Why are external zones required to be configured on a Palo Alto Networks NGFW in an environment with multiple virtual systems?
A. To allow traffic between zones in different virtual systems while the traffic is leaving the appliance
B. External zones are required because the same external zone can be used on different virtual systems
C. To allow traffic between zones in different virtual systems without the traffic leaving the appliance
D. Multiple external zones are required in each virtual system to allow the communications between virtual systems
Which rule type controls end user SSL traffic to external websites?
A. SSL Inbound Inspection
B. SSH Proxy
C. SSL Forward Proxy
D. SSL Outbound Proxyless Inspection
A firewall administrator wants to be able to see all NAT sessions that are going through a firewall with source NAT. Which CLI command can the administrator use?
A. show session all filter nat source
B. show running nat-rule-ippool rule "rule_name"
C. show running nat-policy
D. show session all filter nat-rule-source
An engineer needs to configure a standardized template for all Panorama-managed firewalls. These settings will be configured on a template named "Global" and will be included in all template stacks. Which three settings can be configured in this template? (Choose three.)
A. Log Forwarding profile
B. SSL decryption exclusion
C. Tags
D. Login banner
E. Dynamic updates
All firewalls at a company are currently forwarding logs to Palo Alto Networks log collectors. The company also wants to deploy a syslog server and forward all firewall logs to the syslog server and to the log collectors. There is a known logging peak time during the day and the security team has asked the firewall engineer to determine how many logs per second the current Palo Alto Networks log collectors are processing at that particular time.
Which method is the most time-efficient to complete this task?
A. Navigate to Panorama > Managed Collectors, and open the Statistics window for each Log Collector during the peak time
B. Navigate to ACC > Network Activity, and determine the total number of sessions and threats during the peak time
C. Navigate to Monitor > Unified logs, set the filter to the peak time, and browse to the last page to find out how many logs have been received
D. Navigate to Panorama > Managed Devices > Health, open the Logging tab for each managed firewall and check the log rates during the peak time
A firewall engineer is configuring quality of service (QoS) policy for the IP address of a specific server in an effort to limit the bandwidth consumed by frequent downloads of large files from the internet. Which combination of pre-NAT and/or post-NAT information should be used in the QoS rule?
A. Pre-NAT source IP address Pre-NAT source zone
B. Post-NAT source IP address Pre-NAT source zone
C. Pre-NAT source IP address Post-NAT source zone
D. Post-NAT source IP address Post-NAT source zone
The decision to upgrade PAN-OS has been approved. The engineer begins the process by upgrading the Panorama servers, but gets an error when attempting the install. When performing an upgrade on Panorama to PAN-OS, what is the potential cause of a failed install?
A. GlobalProtect agent version
B. Outdated plugins
C. Management only mode
D. Expired certificates
Following a review of firewall logs for traffic generated by malicious activity, how can an administrator confirm that WildFire has identified a virus?
A. By navigating to Monitor > Logs > Traffic, applying filter "(subtype eq virus)"
B. By navigating to Monitor > Logs > Threat, applying filter "(subtype eq virus)"
C. By navigating to Monitor > Logs > Threat, applying filter "(subtype eq wildfire-virus)"
D. By navigating to Monitor > Logs > WildFire Submissions, applying filter "(subtype eq wildfire-virus)"
A firewall engineer is managing a Palo Alto Networks NGFW which is not in line of any DHCP traffic.
Which interface mode can the engineer use to generate Enhanced Application logs (EALs) for classifying IoT devices while receiving broadcast DHCP traffic?
A. Virtual wire
B. Layer 3
C. Layer 2
D. Tap
An administrator is considering deploying WildFire globally.
What should the administrator consider with regards to the WildFire infrastructure?
A. To comply with data privacy regulations, WildFire signatures and verdicts are not shared globally.
B. Palo Alto Networks owns and maintains one global cloud and four WildFire regional clouds.
C. Each WildFire cloud analyzes samples independently of the other WildFire clouds.
D. The WildFire Global Cloud only provides bare metal analysis.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Palo Alto Networks exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PCNSE exam preparations and Palo Alto Networks certification application, do not hesitate to visit our Vcedump.com to find your solutions here.