An administrator is informed that the engineer who previously managed all the VPNs has left the company. According to company policies the administrator must update all the IPSec VPNs with new pre-shared keys Where are the pre-shared keys located on the firewall?
A. Network/lPSec Tunnels
B. Network/Network Profiles/IKE Gateways
C. Network/Network ProfilesTlPSec Crypto
D. Network/Network Profiles/IKE Crypto
A security team has enabled real-time WildFire signature lookup on all its firewalls.
Which additional action will further reduce the likelihood of newly discovered malware being allowed through the firewalls?
A. increase the frequency of the applications and threats dynamic updates.
B. Increase the frequency of the antivirus dynamic updates
C. Enable the "Hold Mode" option in Objects > Security Profiles > Antivirus.
D. Enable the "Report Grayware Files" option in Device > Setup > WildFire.
A firewall administrator is changing a packet capture filter to troubleshoot a specific traffic flow Upon opening the newly created packet capture, the administrator still sees traffic for the previous fitte.
What can the administrator do to limit the captured traffic to the newly configured filter?
A. Command line > debug dataplane packet-diag clear filter-marked-session all
B. In the GLH under Monitor > Packet Capture > Manage Filters under Ingress Interface select an interface
C. Command line> debug dataplane packet-diag clear filter all
D. In the GUI under Monitor > Packet Capture > Manage Filters under the Non-IP field, select "exclude"
What are three prerequisites for credential phishing prevention to function? (Choose three.)
A. In the URL filtering profile, use the drop-down list to enable user credential detection.
B. Enable Device-ID in the zone.
C. Select the action for Site Access for each category.
D. Add the URL filtering profile to one or more Security policy rules.
E. Set phishing category to block in the URL Filtering profile.
A company configures its WildFire analysis profile to forward any file type to the WildFire public cloud. A company employee receives an email containing an unknown link that downloads a malicious Portable Executable (PE) file.
What does Advanced WildFire do when the link is clicked?
A. Performs malicious content analysis on the linked page, but not the corresponding PE file.
B. Performs malicious content analysis on the linked page and the corresponding PE file.
C. Does not perform malicious content analysis on either the linked page or the corresponding PE file.
D. Does not perform malicious content analysis on the linked page, but performs it on the corresponding PE file.
A company wants to deploy IPv6 on its network which requires that all company Palo Alto Networks firewalls process IPv6 traffic and to be configured with IPv6 addresses.
Which consideration should the engineers take into account when planning to enable IPv6?
A. Device > Setup Settings Do not enable on each interface
B. Network > Zone Settings Do not enable on each interface
C. Network > Zone Settings Enable on each interface
D. Device > Setup Settings Enable on each interface
An administrator connects a new fiber cable and transceiver Ethernet1/1 on a Palo Alto Networks firewall. However, the link does not come up.
How can the administrator troubleshoot to confirm the transceiver type, tx-power, rxpower, vendor name, and part number by using the CLI?
A. show chassis status slot s1
B. show s/stem state filter ethernet1/1
C. show s/stem state filter sw.dev interface config
D. show s/stem state filter-pretty sys.sl*
A company is expanding its existing log storage and alerting solutions All company Palo Alto Networks firewalls currently forward logs to Panorama.
Which two additional log forwarding methods will PAN-OS support? (Choose two)
A. SSL
B. TLS
C. HTTP
D. Email
The server team is concerned about the high volume of logs forwarded to their syslog server, it is determined that DNS is generating the most logs per second. The risk and compliance team requests that any Traffic logs indicating port abuse of port 53 must still be forwarded to syslog. All other DNS. Traffic logs can be exclude from syslog forwarding.
How should syslog log forwarding be configured?
A. With (port,dst neq 53)' Traffic log filter Object > Log Forwarding.
B. With `(port dst neq 53)' Traffic log filter inside Device > log Settings.
C. With `(app neq dns-base)'' Traffic log filter inside Device> Log Settings.
D. With `(app neq dns-base)'' Traffic log filter inside Objects> Log Forwarding
A firewall engineer is managing a Palo Alto Networks NGFW that does not have the DHCP server on DHCP agent configuration.
Which interface mode can the broadcast DHCP traffic?
A. Virtual ware
B. Tap
C. Layer 2
D. Layer 3
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Palo Alto Networks exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PCNSE exam preparations and Palo Alto Networks certification application, do not hesitate to visit our Vcedump.com to find your solutions here.