Palo Alto Networks Palo Alto Networks Certifications PCNSE Questions & Answers

• Question 541:

  Which Palo Alto Networks VM-Series firewall is valid?

  A. VM-25

  B. VM-800

  C. VM-50

  D. VM-400

  Correct Answer: C

  Reference: https://www.paloaltonetworks.com/products/secure-the-network/virtualized- next-generation-firewall/vm-series https://docs.paloaltonetworks.com/vm-series/9-0/vm-series-deployment/about-the-vm- series-firewall/vm-series-models.html

• Question 542:

  To connect the Palo Alto Networks firewall to AutoFocus, which setting must be enabled?

  A. Device>Setup>Services>AutoFocus

  B. Device> Setup>Management >AutoFocus

  C. AutoFocus is enabled by default on the Palo Alto Networks NGFW

  D. Device>Setup>WildFire>AutoFocus

  E. Device>Setup> Management> Logging and Reporting Settings

  Correct Answer: B

  Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/getting- started/enable-autofocus-threat-intelligence

• Question 543:

  A speed/duplex negotiation mismatch is between the Palo Alto Networks management port and the switch port which it connects. How would an administrator configure the interface to 1Gbps?

  A. set deviceconfig interface speed-duplex 1Gbps-full-duplex

  B. set deviceconfig system speed-duplex 1Gbps-duplex

  C. set deviceconfig system speed-duplex 1Gbps-full-duplex

  D. set deviceconfig Interface speed-duplex 1Gbps-half-duplex

  Correct Answer: C

  Reference: https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Change-the- Speed-and-Duplex-of-the-Management- Port/ta-p/59034

  user@PA# set deviceconfig system speed-duplex100Mbps-full-duplex 100Mbps-full- duplex100Mbps-half-duplex 100Mbps-half-duplex10Mbps-full-duplex 10Mbps-full- duplex10Mbps-half-duplex 10Mbps-half-duplex1Gbps-full-duplex 1Gbpsfull-duplex1Gbps- half-duplex 1Gbps-half-duplexauto-negotiate auto-negotiate

• Question 544:

  A Palo Alto Networks NGFW just submitted a file to WildFire for analysis. Assume a 5- minute window for analysis. The firewall is configured to check for verdicts every 5 minutes.

  How quickly will the firewall receive back a verdict?

  A. More than 15 minutes

  B. 5 minutes

  C. 10 to 15 minutes

  D. 5 to 10 minutes

  Correct Answer: D

  "As new WildFire signatures are available every five minutes, this setting ensures the firewall retrieves these signatures within a minute of availability." Meaning if the WildFire checks for verdict at 06:00 PM it would next check at 06:05, however if you submit a file at 06:06 - WildFire would check at 06:10 but your verdict will come at 06:11, which would be fetched by WildFire at 06:15 - hence 9 minutes since you submitted. So 5 to 10 mins depending on your time of submission.

• Question 545:

  A customer has an application that is being identified as unknown-top for one of their custom PostgreSQL database connections. Which two configuration options can be used to correctly categorize their custom database application? (Choose two.)

  A. Application Override policy.

  B. Security policy to identify the custom application.

  C. Custom application.

  D. Custom Service object.

  Correct Answer: AC

  Unlike the App-ID engine, which inspects application packet contents for unique signature elements, the Application Override policy's matching conditions are limited to header-based data only. Traffic matched by an Application Override policy is identified by the App-ID entered in the Application entry box.Choices are limited to applications currently in the App-ID database.Because this traffic bypasses all Layer 7 inspection, the resulting security is that of a Layer-4 firewall. Thus, this traffic should be trusted without the need for Content-ID inspection. The resulting application assignment can be used in other firewall functions such as Security policy and QoS.Use CasesThree primary uses cases for Application Override Policy are: To identify "Unknown" App-IDs with a different or custom application signature To re-identify an existing application signature To bypass the Signature Match Engine (within the SP3 architecture) to improve processing timesA discussion of typical uses of application override and specific implementation examples is here:https://live.paloaltonetworks.com/t5/LearningArticles/Tips-amp-Tricks- How-to-Create-an-Application- Override/ta-p/65513

• Question 546:

  An administrator just submitted a newly found piece of spyware for WildFire analysis. The spyware passively monitors behavior without the user's knowledge.

  What is the expected verdict from WildFire?

  A. Grayware

  B. Malware

  C. Spyware

  D. Phishing

  Correct Answer: A

  Wildfire verdictions are as follow1-Begnin2-Greyware3-Mallicious4-Phishing https://www.paloaltonetworks.com/documentation/80/wildfire/wf_admin/wildfire- overview/wildfire-concepts/verdicts The sample does not pose a direct security threat, but might display otherwise obtrusive behavior. Grayware typically includes adware, spyware, and Browser Helper Objects (BHOs)

• Question 547:

  

  At which stage of the cyber-attack lifecycle would the attacker attach an infected PDF file to an email?

  A. exploitation

  B. IP command and control

  C. delivery

  D. reconnaissance

  Correct Answer: D

• Question 548:

  A bootstrap USB flash drive has been prepared using a Windows workstation to load the initial configuration of a Palo Alto Networks firewall that was previously being used in a lab. The USB flash drive was formatted using file system FAT32 and the initial configuration is stored in a file named init-cfg txt. The firewall is currently running PAN-OS 10.0 and using a lab config The contents of init-cfg txi in the USB flash drive are as follows:

  

  The USB flash drive has been inserted in the firewalls' USB port, and the firewall has been restarted using command:> request resort system Upon restart, the firewall fails to begin the bootstrapping process. The failure is caused because

  A. Firewall must be in factory default state or have all private data deleted for bootstrapping

  B. The hostname is a required parameter, but it is missing in init-cfg txt

  C. The USB must be formatted using the ext3 file system, FAT32 is not supported

  D. PANOS version must be 91.x at a minimum but the firewall is running 10.0.x

  E. The bootstrap.xml file is a required file but it is missing

  Correct Answer: A

  https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall-administration/bootstrap-the-firewall/bootstrap-a-firewall-using-a-usb-flash-drive.html#id8378007f-d6e5-4f2d-84a4-5d50b0b3ad7d

• Question 549:

  What are two benefits of nested device groups in Panorama? (Choose two.)

  A. Reuse of the existing Security policy rules and objects

  B. Requires configuring both function and location for every device

  C. All device groups inherit settings form the Shared group

  D. Overwrites local firewall configuration

  Correct Answer: AC

  Creation of a device group hierarchy enables you to organize firewalls based on common policy requirements without redundant configuration. When you create objects for use in shared or device group policy once and use them many times, you reduce administrative overhead and ensure consistency across firewall policies.

• Question 550:

  An administrator wants multiple web servers in the DMZ to receive connections initiated from the internet. Traffic destined for 206.15.22.9 port 80/TCP needs to be forwarded to the server at 10.1.1.22

  

  Based on the information shown in the image, which NAT rule will forward web-browsing traffic correctly?

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: C

  NAT zones are just whatever interface traffic is going to. The source (the big cloud internet) is obviously internet, and the destination zone is the internet facing interface of the firewall, so the destination is also internet. It then is translated into an IP that the internal network can read.