PCNSE Practice Exam ALREADY PASSED

PCNSE Practice Exam ALREADY
PASSED
What is the last step of packet processing in the firewall?



check allowed ports



check Security Profiles



check Security policy



forwarding lookup - ✔✔Check Security Profiles



Which interface type requires you to configure where the next hop is for various addresses?



tap

virtual wire

Layer 2

Layer 3 - ✔✔Layer 3



How do you enable the firewall to be managed through a data-plane interface?



You specify Web UI in the interface properties.



You specify Management in the interface properties.

,You specify HTTPS in the Interface Management Profile, and then specify in the interface properties to
use that profile.



You specify Management in the Interface Management Profile, and then specify in the interface
properties to use that profile. - ✔✔You specify HTTPS in the Interface Management Profile, and then
specify in the interface properties to use that profile.



Some devices managed by Panorama have their external interface on ethernet1/1, some on
ethernet1/2. However, the zone definitions for the external zone are identical. What is the
recommended solution in this case?




Create two templates: one for the ethernet1/1 devices, one for the ethernet1/2 devices. Use the same
external zone definitions in both. Apply those two templates to the appropriate devices.



Create three templates: one for the ethernet1/1 devices, one for the ethernet1/2 devices, and one with
the external zone definitions. Use those templates to create two template stacks, one with the
ethernet1/1 and external zone, another with the ethernet1/2 and external zone. Apply those two
template stacks to the appropriate devices.



Create three templates: one for the ethernet1/1 devices, one for the ethernet1/2 devices, and one with
the external zone definitions. Apply the external zone template to all devices, an - ✔✔Create three
templates: one for the ethernet1/1 devices, one for the ethernet1/2 devices, and one with the external
zone definitions. Use those templates to create two template stacks, one with the ethernet1/1 and
external zone, another with the ethernet1/2 and external zone. Apply those two template stacks to the
appropriate devices.



In a Panorama managed environment, which two options show the correct order of policy evaluation?
(Choose two.)

, device group pre-rules, shared pre-rules, local firewall rules, intrazone-default, interzone-default



device group pre-rules, local firewall rules, shared post-rules, device group post-rules, intrazone-default,
interzone-default



device group pre-rules, local firewall rules, device group post-rules, shared post-rules, intrazone-default,
interzone-default



device group pre-rules, local firewall rules, intrazone-default, interzone-default, device group post-rules,
shared post-rules



shared pre-rules, device group pre-rules, local firewall rules, intrazone-default, interzone-default - ✔✔
device group pre-rules, local firewall rules, device group post-rules, shared post-rules, intrazone-default,
interzone-default

&

shared pre-rules, device group pre-rules, local firewall rules, intrazone-default, interzone-default



When you deploy the Palo Alto Networks NGFW on NSX, how many virtual network interfaces does a
VM-Series firewall need?



two, one for traffic input and output and one for management traffic



four, two for traffic input and output and two for management traffic (for High

Availability)



three, one for traffic input, one for traffic output, and one for management traffic