Practice Exams:

Free PCNSE Exam Braindumps

Pass your Palo Alto Networks Certified Security Engineer (PCNSE)PAN-OS 9.0 exam with these free Questions and Answers

Page 10 of 18
PDF with 89 Questions
QUESTION 41

What are three valid qualifiers for a Decryption Policy Rule match? (Choose three.)

  1. A. Destination Zone
  2. B. App-ID
  3. C. Custom URL Category
  4. D. User-ID
  5. E. Source Interface

Correct Answer: ACD

QUESTION 42

A network security engineer wants to prevent resource-consumption issues on the firewall. Which strategy is consistent with decryption best practices to ensure consistent performance?

  1. A. Use RSA in a Decryption profile tor higher-priority and higher-risk traffic, and use less processor-intensive decryption methods for lower-risk traffic
  2. B. Use PFS in a Decryption profile for higher-priority and higher-risk traffic, and use lessprocessor-intensive decryption methods for tower-risk traffic
  3. C. Use Decryption profiles to downgrade processor-intensive ciphers to ciphers that are less processor-intensive
  4. D. Use Decryption profiles to drop traffic that uses processor-intensive ciphers

Correct Answer: B

QUESTION 43

An administrator is attempting to create policies for deployment of a device group and template stack. When creating the policies, the zone drop-down list does not include the required zone.
What can the administrator do to correct this issue?

  1. A. Enable "Share Unused Address and Service Objects with Devices" in Panorama settings.
  2. B. Add a firewall to both the device group and the template.
  3. C. Specify the target device as the master device in the device group.
  4. D. Add the template as a reference template in the device group.

Correct Answer: D
In order to see what is in a template, the device-group needs the template referenced. Even if you add the firewall to both the template and device-group, the device-group will not see what is in the template.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNfeCAG

QUESTION 44

Which two statements correctly describe Session 380280? (Choose two.)
PCNSE dumps exhibit

  1. A. The session went through SSL decryption processing.
  2. B. The session has ended with the end-reason unknown.
  3. C. The application has been identified as web-browsing.
  4. D. The session did not go through SSL decryption processing.

Correct Answer: AC

QUESTION 45

An administrator allocates bandwidth to a Prisma Access Remote Networks compute location with three remote networks.
What is the minimum amount of bandwidth the administrator could configure at the compute location?

  1. A. 90Mbps
  2. B. 300 Mbps
  3. C. 75Mbps
  4. D. 50Mbps

Correct Answer: D
The number you specify for the bandwidth applies to both the egress and ingress traffic for the remote network connection. If you specify a bandwidth of 50 Mbps, Prisma Access provides you with a remote network connection with 50 Mbps of bandwidth on ingress and 50 Mbps on egress. Your bandwidth speeds can go up to 10% over the specified amount without traffic being dropped; for a 50 Mbps connection, the maximum bandwidth allocation is 55 Mbps on ingress and 55 Mbps on egress (50 Mbps plus 10% overage allocation).
https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prisma-access-for-netw

Page 10 of 18
PDF with 89 Questions

Post your Comments and Discuss Paloalto-Networks PCNSE exam with other Community members: