Palo Alto Networks Palo Alto Networks Certifications PCNSE Questions & Answers

• Question 561:

  An administrator sees several inbound sessions identified as unknown-tcp in the traffic logs. The administrator determines that these sessions are from external users accessing the company's proprietary accounting application. The administrator wants to reliably identify this as their accounting application and to scan this traffic for threats. Which option would achieve this result?

  A. Create an Application Override policy and a custom threat signature for the application

  B. Create an Application Override policy

  C. Create a custom App-ID and use the "ordered conditions" check box

  D. Create a custom App ID and enable scanning on the advanced tab

  Correct Answer: D

• Question 562:

  Which operation will impact the performance of the management plane?

  A. WildFire Submissions

  B. Enabling DoS Protection

  C. Decrypting SSL Sessions

  D. Generating a SaaS Application Report.

  Correct Answer: D

  According to the Palo Alto Networks documentation, generating a SaaS Application report can impact the performance of the management plane because it requires querying and processing a large amount of log data. Therefore, the correct

  answer is B.

  The other options are not related to the management plane performance:

  Decrypting SSL sessions: This option affects the data plane performance, not the management plane performance. Decrypting SSL sessions consumes CPU resources on the data plane, which handles traffic processing and security

  enforcement.

  Enabling DoS protection: This option also affects the data plane performance, not the management plane performance. Enabling DoS protection allows the firewall to detect and prevent denial-of-service (DoS) attacks by monitoring and

  limiting the rate of sessions and packets.

  Enabling packet buffer protection: This option also affects the data plane performance, not the management plane performance. Enabling packet buffer protection allows the firewall to monitor and control the packet buffer usage on each

  interface to prevent buffer exhaustion and packet drops.

  References:

  https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/monitoring/use-the-application-command-center-acc/acc-saas-applications https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/decryption/decryption-concepts/howdecryption-works

  https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/threat-prevention/prevent-denial-of-service-dos-attacks

  https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/networking/configure-packet-buffer-protection

• Question 563:

  Which prerequisite must be satisfied before creating an SSH proxy Decryption policy?

  A. Both SSH keys and SSL certificates must be generated.

  B. No prerequisites are required.

  C. SSH keys must be manually generated.

  D. SSL certificates must be generated.

  Correct Answer: B

  Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan- os/decryption/configure-ssh-proxy

  "In an SSH Proxy configuration, the firewall resides between a client and a server. SSH Proxy enables the firewall to decrypt inbound and outbound SSH connections and ensures that attackers don't use SSH to tunnel unwanted applications and content. SSH decryption does not require certificates and the firewall automatically generates the key used for SSH decryption when the firewall boots up."

• Question 564:

  Which item enables a firewall administrator to see details about traffic that is currently active through the NGFW?

  A. ACC

  B. System Logs

  C. App Scope

  D. Session Browser

  Correct Answer: D

• Question 565:

  Which tool provides an administrator the ability to see trends in traffic over periods of time, such as threats detected in the last 30 days?

  A. Session Browser

  B. Application Command Center

  C. TCP Dump

  D. Packet Capture

  Correct Answer: B

  Reference: https://live.paloaltonetworks.com/t5/Management-Articles/Tips-amp-Tricks- How-to-Use-the-Application-Command-Center- ACC/ta-p/67342

  The Application Command Center (ACC) page visually depicts trends and a historic view of traffic on your network. It displays the overall risk level for all network traffic, the risk levels and number of threats detected for the most active and highest-risk applications on your network, and the number of threats detected from the busiest application categories and from all applications at each risk level. The ACC can be viewed for the past hour, day, week, month, or any custom-defined time frame.

• Question 566:

  In a virtual router, which object contains all potential routes?

  A. MIB

  B. RIB

  C. SIP

  D. FIB

  Correct Answer: B

  https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/networking/virtual-routers

• Question 567:

  What is exchanged through the HA2 link?

  A. hello heartbeats

  B. User-ID information

  C. session synchronization

  D. HA state information

  Correct Answer: C

  Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/high- availability/ha-links-and-backup-links

  "Data Link--The HA2 link is used to synchronize sessions, forwarding tables, IPSec security associations and ARP tables between devices in an HA pair. Data flow on the HA2 link is always unidirectional (except for the HA2 keep-alive); it flows from the active device to the passive device." https://docs.paloaltonetworks.com/vm-series/9-0/vm-series- deployment/set-up-the-vm-series-firewall-on-aws/high-availability-for-vm-series-firewall-on- aws/ha- links#:~:text=%E2%80% 94The%20HA1%20link%20is%20used,port%20is%20used%20for %20HA1

• Question 568:

  Which two settings can be configured only locally on the firewall and not pushed from a Panorama template or template stack? (Choose two)

  A. HA1 IP Address

  B. Network Interface Type

  C. Master Key

  D. Zone Protection Profile

  Correct Answer: AC

  https://docs.paloaltonetworks.com/panorama/7-1/panorama-admin/manage- firewalls/template-capabilities-and-exceptions.html# You can use Templates and Template Stacks to define a wide array of settings but you can perform the

  following tasks only locally on each managed firewall:

  Configure a device block list.

  Clear logs.

  Enable operational modes such as normal mode, multi-vsys mode, or FIPS-CC mode. Configure the IP addresses of firewalls in an HA pair.

  Configure a master key and diagnostics.

  Compare configuration files (Config Audit).

  Renaming a vsys on a multi-vsys firewall.

• Question 569:

  An administrator wants to upgrade an NGFW from PAN-OS 9.0 to PAN-OS 10.0. The firewall is not a part of an HA pair. What needs to be updated first?

  A. XML Agent

  B. Applications and Threats

  C. WildFire

  D. PAN-OS Upgrade Agent

  Correct Answer: B

  https://www.paloaltonetworks.com/documentation/80/pan-os/newfeaturesguide/upgrade-to- pan-os-80/upgrade-the-firewall-to-pan-os-80/upgrade-a-firewall-to-pan-os-80

• Question 570:

  An administrator has users accessing network resources through Citrix XenApp 7 x. Which User-ID mapping solution will map multiple users who are using Citrix to connect to the network and access resources?

  A. Client Probing

  B. Terminal Services agent

  C. GlobalProtect

  D. Syslog Monitoring

  Correct Answer: B

  https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/user-id/map-ip-addresses-to-users