Palo Alto Networks PCNSE Online Practice Questions and Exam Preparation

Palo Alto Networks PCNSE Online Questions & Answers

• Question 741:

  What are two prerequisites for configuring a pair of Palo Alto Networks firewalls in an active/passive High Availability (HA) pair? (Choose two.)

  A. The firewalls must have the same set of licenses.
  B. The management interfaces must to be on the same network.
  C. The peer HA1 IP address must be the same on both firewalls.
  D. HA1 should be connected to HA1. Either directly or with an intermediate Layer 2 device.
  A. The firewalls must have the same set of licenses.
  D. HA1 should be connected to HA1. Either directly or with an intermediate Layer 2 device.

  ---

  Explanation

• Question 742:

  Which tool can gather information about the application patterns when defining a signature for a custom application?

  A. Policy Optimizer
  B. Data Filtering Log
  C. Wireshark
  D. Expedition
  C. Wireshark

  ---

  Explanation

  Wireshark (Option C) is a packet capture tool that provides detailed application traffic patterns (e.g., ports, protocols, payloads), essential for defining custom application signatures in PAN-OS.

  PAN-OS 11.2 Administrator's Guide, "App-ID" section -Creating Custom Applications.

• Question 743:

  The UDP-4501 protocol-port is used between which two GlobalProtect components?

  A. GlobalProtect app and GlobalProtect gateway
  B. GlobalProtect portal and GlobalProtect gateway
  C. GlobalProtect app and GlobalProtect satellite
  D. GlobalProtect app and GlobalProtect portal
  A. GlobalProtect app and GlobalProtect gateway

  ---

  Explanation

  UDP 4501 Used for IPSec tunnel connections between GlobalProtect apps and gateways. https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall-administration/reference-port-number-usage/ports-used-for-globalprotect.html

• Question 744:

  A customer is replacing their legacy remote access VPN solution The current solution is in place to secure internet egress and provide access to resources located in the main datacenter for the connected clients.

  Prisma Access has been selected to replace the current remote access VPN solution. During onboarding the following options and licenses were selected and enabled.

  

  What must be configured on Prisma Access to provide connectivity to the resources in the datacenter?

  A. Configure a mobile user gateway in the region closest to the datacenter to enable connectivity to the datacenter
  B. Configure a remote network to provide connectivity to the datacenter
  C. Configure Dynamic Routing to provide connectivity to the datacenter
  D. Configure a service connection to provide connectivity to the datacenter
  B. Configure a remote network to provide connectivity to the datacenter

  ---

  Explanation

• Question 745:

  Which three items are import considerations during SD-WAN configuration planning? (Choose three.)

  A. link requirements
  B. the name of the ISP
  C. IP Addresses
  D. branch and hub locations
  A. link requirements
  C. IP Addresses
  D. branch and hub locations

  ---

  Explanation

  https://docs.paloaltonetworks.com/sd-wan/1-0/sd-wan-admin/sd-wan-overview/plan-sd-wan-configuration

• Question 746:

  Exhibit:

  

  What will be the egress interface if the traffic's ingress interface is ethernet1/6 sourcing from 192.168.111.3 and to the destination 10.46.41.113 during the time shown in the image?

  A. ethernet1/7
  B. ethernet1/5
  C. ethernet1/6
  D. ethernet1/3
  D. ethernet1/3

  ---

  Explanation

• Question 747:

  In High Availability, which information is transferred via the HA data link?

  A. session information
  B. heartbeats
  C. HA state information
  D. User-ID information
  A. session information

  ---

  Explanation

  https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/high-availability/ha-links-and-backup-links

• Question 748:

  Which two profiles should be configured when sharing tags from threat logs with a remote User-ID agent? (Choose two.)

  A. Log Ingestion
  B. HTTP
  C. Log Forwarding
  D. LDAP
  B. HTTP
  C. Log Forwarding

  ---

  Explanation

  Threat logs, create a log forwarding profile to define how you want the firewall or Panorama to handle logs. Configure an HTTP server profile to forward logs to a remote User-ID agent. Select the log forwarding profile you created then select this server profile as the HTTP server profile https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/policy/use-auto-tagging-to-automate-security-actions

• Question 749:

  Which three options does the WF-500 appliance support for local analysis? (Choose three)

  A. E-mail links
  B. APK files
  C. jar files
  D. PNG files
  E. Portable Executable (PE) files
  A. E-mail links
  C. jar files
  E. Portable Executable (PE) files

  ---

  Explanation

• Question 750:

  An administrator needs to identify which NAT policy is being used for internet traffic.

  From the GUI of the firewall, how can the administrator identify which NAT policy is in use for a traffic flow?

  A. From the Monitor tab, click Traffic view and review the information in the detailed log view.
  B. From the Monitor tab, click Traffic view, ensure that the Source or Destination NAT columns are included and review the information in the detailed log view.
  C. From the Monitor tab, click App Scope > Network Monitor and filter the report for NAT rules.
  D. From the Monitor tab, click Session Browser and review the session details.
  D. From the Monitor tab, click Session Browser and review the session details.

  ---

  Explanation