Dumps4free
Discount Offer
Go Back on PCNSE Exam
Available in 1, 3, 6 and 12 Months Free Updates Plans
PDF: $15 $60

Test Engine: $20 $80

PDF + Engine: $25 $99



Pass exam with Dumps4free or we will provide you with three additional months of access for FREE.

PCNSE Practice Test


Page 20 out of 59 Pages

Phase two of a VPN will not establish a connection. The peer is using a policy-based VPN configuration. What part of the configuration should the engineer verify?


A. IKE Crypto Profile


B. Security policy


C. Proxy-IDs


D. PAN-OS versions





C.   Proxy-IDs

Which operation will impact the performance of the management plane?


A. Decrypting SSL sessions


B. Generating a SaaS Application report


C. Enabling DoS protection


D. Enabling packet buffer protection





B.   Generating a SaaS Application report

You are auditing the work of a co-worker and need to verify that they have matched the Palo Alto Networks Best Practices for Anti-Spyware Profiles. For which three severity levels should single-packet captures be enabled to meet the Best Practice standard? (Choose three.)


A. Low


B. High


C. Critical


D. Informational


E. Medium





B.   High

C.   Critical

E.   Medium

Explanation: The Palo Alto Networks Best Practices for Anti-Spyware Profiles recommend enabling single-packet captures (PCAP) for medium, high, and critical severity threats. This allows for capturing the first packet of the malicious traffic for further analysis and investigation. PCAP should not be enabled for low and informational severity threats, as they generate a relatively high volume of traffic and are not particularly useful compared to potential threats.

An administrator plans to install the Windows-Based User-ID Agent. What type of Active Directory (AD) service account should the administrator use?


A. Dedicated Service Account


B. System Account


C. Domain Administrator


D. Enterprise Administrator





A.   Dedicated Service Account

A firewall engineer at a company is researching the Device Telemetry feature of PAN-OS. Which two aspects of the feature require further action for the company to remain compliant with local laws regarding privacy and data storage? (Choose two.)


A. Telemetry feature is automatically enabled during PAN-OS installation.


B. Telemetry data is uploaded into Strata Logging Service.


C. Telemetry feature is using Traffic logs and packet captures to collect data.


D. Telemetry data is shared in real time with Palo Alto Networks.





A.   Telemetry feature is automatically enabled during PAN-OS installation.

C.   Telemetry feature is using Traffic logs and packet captures to collect data.

Explanation: To address the question about the Device Telemetry feature in PAN-OS and its compliance with privacy and data storage laws, let’s examine the details thoroughly.
Understanding Device Telemetry in PAN-OS
Device Telemetry is a feature in Palo Alto Networks’ PAN-OS that collects data from the firewall to provide insights for:

  • Product usage trends.
  • Threat analysis.
  • Operational optimizations.

Telemetry may include:
  • Configuration data.
  • Threat logs.
  • Performance metrics.
However, specific aspects of this feature require attention to ensure compliance with local privacy laws.

Explanation of Options:
A. Telemetry feature is automatically enabled during PAN-OS installation: Why It Requires Action:
B. Telemetry data is uploaded into Strata Logging Service: Why It Does Not Require Immediate Action:
C. Telemetry feature is using Traffic logs and packet captures to collect data: Why It Requires Action:
D. Telemetry data is shared in real time with Palo Alto Networks: Why It Does Not Require Immediate Action:


Page 20 out of 59 Pages
Previous