Palo Alto Networks PCNSE Übungsprüfungen
Zuletzt aktualisiert am 04.05.2025- Prüfungscode: PCNSE
- Prüfungsname: Palo Alto Networks Certified Network Security Engineer Exam
- Zertifizierungsanbieter: Palo Alto Networks
- Zuletzt aktualisiert am: 04.05.2025
An administrator has two pairs of firewalls within the same subnet. Both pairs of firewalls have been configured to use High Availability mode with Active/Passive. The ARP tables for upstream routes display the same MAC address being shared for some of these firewalls.
What can be configured on one pair of firewalls to modify the MAC addresses so they are no longer in conflict?
- A . Configure a floating IP between the firewall pairs.
- B . Change the Group IDs in the High Availability settings to be different from the other firewall pair on the same subnet.
- C . Change the interface type on the interfaces that have conflicting MAC addresses from L3 to VLAN.
- D . On one pair of firewalls, run the CLI command: set network interface vlan arp.
An administrator has been tasked with configuring decryption policies.
Which decryption best practice should they consider?
- A . Consider the local, legal, and regulatory implications and how they affect which traffic can be decrypted.
- B . Decrypt all traffic that traverses the firewall so that it can be scanned for threats.
- C . Place firewalls where administrators can opt to bypass the firewall when needed.
- D . Create forward proxy decryption rules without Decryption profiles for unsanctioned applications.
After implementing a new NGFW, a firewall engineer sees a VoIP traffic issue going through the firewall After troubleshooting the engineer finds that the firewall performs NAT on the voice packets payload and opens dynamic pinholes for media ports.
What can the engineer do to solve the VoIP traffic issue?
- A . Disable ALG under H.323 application
- B . Increase the TCP timeout under H.323 application
- C . Increase the TCP timeout under SIP application
- D . Disable ALG under SIP application
Which three options does Panorama offer for deploying dynamic updates to its managed devices? (Choose three.)
- A . Check dependencies
- B . Schedules
- C . Verify
- D . Revert content
- E . Install
An engineer is configuring a template in Panorama which will contain settings that need to be applied to all firewalls in production.
Which three parts of a template an engineer can configure? (Choose three.)
- A . NTP Server Address
- B . Antivirus Profile
- C . Authentication Profile
- D . Service Route Configuration
- E . Dynamic Address Groups
Where can a service route be configured for a specific destination IP?
- A . Use Network > Virtual Routers, select the Virtual Router > Static Routes > IPv4
- B . Use Device > Setup > Services > Services
- C . Use Device > Setup > Services > Service Route Configuration > Customize > Destination
- D . Use Device > Setup > Services > Service Route Configuration > Customize > IPv4
A network administrator is trying to prevent domain username and password submissions to phishing sites on some allowed URL categories
Which set of steps does the administrator need to take in the URL Filtering profile to prevent credential phishing on the firewall?
- A . Choose the URL categories in the User Credential Submission column and set action to block Select the User credential Detection tab and select Use Domain Credential Filter Commit
- B . Choose the URL categories in the User Credential Submission column and set action to block Select the User credential Detection tab and select use IP User Mapping Commit
- C . Choose the URL categories on Site Access column and set action to block Click the User credential
Detection tab and select IP User Mapping Commit - D . Choose the URL categories in the User Credential Submission column and set action to block Select the URL filtering settings and enable Domain Credential Filter Commit
To ensure that a Security policy has the highest priority, how should an administrator configure a Security policy in the device group hierarchy?
- A . Add the policy to the target device group and apply a master device to the device group.
- B . Reference the targeted device’s templates in the target device group.
- C . Clone the security policy and add it to the other device groups.
- D . Add the policy in the shared device group as a pre-rule
An administrator is attempting to create policies tor deployment of a device group and template
stack. When creating the policies, the zone drop down list does not include the required zone.
What must the administrator do to correct this issue?
- A . Specify the target device as the master device in the device group
- B . Enable "Share Unused Address and Service Objects with Devices" in Panorama settings
- C . Add the template as a reference template in the device group
- D . Add a firewall to both the device group and the template
When an engineer configures an active/active high availability pair, which two links can they use? (Choose two)
- A . HSCI-C
- B . Console Backup
- C . HA3
- D . HA2 backup