An engineer notices that the tunnel monitoring has been failing for a day and the VPN should have failed over to a backup path. What part of the network profile configuration should the engineer verify?
A. Destination IP
B. Threshold
C. Action
D. Interval
What is the PAN-OS NPTv6 feature based on RFC 6296 used for?
A. Application port number translation
B. IPv6-to-IPv6 network prefix translation
C. Stateful translation to provide better security
D. IPv6-to-IPv6 host portion translation
An administrator has been tasked with deploying SSL Forward Proxy. Which two types of certificates are used to decrypt the traffic? (Choose two.)
A. Device certificate
B. Subordinate CA from the administrator's own PKI infrastructure
C. Self-signed root CA
D. External CA certificate
If a URL is in multiple custom URL categories with different actions, which action will take priority?
A. Block
B. Allow
C. Alert
D. Override
A firewall administrator wants to have visibility on one segment of the company network. The traffic on the segment is routed on the Backbone switch. The administrator is planning to apply Security rules on segment X after getting the visibility.
There is already a PAN-OS firewall used in L3 mode as an internet gateway, and there are enough system resources to get extra traffic on the firewall. The administrator needs to complete this operation with minimum service interruptions and without making any IP changes.
What is the best option for the administrator to take?
A. Configure the TAP interface for segment X on the firewall.
B. Configure vwire interfaces for segment X on the firewall.
C. Configure a Layer 3 interface for segment X on the firewall.
D. Configure a new vsys for segment X on the firewall.
An administrator needs to identify which NAT policy is being used for internet traffic.
From the GUI of the firewall, how can the administrator identify which NAT policy is in use for a traffic flow?
A. From the Monitor tab, click Traffic view and review the information in the detailed log view.
B. From the Monitor tab, click Traffic view, ensure that the Source or Destination NAT columns are included and review the information in the detailed log view.
C. From the Monitor tab, click App Scope > Network Monitor and filter the report for NAT rules.
D. From the Monitor tab, click Session Browser and review the session details.
An administrator needs to identify which NAT policy is being used for internet traffic.
From the Monitor tab of the firewall GUI, how can the administrator identify which NAT policy is in use for a traffic flow?
A. Click Session Browser and review the session details.
B. Click Traffic view and review the information in the detailed log view.
C. Click Traffic view; ensure that the Source or Destination NAT columns are included and review the information in the detailed log view.
D. Click App Scope > Network Monitor and filter the report for NAT rules.
Users have reported an issue when they are trying to access a server on your network. The requests aren't taking the expected route. You discover that there are two different static routes on the firewall for the server.
What is used to determine which route has priority?
A. The first route installed
B. Bidirectional Forwarding Detection
C. The route with the lowest administrative distance
D. The route with the highest administrative distance
An administrator wants to perform HIP checks on the endpoints to ensure their security posture.
Which license is required on all Palo Alto Networks next-generation firewalls that will be performing the HIP checks?
A. GlobalProtect Gateway
B. Current and Active Support License
C. Threat Prevention
D. GlobalProtect Portal
You have been asked to implement GlobalProtect for your organization. You have decided on https://gp.mycompany.com for your Portal, and have received the certificate and key. Where would you navigate to on the firewall UI to import the certificate?
A. Device > Certificate Management > Device Certificates > Certificates
B. Device Certificates > Certificate Management > Certificates > Device
C. Device > Device Certificates > Certificate Management > Certificates
D. Device > Certificate Management > Certificates > Device Certificates
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Palo Alto Networks exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PCNSE exam preparations and Palo Alto Networks certification application, do not hesitate to visit our Vcedump.com to find your solutions here.