Palo Alto Networks: PCNSE Practice Exam Questions

What can be used to push network and device configurations from Panorama to firewalls running PAN-OS software? - answer-Templates Which two virtualization platforms officially support the deployment of Palo Alto Networks VM-Series firewalls? - answer-Kernel Virtualization Module (KVM) Microsoft Hyper-V Where can the oversubscription rate be adjusted on platforms that support NAT oversubscription? - answer-In the GUI, under Device - Setup - Session - Session Settings Which action will display the NAT policies that are deployed on the firewall? - answer-From the command line, check the NAT policies loaded on the data plane using the command "show running nat-policy." What is the proper method to determine which active sessions on the firewall matched a security rule named "ftp-out"? - answer-In the CLI, run the command "show session all filter rule ftp-out." Which feature of the Palo Alto Networks firewall was designed to minimize network latency on the data plane? - answer-Single-Pass Parallel Processing Architecture Which statement is true about how Palo Alto Networks firewalls monitor traffic on the network? - answer-Unlike traditional firewalls that use port or protocol to identify applications, the Palo Alto Networks firewalls use the application signature (the App-ID technology) to identify applications. Consider this graphic representation of the Threat Monitor report: What does this report display? - answer-It displays the Top 10 Threats over the last 6 hours The WildFire Cloud or WF500 appliance provide information to which two Palo Alto Networks security services? - answer-Threat Prevention URL Filtering When configuring packet capture on a Palo Alto Networks firewall, what are the valid stage types? - answer-Receive, firewall, transmit, and drop You are analyzing a specific device group from Panorama and notice there are a very large number of "insufficient data" log entries. What does "insufficient data" mean? - answer-The amount of data seen during a session was not enough to identify the application. A customer has a requirement for a hardware firewall that supports at least two virtual systems (vsys). Which platform would be the smallest one to meet the requirement? - answer-PA-3220 A company wants to run their pair of firewalls in a High Availability active/passive mode and will be using HA-Lite. Which capability can be used in this situation? - answer-Configuration Sync Which two features can be used to tag a username so that it is included in a dynamic user group? - answer-XML API Built-in Actions in Log Forwarding Which feature will control how the firewall handles web servers with expired certificates when decrypting SSL? - answer-Decryption Profile An engineer has been tasked with sizing a firewall in an environment that requires decryption. When sizing the NGFW, what are two measurements the engineer should take? - answer-Measure the average transaction size of all traffic Measure the average transaction size of traffic on port 443