What can the Log Forwarding built-in action with tagging be used to accomplish?
A. Forward selected logs to the Azure Security Center.
B. Block the destination zones of selected unwanted traffic.
C. Block the source zones of selected unwanted traffic.
D. Block the destination IP addresses of selected unwanted traffic.
When a new firewall joins a high availability (HA) cluster, the cluster members will synchronize all existing sessions over which HA port?
A. HA1
B. HA2
C. HA3
D. HA4
A firewall administrator manages sets of firewalls which have two unique idle timeout values. Datacenter firewalls needs to be set to 20 minutes and BranchOffice firewalls need to be set to 30 minutes. How can the administrator assign these settings through the use of template stacks?
A. Create one template stack and place the BranchOffice_Template in higher priority than Datacenter_Template.
B. Create one template stack and place the Datanceter_Template in higher priority than BranchOffice_template.
C. Create two separate template stacks one each for Datacenter and BranchOffice, and verify that Datacenter_Template and BranchOffice_template are at the bottom of their stack.
D. Create two separate template stacks one each for Datacenter and BranchOffice, and verify that Datacenter_template are at the top of their stack
A firewall administrator configures the HIP profiles on the edge firewall where GlobalProtect is enabled, and adds the profiles to security rules. The administrator wants to redistribute the HIP reports to the data center firewalls to apply the same access restrictions using HIP profiles. However, the administrator can only see the HIP match logs on the edge firewall but not on the data center firewall
What are two reasons why the administrator is not seeing HIP match logs on the data center firewall? (Choose two.)
A. Log Forwarding Profile is configured but not added to security rules in the data center firewall.
B. HIP profiles are configured but not added to security rules in the data center firewall.
C. User ID is not enabled in the Zone where the users are coming from in the data center firewall.
D. HIP Match log forwarding is not configured under Log Settings in the device tab.
What are three prerequisites to enable Credential Phishing Prevention over SSL? (Choose three
A. Configure a URL profile to block the phishing category.
B. Create a URL filtering profile
C. Enable User-ID.
D. Create an anti-virus profile.
E. Create a decryption policy rule.
A network security engineer is going to enable Zone Protection on several security zones
How can the engineer ensure that Zone Protection events appear in the firewall's logs?
A. Select the check box "Log packet-based attack events" in the Zone Protection profile
B. No action is needed Zone Protection events appear in the threat logs by default
C. Select the check box "Log Zone Protection events" in the Content-ID settings of the firewall
D. Access the CLI in each firewall and enter the command set system setting additional-threat-log on
The UDP-4501 protocol-port is to between which two GlobalProtect components?
A. GlobalProtect app and GiobalProtect satellite
B. GlobalRrotect app and GlobalProtect gateway
C. GlobalProtect portal and GlobalProtect gateway
D. GlobalProtect app and GlobalProtect portal
A network security engineer needs to ensure that virtual systems can communicate with one another within a Palo Alto Networks firewall. Separate virtual routers (VRs) are created for each virtual system.
In addition to confirming security policies, which three configuration details should the engineer focus on to ensure communication between virtual systems? {Choose three.)
A. External zones with the virtual systems added.
B. Layer 3 zones for the virtual systems that need to communicate.
C. Add a route with next hop set to none, and use the interface of the virtual systems that need to communicate.
D. Add a route with next hop next-vr by using the VR configured in the virtual system.
E. Ensure the virtual systems are visible to one another.
A threat intelligence team has requested more than a dozen Short signatures to be deployed on all perimeter Palo Alto Networks firewalls. How does the firewall engineer fulfill this request with the least time to implement?
A. Use Expedition to create custom vulnerability signatures, deploy them to Panorama using API and push them to the firewalls.
B. Create custom vulnerability signatures manually on one firewall export them, and then import them to the rest of the firewalls
C. Use Panorama IPs Signature Converter to create custom vulnerability signatures, and push them to the firewalls.
D. Create custom vulnerability signatures manually in Panorama, and push them to the firewalls
Which interface type should a firewall administrator configure as an upstream to the ingress trusted interface when configuring transparent web proxy on a Palo Alto Networks firewall?
A. Tunnel
B. Ethernet
C. VLAN
D. Lookback
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Palo Alto Networks exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PCNSE exam preparations and Palo Alto Networks certification application, do not hesitate to visit our Vcedump.com to find your solutions here.