An administrator creates an SSL decryption rule decrypting traffic on all ports. The administrator also creates a Security policy rule allowing only the applications DNS, SSL, and web-browsing. The administrator generates three encrypted
BitTorrent connections and checks the Traffic logs. There are three entries. The first entry shows traffic dropped as application Unknown. The next two entries show traffic allowed as application SSL.
Which action will stop the second and subsequent encrypted BitTorrent connections from being allowed as SSL?
A. Create a decryption rule matching the encrypted BitTorrent traffic with action "No-Decrypt," and place the rule at the top of the Decryption policy.
B. Create a Security policy rule that matches application "encrypted BitTorrent" and place the rule at the top of the Security policy.
C. Disable the exclude cache option for the firewall.
D. Create a Decryption Profile to block traffic using unsupported cyphers, and attach the profile to the decryption rule.
Which option is part of the content inspection process?
A. Packet forwarding process
B. SSL Proxy re-encrypt
C. IPsec tunnel encryption
D. Packet egress process
In a virtual router, which object contains all potential routes?
A. MIB
B. RIB
C. SIP
D. FIB
An administrator needs to upgrade a Palo Alto Networks NGFW to the most current version of PAN- OS?software. The firewall has internet connectivity through an Ethernet interface, but no internet connectivity from the management
interface. The Security policy has the default security rules and a rule that allows all web-browsing traffic from any to any zone.
What must the administrator configure so that the PAN-OS?software can be upgraded?
A. Security policy rule
B. CRL
C. Service route
D. Scheduler
Which feature prevents the submission of corporate login information into website forms?
A. Data filtering
B. User-ID
C. File blocking
D. Credential phishing prevention
An administrator has users accessing network resources through Citrix XenApp 7 x.
Which User-ID mapping solution will map multiple users who are using Citrix to connect to the network and access resources?
A. Client Probing
B. Terminal Services agent
C. GlobalProtect
D. Syslog Monitoring
If the firewall is configured for credential phishing prevention using the "Domain Credential Filter" method, which login will be detected as credential theft?
A. Mapping to the IP address of the logged-in user.
B. First four letters of the username matching any valid corporate username.
C. Using the same user's corporate username and password.
D. Marching any valid corporate username.
A client is concerned about resource exhaustion because of denial-of-service attacks against their DNS servers. Which option will protect the individual servers?
A. Enable packet buffer protection on the Zone Protection Profile.
B. Apply an Anti-Spyware Profile with DNS sinkholing.
C. Use the DNS App-ID with application-default.
D. Apply a classified DoS Protection Profile.
Which three authentication services can administrator use to authenticate admins into the Palo Alto Networks NGFW without defining a corresponding admin account on the local firewall? (Choose three.)
A. Kerberos
B. PAP
C. SAML
D. TACACS+
E. RADIUS
F. LDAP
Which event will happen if an administrator uses an Application Override Policy?
A. Threat-ID processing time is decreased.
B. The Palo Alto Networks NGFW stops App-ID processing at Layer 4.
C. The application name assigned to the traffic by the security rule is written to the Traffic log.
D. App-ID processing time is increased.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Palo Alto Networks exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PCNSE8 exam preparations and Palo Alto Networks certification application, do not hesitate to visit our Vcedump.com to find your solutions here.