Palo Alto Networks Palo Alto Networks Certifications PCNSE8 Questions & Answers

• Question 201:

  An administrator logs in to the Palo Alto Networks NGFW and reports that the WebUI is missing the Policies tab. Which profile is the cause of the missing Policies tab?

  A. Admin Role

  B. WebUI

  C. Authentication

  D. Authorization

  Correct Answer: A

• Question 202:

  An administrator has left a firewall to use the default port for all management services. Which three functions are performed by the dataplane? (Choose three.)

  A. WildFire updates

  B. NAT

  C. NTP

  D. antivirus

  E. File blocking

  Correct Answer: ABC

• Question 203:

  Which three settings are defined within the Templates object of Panorama? (Choose three.)

  A. Setup

  B. Virtual Routers

  C. Interfaces

  D. Security

  E. Application Override

  Correct Answer: ADE

• Question 204:

  An administrator needs to determine why users on the trust zone cannot reach certain websites. The only information available is shown on the following image. Which configuration change should the administrator make?

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  E. Option E

  Correct Answer: B

• Question 205:

  Refer to the exhibit.

  

  An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the specific server based on the application, where Host A (10.1.1.100) receives HTTP traffic and Host B (10.1.1.101) receives SSH traffic.

  Which two Security policy rules will accomplish this configuration? (Choose two.)

  A. Untrust (Any) to Untrust (10.1.1.1), web-browsing -Allow

  B. Untrust (Any) to Untrust (10.1.1.1), ssh -Allow

  C. Untrust (Any) to DMZ (10.1.1.1), web-browsing -Allow

  D. Untrust (Any) to DMZ (10.1.1.1), ssh llow

  E. Untrust (Any) to DMZ (10.1.1.100.10.1.1.101), ssh, web-browsing -Allow

  Correct Answer: CD

• Question 206:

  An administrator needs to optimize traffic to prefer business-critical applications over non-critical applications. QoS natively integrates with which feature to provide service quality?

  A. Port Inspection

  B. Certificate revocation

  C. Content-ID

  D. App-ID

  Correct Answer: D

  Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/quality-of- service/qos-for-applications-and-users

• Question 207:

  A session in the Traffic log is reporting the application as "incomplete." What does "incomplete" mean?

  A. The three-way TCP handshake was observed, but the application could not be identified.

  B. The three-way TCP handshake did not complete.

  C. The traffic is coming across UDP, and the application could not be identified.

  D. Data was received but was instantly discarded because of a Deny policy was applied before App-ID could be applied.

  Correct Answer: B

• Question 208:

  How would an administrator monitor/capture traffic on the management interface of the Palo Alto Networks NGFW?

  A. Use the debug dataplane packet-diag set capture stage firewall file command.

  B. Enable all four stages of traffic capture (TX, RX, DROP, Firewall).

  C. Use the debug dataplane packet-diag set capture stage management file command.

  D. Use the tcpdump command.

  Correct Answer: D

  Reference: https://live.paloaltonetworks.com/t5/Learning-Articles/How-to-Run-a-Packet- Capture/ta-p/62390

• Question 209:

  Which method does an administrator use to integrate all non-native MFA platforms in PAN-OS? software?

  A. Okta

  B. DUO

  C. RADIUS

  D. PingID

  Correct Answer: C

• Question 210:

  A global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck near the User-ID agent server. Which solution in PAN-OS?software would help in this case?

  A. Application override

  B. Redistribution of user mappings

  C. Virtual Wire mode

  D. Content inspection

  Correct Answer: B