Palo Alto Networks: PCNSE Practice
Exam Questions
What can be used to push network and device configurations from Panorama to firewalls running PAN-
OS software? - ✔✔Templates
Which two virtualization platforms officially support the deployment of Palo Alto Networks VM-Series
firewalls? - ✔✔Kernel Virtualization Module (KVM)
Microsoft Hyper-V
Where can the oversubscription rate be adjusted on platforms that support NAT oversubscription? - ✔
✔In the GUI, under Device -> Setup -> Session -> Session Settings
Which action will display the NAT policies that are deployed on the firewall? - ✔✔From the command
line, check the NAT policies loaded on the data plane using the command "show running nat-policy."
What is the proper method to determine which active sessions on the firewall matched a security rule
named "ftp-out"? - ✔✔In the CLI, run the command "show session all filter rule ftp-out."
Which feature of the Palo Alto Networks firewall was designed to minimize network latency on the data
plane? - ✔✔Single-Pass Parallel Processing Architecture
Which statement is true about how Palo Alto Networks firewalls monitor traffic on the network? - ✔✔
Unlike traditional firewalls that use port or protocol to identify applications, the Palo Alto Networks
firewalls use the application signature (the App-ID technology) to identify applications.
, Consider this graphic representation of the Threat Monitor report: What does this report display? - ✔✔
It displays the Top 10 Threats over the last 6 hours
The WildFire Cloud or WF500 appliance provide information to which two Palo Alto Networks security
services? - ✔✔Threat Prevention
URL Filtering
When configuring packet capture on a Palo Alto Networks firewall, what are the valid stage types? - ✔
✔Receive, firewall, transmit, and drop
You are analyzing a specific device group from Panorama and notice there are a very large number of
"insufficient data" log entries. What does "insufficient data" mean? - ✔✔The amount of data seen
during a session was not enough to identify the application.
A customer has a requirement for a hardware firewall that supports at least two virtual systems (vsys).
Which platform would be the smallest one to meet the requirement? - ✔✔PA-3220
A company wants to run their pair of firewalls in a High Availability active/passive mode and will be
using HA-Lite. Which capability can be used in this situation? - ✔✔Configuration Sync
Which two features can be used to tag a username so that it is included in a dynamic user group? - ✔✔
XML API
Built-in Actions in Log Forwarding
Which feature will control how the firewall handles web servers with expired certificates when
decrypting SSL? - ✔✔Decryption Profile
Exam Questions
What can be used to push network and device configurations from Panorama to firewalls running PAN-
OS software? - ✔✔Templates
Which two virtualization platforms officially support the deployment of Palo Alto Networks VM-Series
firewalls? - ✔✔Kernel Virtualization Module (KVM)
Microsoft Hyper-V
Where can the oversubscription rate be adjusted on platforms that support NAT oversubscription? - ✔
✔In the GUI, under Device -> Setup -> Session -> Session Settings
Which action will display the NAT policies that are deployed on the firewall? - ✔✔From the command
line, check the NAT policies loaded on the data plane using the command "show running nat-policy."
What is the proper method to determine which active sessions on the firewall matched a security rule
named "ftp-out"? - ✔✔In the CLI, run the command "show session all filter rule ftp-out."
Which feature of the Palo Alto Networks firewall was designed to minimize network latency on the data
plane? - ✔✔Single-Pass Parallel Processing Architecture
Which statement is true about how Palo Alto Networks firewalls monitor traffic on the network? - ✔✔
Unlike traditional firewalls that use port or protocol to identify applications, the Palo Alto Networks
firewalls use the application signature (the App-ID technology) to identify applications.
, Consider this graphic representation of the Threat Monitor report: What does this report display? - ✔✔
It displays the Top 10 Threats over the last 6 hours
The WildFire Cloud or WF500 appliance provide information to which two Palo Alto Networks security
services? - ✔✔Threat Prevention
URL Filtering
When configuring packet capture on a Palo Alto Networks firewall, what are the valid stage types? - ✔
✔Receive, firewall, transmit, and drop
You are analyzing a specific device group from Panorama and notice there are a very large number of
"insufficient data" log entries. What does "insufficient data" mean? - ✔✔The amount of data seen
during a session was not enough to identify the application.
A customer has a requirement for a hardware firewall that supports at least two virtual systems (vsys).
Which platform would be the smallest one to meet the requirement? - ✔✔PA-3220
A company wants to run their pair of firewalls in a High Availability active/passive mode and will be
using HA-Lite. Which capability can be used in this situation? - ✔✔Configuration Sync
Which two features can be used to tag a username so that it is included in a dynamic user group? - ✔✔
XML API
Built-in Actions in Log Forwarding
Which feature will control how the firewall handles web servers with expired certificates when
decrypting SSL? - ✔✔Decryption Profile
