A file sharing application is being permitted and no one knows what this application is used for.
How should this application be blocked?
A. Block all unauthorized applications using a security policy B. Block all known internal custom applications C. Create a WildFire Analysis Profile that blocks Layer 4 and Layer 7 attacks D. Create a File blocking profile that blocks Layer 4 and Layer 7 attacks
D. Create a File blocking profile that blocks Layer 4 and Layer 7 attacks
Explanation
Question 172:
An administrator receives the following error message:
"IKE phase-2 negotiation failed when processing Proxy ID. Received local id 192. 168.33.33/24 type IPv4 address protocol 0 port 0, received remote id. 172.16.33.33/24 type IPv4 address protocol 0 port 0."
How should the administrator identify the root cause of this error message?
A. Verify that the IP addresses can be pinged and that routing issues are not causing the connection failure. B. Check whether the VPN peer on one end is set up correctly using policy-based VPN. C. In the IKE Gateway configuration, verify that the IP address for each VPN peer is accurate. D. In the IPSec Crypto profile configuration, verify that PFS is either enabled on both VPN peers or disabled on both VPN peers.
B. Check whether the VPN peer on one end is set up correctly using policy-based VPN.
Explanation
The VPN peer on one end is using policy-based VPN. You must configure a Proxy ID on the Palo Alto Networks firewall. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/vpns/set-up-site-to-site-vpn/interpret-vpn-error-messages.html
Question 173:
What is a key step in implementing WildFire best practices?
A. In a mission-critical network, increase the WildFire size limits to the maximum value B. In a security-first network set the WildFire size limits to the minimum value C. Configure the firewall to retrieve content updates every minute D. Ensure that a Threat Prevention subscription is active
D. Ensure that a Threat Prevention subscription is active
Explanation
Question 174:
What are three valid actions in a File Blocking Profile? (Choose three)
A. Forward B. Block C. Alret D. Upload E. Reset-both F. Continue
If the firewall is configured for credential phishing prevention using the "Domain Credential Filter" method, which login will be detected as credential theft?
A. Mapping to the IP address of the logged-in user. B. First four letters of the username matching any valid corporate username. C. Using the same user's corporate username and password. D. Marching any valid corporate username.
C. Using the same user's corporate username and password.
Explanation
The Windows-based User ID agent is installed on a Read-Only Domain Controller (RODC). The User ID agent collects password hashes that correspond to users for which you want to enable credential detection and sends these mappings to the firewall. The firewall then checks if the source IP address of a session matches a username and if the password submitted to the webpage belongs to that username. With this mode, the firewall blocks or alerts on the submission only when the password submitted matches a user password.
Question 176:
Engineer was tasked to simplify configuration of multiple firewalls with a specific set of configurations shared across all devices. Which two advantages would be gained by using multiple templates in a stack? (Choose two.)
A. inherits address-objects from the templates B. standardizes server profiles and authentication configuration across all stacks C. standardizes log-forwarding profiles for security policies across all stacks D. defines a common standard template configuration for firewalls
B. standardizes server profiles and authentication configuration across all stacks D. defines a common standard template configuration for firewalls
Explanation
Question 177:
Which option enables a Palo Alto Networks NGFW administrator to schedule Application and Threat updates while applying only new content-IDs to traffic?
A. Select download-and-install. B. Select download-and-install, with "Disable new apps in content update" selected. C. Select download-only. D. Select disable application updates and select "Install only Threat updates"
B. Select download-and-install, with "Disable new apps in content update" selected.
Explanation
On the Device Dynamic Updates page, select Schedule . Choose to Disable new apps in content update for downloads and installations of content releases. https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/app-id/manage-newapp-ids-introduced-in-content-releases/disable-or-enable-app-ids
Question 178:
A firewall administrator manages sets of firewalls which have two unique idle timeout values. Datacenter firewalls needs to be set to 20 minutes and BranchOffice firewalls need to be set to 30 minutes. How can the administrator assign these settings through the use of template stacks?
A. Create one template stack and place the BranchOffice_Template in higher priority than Datacenter_Template. B. Create one template stack and place the Datanceter_Template in higher priority than BranchOffice_template. C. Create two separate template stacks one each for Datacenter and BranchOffice, and verify that Datacenter_Template and BranchOffice_template are at the bottom of their stack. D. Create two separate template stacks one each for Datacenter and BranchOffice, and verify that Datacenter_template are at the top of their stack
D. Create two separate template stacks one each for Datacenter and BranchOffice, and verify that Datacenter_template are at the top of their stack
Explanation
Question 179:
What is the PAN-OS NPTv6 feature based on RFC 6296 used for?
A. Application port number translation B. IPv6-to-IPv6 network prefix translation C. Stateful translation to provide better security D. IPv6-to-IPv6 host portion translation
B. IPv6-to-IPv6 network prefix translation
Explanation
Question 180:
Which link is responsible for synchronizing sessions between high availability (HA) peers?
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Palo Alto Networks exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your PCNSE exam preparations
and Palo Alto Networks certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.