A network security engineer configured IP multicast in the virtual router to support a new application. Users in different network segments are reporting that they are unable to access the application.
What must be enabled to allow an interface to forward multicast traffic?
A. IGMP B. PIM C. BFD D. SSM
B. PIM
Explanation
A protocol that enables routers to forward multicast traffic efficiently based on the source and destination addresses. PIM can operate in two modes: sparse mode (PIM-SM) or dense mode (PIM-DM). PIM-SM uses a rendezvous point (RP) as a central point for distributing multicast traffic, while PIM-DM uses flooding and pruning techniques2. to enable PIM on the interface which allows routers to forward multicast traffic using either sparse mode or dense mode depending on your network topology and requirements.
Question 312:
An engineer has been given approval to upgrade their environment 10 PAN-OS 10 2 The environment consists of both physical and virtual firewalls a virtual Panorama HA pair, and virtual log collectors
What is the recommended order when upgrading to PAN-OS 10.2?
A. Upgrade Panorama, upgrade the log collectors, upgrade the firewalls B. Upgrade the firewalls upgrade log collectors, upgrade Panorama C. Upgrade the firewalls upgrade Panorama, upgrade the log collectors D. Upgrade the log collectors, upgrade the firewalls, upgrade Panorama
A. Upgrade Panorama, upgrade the log collectors, upgrade the firewalls
Explanation
Make sure Panorama is running the same or a later PAN-OS version than you are upgrading to. You must upgrade Panorama and its Log Collectors to 10.2 before upgrading the managed firewalls to this version. In addition, when upgrading Log Collectors to 10.2, you must upgrade all Log Collectors at the same time due to changes in the logging infrastructure.
When using certificate authentication for firewall administration, which method is used for authorization?
A. Radius B. LDAP C. Kerberos D. Local
D. Local
Explanation
Authentication: Certificates Authorization: Local The administrative accounts are local to the firewall, but authentication to the web interface is based on client certificates. You use the firewall to manage role assignments but access domains are not supported.
Question 314:
An administrator encountered problems with inbound decryption. Which option should the administrator investigate as part of triage?
A. Security policy rule allowing SSL to the target server B. Firewall connectivity to a CRL C. Root certificate imported into the firewall with "Trust" enabled D. Importation of a certificate from an HSM
A. Security policy rule allowing SSL to the target server
A security team has enabled real-time WildFire signature lookup on all its firewalls.
Which additional action will further reduce the likelihood of newly discovered malware being allowed through the firewalls?
A. increase the frequency of the applications and threats dynamic updates. B. Increase the frequency of the antivirus dynamic updates C. Enable the "Hold Mode" option in Objects > Security Profiles > Antivirus. D. Enable the "Report Grayware Files" option in Device > Setup > WildFire.
B. Increase the frequency of the antivirus dynamic updates
Explanation
Question 316:
A firewall engineer is managing a Palo Alto Networks NGFW which is not in line of any DHCP traffic.
Which interface mode can the engineer use to generate Enhanced Application logs (EALs) for classifying IoT devices while receiving broadcast DHCP traffic?
A. Virtual wire B. Layer 3 C. Layer 2 D. Tap
D. Tap
Explanation
Question 317:
The IT department has received complaints abou VoIP call jitter when the sales staff is making or receiving calls. QoS is enabled on all firewall interfaces, but there is no QoS policy written in the rulebase. The IT manager wants to find out what traffic is causing the jitter in real time when a user reports the jitter.
Which feature can be used to identify, in real time, the applications taking up the most bandwidth?
A. QoS Statistics B. Applications Report C. Application Command Center (ACC) D. QoS Log
A. QoS Statistics
Explanation
Question 318:
When configuring a GlobalProtect Portal, what is the purpose of specifying an Authentication Profile?
A. To enable Gateway authentication to the Portal B. To enable Portal authentication to the Gateway C. To enable user authentication to the Portal D. To enable client machine authentication to the Portal
C. To enable user authentication to the Portal
Explanation
The additional options of Browser and Satellite enable you to specify the authentication profile to use for specific scenarios. Select Browser to specify the authentication profile to use to authenticate a user accessing the portal from a web browser with the intent of downloading the GlobalProtect agent (Windows and Mac). Select Satellite to specify the authentication profile to use to authenticate the satellite. Reference https://www.paloaltonetworks.com/documentation/71/panos/web-interface-help/globalprotect/network-globalprotect-portals
Question 319:
How does Panorama handle incoming logs when it reaches the maximum storage capacity?
A. Panorama discards incoming logs when storage capacity full. B. Panorama stops accepting logs until licenses for additional storage space are applied C. Panorama stops accepting logs until a reboot to clean storage space. D. Panorama automatically deletes older logs to create space for new ones.
D. Panorama automatically deletes older logs to create space for new ones.
Which option describes the operation of the automatic commit recovery feature?
A. It enables a firewall to revert to the previous configuration if rule shadowing is detected B. It enables a firewall to revert to the previous configuration if a commit causes Panorama connectivity failure. C. It enables a firewall to revert to the previous configuration if application dependency errors are found D. It enables a firewall to revert to the previous configuration if a commit causes HA partner connectivity failure
B. It enables a firewall to revert to the previous configuration if a commit causes Panorama connectivity failure.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Palo Alto Networks exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your PCNSE exam preparations
and Palo Alto Networks certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.