1. Home
  2. Palo Alto Networks
  3. PCNSE

Palo Alto Networks Certified Network Security Engineer - PAN-OS 11.x (PCNSE)

Exam Details

  • Exam Code
    :PCNSE
  • Exam Name
    :Palo Alto Networks Certified Network Security Engineer - PAN-OS 11.x (PCNSE)
  • Certification
    :Palo Alto Networks Certifications
  • Vendor
    :Palo Alto Networks
  • Total Questions
    :860 Q&As
  • Last Updated
    :Jun 06, 2025

Palo Alto Networks Palo Alto Networks Certifications PCNSE Questions & Answers

  • Question 431:

    What are two prerequisites for configuring a pair of Palo Alto Networks firewalls in an active/passive High Availability (HA) pair? (Choose two.)

    A. The firewalls must have the same set of licenses.

    B. The management interfaces must to be on the same network.

    C. The peer HA1 IP address must be the same on both firewalls.

    D. HA1 should be connected to HA1. Either directly or with an intermediate Layer 2 device.

  • Question 432:

    YouTube videos are consuming too much bandwidth on the network, causing delays in mission-critical traffic. The administrator wants to throttle YouTube traffic. The following interfaces and zones are in use on the firewall:

    *

    ethernet1/1, Zone: Untrust (Internet-facing)

    *

    ethernet1/2, Zone: Trust (client-facing)

    A QoS profile has been created, and QoS has been enabled on both interfaces. A QoS rule exists to put the YouTube application into QoS class 6. Interface Ethernet1/1 has a QoS profile called Outbound, and interface Ethernet1/2 has a QoS profile called Inbound.

    Which setting for class 6 with throttle YouTube traffic?

    A. Outbound profile with Guaranteed Ingress

    B. Outbound profile with Maximum Ingress

    C. Inbound profile with Guaranteed Egress

    D. Inbound profile with Maximum Egress

  • Question 433:

    The GlobalProtect Portal interface and IP address have been configured. Which other value needs to be defined to complete the network settings configuration of GlobalPortect Portal?

    A. Server Certificate

    B. Client Certificate

    C. Authentication Profile

    D. Certificate Profile

  • Question 434:

    What are three possible verdicts that WildFire can provide for an analyzed sample? (Choose three)

    A. Clean

    B. Bengin

    C. Adware

    D. Suspicious

    E. Grayware

    F. Malware

  • Question 435:

    Which two options are required on an M-100 appliance to configure it as a Log Collector? (Choose two)

    A. From the Panorama tab of the Panorama GUI select Log Collector mode and then commit changes

    B. Enter the command request system system-mode logger then enter Y to confirm the change to Log Collector mode.

    C. From the Device tab of the Panorama GUI select Log Collector mode and then commit changes.

    D. Enter the command logger-mode enable the enter Y to confirm the change to Log Collector mode.

    E. Log in the Panorama CLI of the dedicated Log Collector

  • Question 436:

    A network design change requires an existing firewall to start accessing Palo Alto Updates from a data plane interface address instead of the management interface.

    Which configuration setting needs to be modified?

    A. Service route

    B. Default route

    C. Management profile

    D. Authentication profile

  • Question 437:

    A file sharing application is being permitted and no one knows what this application is used for.

    How should this application be blocked?

    A. Block all unauthorized applications using a security policy

    B. Block all known internal custom applications

    C. Create a WildFire Analysis Profile that blocks Layer 4 and Layer 7 attacks

    D. Create a File blocking profile that blocks Layer 4 and Layer 7 attacks

  • Question 438:

    Which command can be used to validate a Captive Portal policy?

    A. eval captive-portal policy

    B. request cp-policy-eval

    C. test cp-policy-match

    D. debug cp-policy

  • Question 439:

    People are having intermittent quality issues during a live meeting via web application.

    A. Use QoS profile to define QoS Classes

    B. Use QoS Classes to define QoS Profile

    C. Use QoS Profile to define QoS Classes and a QoS Policy

    D. Use QoS Classes to define QoS Profile and a QoS Policy

  • Question 440:

    A network security engineer is asked to perform a Return Merchandise Authorization (RMA) on a firewall.

    Which part of files needs to be imported back into the replacement firewall that is using Panorama?

    A. Device state and license files

    B. Configuration and serial number files

    C. Configuration and statistics files

    D. Configuration and Large Scale VPN (LSVPN) setups file

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Palo Alto Networks exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PCNSE exam preparations and Palo Alto Networks certification application, do not hesitate to visit our Vcedump.com to find your solutions here.