Dumps4free
Go Back on PCNSE Exam
Available in 1, 3, 6 and 12 Months Free Updates Plans
PDF: $15 $60

Test Engine: $20 $80

PDF + Engine: $25 $99

PCNSE Practice Test


Page 5 out of 55 Pages

Topic 1 : Main Questions pool

Which prerequisite must be satisfied before creating an SSH proxy Decryption policy?


A.

Both SSH keys and SSL certificates must be generated.


B.

No prerequisites are required.


C.

SSH keys must be manually generated.


D.

SSL certificates must be generated.





B.   

No prerequisites are required.



Which four NGFW multi-factor authentication factors are supported by PAN-OS®?(Choose four.)


A.

User logon


B.

Short message service


C.

Push


D.

SSH key


E.

One-Time Password


F.

Voice





B.   

Short message service



C.   

Push



E.   

One-Time Password



F.   

Voice



Which User-ID method maps IP addresses to usernames for users connecting through an 802.1x-enabled wireless network device that has no native integration with PAN-OS® software?


A.

XML API


B.

Port Mapping


C.

Client Probing


D.

Server Monitoring





A.   

XML API



Captive Portal and the other standard user mapping methods might not work for certain types of user access.
For example, the standard methods cannot add mappings of usersconnecting from a third-party VPN solution
or users connecting to a 802.1x-enabled wireless network. For such cases, you can use the PAN-OS XML API
to capture login events and send them to the PAN-OS integrated User-ID agent
Reference:https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/user-id/user-id-concepts

For which two reasons would a firewall discard a packet as part of the packet flow sequence? (Choose two )


A.

equal-cost multipath


B.

ingress processing errors


C.

rule match with action "allow"


D.

rule match with action "deny"





B.   

ingress processing errors



D.   

rule match with action "deny"



An administrator deploys PA-500 NGFWs as an active/passive high availability pair. The devices are not participating in dynamic routing and preemption is disabled. What must be verified to upgrade the firewalls to the most recent version of PAN-OS software?


A.

Wildfire update package


B.

User-ID agent


C.

Anti virus update package


D.

Application and Threats update package





B.   

User-ID agent



D.   

Application and Threats update package



Explanation: Dependencies : Before upgrade, make sure the firewall is running a version ofapp + threat
(content version) that meets theminimum requirement of the new PAN-OS Upgrade.
: https://live.paloaltonetworks.com/t5/Featured-Articles/Best-Practices-for-PAN-OS-Upgrade/ta-p/111045


Page 5 out of 55 Pages
Previous