An administrator just submitted a newlyfound piece of spyware for WildFire analysis. The spyware passively monitors behavior without the user#39;s knowledge. What is the expected verdict from WildFire?

  1. Gray ware

  2. Malware

  3. Spyware

  4. Phishing

Correct Answer: A

Question No.89

If the firewall has the link monitoringconfiguration, what will cause a failover?


  1. ethernet1/3 and ethernet1/6 going down

  2. ethernet1/3 going down

  3. ethernet1/3 or Ethernet1/6 going down

  4. ethernet1/6 going down

Correct Answer: A

Question No.90

View the GlobalProtect configuration screen capture. What is the purpose of this configuration?


  1. It configures the tunnel address of all internal clients to an IP address range starting at

  2. It forces an internal client to connect to an internal gateway at IP address

  3. It enables a client to perform a reverse DNS lookup on to detect that it is an internal client.

  4. It forces the firewall to perform a dynamic DNS update, which adds the internal gateway#39;s hostname and IP address to the DNS server.

Correct Answer: C


https://www.paloaltonetworks.com/documentation/80/globalprotect/globalprotect-admin- guide/globalprotect-portals/define-the-globalprotect-client-authentication-configurations/define- the-globalprotect-agent-configurations

Get Full Version of the Exam