• Home
  • Articles
  • Get Palo Alto Networks PCNSE Dumps Questions [2021] To Gain Brilliant Result [Q163-Q187]

Get Palo Alto Networks PCNSE Dumps Questions [2021] To Gain Brilliant Result [Q163-Q187]

Share

Get Palo Alto Networks PCNSE Dumps Questions [2021] To Gain Brilliant Result

PCNSE dumps - ValidVCE - 100% Passing Guarantee

NEW QUESTION 163
What is exchanged through the HA2 link?

  • A. hello heartbeats
  • B. User-ID information
  • C. session synchronization
  • D. HA state information

Answer: C

Explanation:
Explanation/Reference:
Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/high-availability/ha- concepts/ha-links-and-backup-links

 

NEW QUESTION 164
A customer wants to set up a site-to-site VPN using tunnel interfaces?
Which two formats are correct for naming tunnel interfaces? (Choose two.)

  • A. tunnel.1025
  • B. tunnel.1
  • C. vpn-tunnel.1
  • D. vpn-tunnel.1024

Answer: A,B

 

NEW QUESTION 165
Which CLI command enables an administrator to view details about the firewall including uptime, PAN- OS® version, and serial number?

  • A. show session info
  • B. show system info
  • C. debug system details
  • D. show system details

Answer: B

Explanation:
Explanation/Reference:
Reference: https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/technical- documentation/pan-os-60/PAN-OS-6.0-CLI-ref.pdf

 

NEW QUESTION 166
Which two statements are correct for the out-of-box configuration for Palo Alto Networks NGFWs? (Choose two)

  • A. A default bidirectional rule is configured that allows Untrust zone traffic to go to the Trust zone.
  • B. The management interface has an IP address of 192.168.1.1 and allows SSH and HTTPS connections.
  • C. The interfaces are pingable.
  • D. The devices are pre-configured with a virtual wire pair out the first two interfaces.
  • E. The devices are licensed and ready for deployment.

Answer: B,D

Explanation:
https://popravak.wordpress.com/2014/07/31/initial-setup-of-palo-alto-networks-next-generation- firewall/

 

NEW QUESTION 167
Refer to the exhibit. A web server in the DMZ is being mapped to a public address through DNAT.

Which Security policy rule will allow traffic to flow to the web server?

  • A. Untrust (any) to DMZ (10. 1. 1. 100), web browsing - Allow
  • B. Untrust (any) to Untrust (1. 1. 1. 100), web browsing - Allow
  • C. Untrust (any) to DMZ (1. 1. 1. 100), web browsing - Allow
  • D. Untrust (any) to Untrust (10. 1.1. 100), web browsing - Allow

Answer: C

 

NEW QUESTION 168
Which two features does PAN-OS software use to identify applications? (Choose two)

  • A. application layer payload
  • B. port number
  • C. transaction characteristics
  • D. session number

Answer: A,C

Explanation:
Explanation
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/app-id/application-level-gateways#

 

NEW QUESTION 169
Site-A and Site-B need to use IKEv2 to establish a VPN connection. Site-A connects directly to the internet using a public IP address. Site-B uses a private IP address behind an ISP router to connect to the internet.
How should NAT Traversal be implemented for the VPN connection to be established between Site-A and Site-B?

  • A. Enable on Site-A only
  • B. Enable on Site-B only
  • C. Enable on Site-A and Site-B
  • D. Enable on Site-B only with Passive Mode

Answer: C

Explanation:
NAT traversal (NAT-T) must be enabled on both gateways if you have NAT occurring on a device that sits between the two gateways. A gateway can see only the public (globally routable) IP address of the NAT device.
https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/vpns/site-to-site-vpn- concepts

 

NEW QUESTION 170
The GlobalProtect Portal interface and IP address have been configured. Which other value needs to be defined to complete the network settings configuration of GlobalPortect Portal?

  • A. Client Certificate
  • B. Certificate Profile
  • C. Server Certificate
  • D. Authentication Profile

Answer: C

Explanation:
Specify the network settings to enable agents to connect to the portal.
If you have not yet created the network interface for the portal, see Create Interfaces and Zones for GlobalProtect for instructions. If you haven't yet created an SSL/TLS service profile for the portal, see Deploy Server Certificates to the GlobalProtect Components.
https://www.paloaltonetworks.com/documentation/70/globalprotect/globalprotect-admin-guide/set- up-the-globalprotect-infrastructure/set-up-access-to-the-globalprotect-portal#47470

 

NEW QUESTION 171
A client is concerned about resource exhaustion because of denial-of-service attacks against their DNS servers. Which option will protect the individual servers?

  • A. Use the DNS App-ID with application-default.
  • B. Apply a classified DoS Protection Profile.
  • C. Apply an Anti-Spyware Profile with DNS sinkholing.
  • D. Enable packet buffer protection on the Zone Protection Profile.

Answer: D

 

NEW QUESTION 172
View the GlobalProtect configuration screen capture.
What is the purpose of this configuration?

  • A. It forces the firewall to perform a dynamic DNS update, which adds the internal gateway's hostname and IP address to the DNS server.
  • B. It configures the tunnel address of all internal clients to an IP address range starting at 192.168.10.1.
  • C. It enables a client to perform a reverse DNS lookup on 192.168.10.1 to detect that it is an internal client.
  • D. It forces an internal client to connect to an internal gateway at IP address 192.168.10.1.

Answer: C

Explanation:
Explanation/Reference: https://www.paloaltonetworks.com/documentation/80/globalprotect/globalprotect-admin-guide/ globalprotect-portals/define-the-globalprotect-client-authentication-configurations/define-the-globalprotect- agent-configurations

 

NEW QUESTION 173
Which rule type controls end user SSL traffic to external websites?

  • A. SSL Forward Proxy
  • B. SSL Inbound Inspection
  • C. SSH Proxy
  • D. SSL Outbound Proxyless Inspection

Answer: B

 

NEW QUESTION 174
A client is deploying a pair of PA-5000 series firewalls using High Availability (HA) in Active/Passive mode.
Which statement is true about this deployment?

  • A. The management port may be used for a backup control connection
  • B. The HA1 IP address from each peer must be on a different subnet
  • C. The two devices may be different models within the PA-5000 series
  • D. The two devices must share a routable floating IP address

Answer: A

 

NEW QUESTION 175
Refer to the exhibit.

An administrator cannot see any if the Traffic logs from the Palo Alto Networks NGFW on Panorama. The configuration problem seems to be on the firewall side. Where is the best place on the Palo Alto Networks NGFW to check whether the configuration is correct?
A:

B:

C:

D:

  • A. Option A
  • B. Option D
  • C. Option B
  • D. Option C

Answer: B

 

NEW QUESTION 176
An administrator wants multiple web servers in the DMZ to receive connections initiated from the internet.
Traffic destined for 206.15.22.9 port 80/TCP needs to be forwarded to the server at 10.1.1.22 Based on the information shown in the image, which NAT rule will forward web-browsing traffic correctly?

A:

B:

C:

D:

  • A. Option D
  • B. Option C
  • C. Option A
  • D. Option B

Answer: B

 

NEW QUESTION 177
Which method does an administrator use to integrate all non-native MFA platforms in PAN-OS software?

  • A. Okta
  • B. PingID
  • C. RADIUS
  • D. DUO

Answer: C

Explanation:
Explanation
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/authentication/authentication-types/multi-factor-auth

 

NEW QUESTION 178
If the firewall is configured for credential phishing prevention using the "Domain Credential Filter" method, which login will be detected as credential theft?

  • A. Marching any valid corporate username.
  • B. Using the same user's corporate username and password.
  • C. Mapping to the IP address of the logged-in user.
  • D. First four letters of the username matching any valid corporate username.

Answer: C

Explanation:
Explanation
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-new-features/content-inspection-features/credential- ention Reference:
https://www.paloaltonetworks.com/documentation/80/pan-os/newfeaturesguide/content-inspection-features/crede phishing-prevention

 

NEW QUESTION 179
Which three authentication services can administrator use to authenticate admins into the Palo Alto Networks NGFW without defining a corresponding admin account on the local firewall? (Choose three.)

  • A. LDAP
  • B. Kerberos
  • C. SAML
  • D. PAP
  • E. RADIUS
  • F. TACACS+

Answer: A,B,C

Explanation:
Explanation
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/firewall-administration/manage-firewall-administrat The administrative accounts are defined on an external SAML, TACACS+, or RADIUS server. The server performs both authentication and authorization. For authorization, you define Vendor-Specific Attributes (VSAs) on the TACACS+ or RADIUS server, or SAML attributes on the SAML server.
PAN-OS maps the attributes to administrator roles, access domains, user groups, and virtual systems that you define on the firewall. For details, see:
Configure SAML AuthenticationConfigure TACACS+ AuthenticationConfigure RADIUS Authentication

 

NEW QUESTION 180
Click the Exhibit button below,

A firewall has three PBF rules and a default route with a next hop of 172.20.10.1 that is configured in the default VR. A user named Will has a PC with a 192.168.10.10 IP address. He makes an HTTPS connection to
172.16.10.20.
Which is the next hop IP address for the HTTPS traffic from Will's PC?

  • A. 172.20.10.1
  • B. 172.20.30.1
  • C. 172.20.40.1
  • D. 172.20.20.1

Answer: D

 

NEW QUESTION 181
Exhibit:

What will be the egress interface if the traffic's ingress interface is ethernet1/6 sourcing from 192.168.111.3 and to the destination 10.46.41.113 during the time shown in the image?

  • A. ethernet1/5
  • B. ethernet1/3
  • C. ethernet1/7
  • D. ethernet1/6

Answer: B

 

NEW QUESTION 182
Which three items are important considerations during SD-WAN configuration planning? (Choose three.)

  • A. branch and hub locations
  • B. IP Addresses
  • C. link requirements
  • D. the name of the ISP

Answer: A,B,C

 

NEW QUESTION 183
A company needs to preconfigure firewalls to be sent to remote sites with the least amount of reconfiguration.
Once deployed, each firewall must establish secure tunnels back to multiple regional data centers to include the future regional data centers.
Which VPN configuration would adapt to changes when deployed to the future site?

  • A. Preconfigured PPTP Tunnels
  • B. Preconfigured GlobalProtect client
  • C. Preconfigured IPsec tunnels
  • D. Preconfigured GlobalProtect satellite

Answer: D

 

NEW QUESTION 184
Refer to the exhibit.

An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the specific server based on the application, where Host A (10.1.1.100) receives HTTP traffic and HOST B (10.1.1.101) receives SSH traffic.) Which two security policy rules will accomplish this configuration? (Choose two.)

  • A. Untrust (Any) to DMZ (10.1.1.1), web-browsing -Allow
  • B. Untrust (Any) to DMZ (10.1.1.100.10.1.1.101), ssh, web-browsing -Allow
  • C. Untrust (Any) to DMZ (10.1.1.1), ssh -Allow
  • D. Untrust (Any) to Untrust (10.1.1.1), web-browsing -Allow
  • E. Untrust (Any) to Untrust (10.1.1.1), ssh -Allow

Answer: A,C

Explanation:
Explanation
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/networking/nat/nat-configuration-examples/destinat

 

NEW QUESTION 185
Which two benefits come from assigning a Decryption Profile to a Decryption policy rule with a "No Decrypt" action? (Choose two.)

  • A. Block sessions with expired certificates
  • B. Block sessions with unsupported cipher suites
  • C. Block credential phishing
  • D. Block sessions with untrusted issuers
  • E. Block sessions with client authentication

Answer: A,D

Explanation:
Explanation
https://www.paloaltonetworks.com/documentation/71/pan-os/
pan-os/decryption/configure-decryption-exceptions

 

NEW QUESTION 186
Refer to Exhibit. A firewall has three PBF rules and a default route with a next hop of 172.20.10.1 that is configured in the default VR. A user named Will has a PC with a 192.168.10.10 IP address.
He makes an HTTPS connection to 172.16.10.20.
Which is the next hop IP address for the HTTPS traffic from Will's PC?

  • A. 172.20.10.1
  • B. 172.20.30.1
  • C. 172.20.40.1
  • D. 172.20.20.1

Answer: D

 

NEW QUESTION 187
......

Get 100% Passing Success With True PCNSE Exam: https://www.validvce.com/PCNSE-exam-collection.html

Premium Quality Palo Alto Networks PCNSE Online dumps: https://drive.google.com/open?id=1HUA7v6a0CElPbF_ufHvvMn6o_-3-Jqqd

Related Articles

more
Palo Alto Networks PCNSE Certification Practice Exam

We are dedicated in providing the most reliable and latest vce dumps for certification exam, our valid dumps and free vce files will guarantee you pass test 100%.

Latest VCE Dumps

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 ValidVCE NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy