Free PCNSE Exam Braindumps

An administrator needs to build Security rules in a Device Group that allow traffic to specific users and groups defined in Active Directory
What must be configured in order to select users and groups for those rules from Panorama?

1. A. The Security rules must be targeted to a firewall in the device group and have Group Mapping configured
2. B. A master device with Group Mapping configured must be set in the device group where the Security rules are configured
3. C. User-ID Redistribution must be configured on Panorama to ensure that all firewalls have the same mappings
4. D. A User-ID Certificate profile must be configured on Panorama

Correct Answer: B

Review the images.

A firewall policy that permits web traffic includes the
What is the result of traffic that matches the "Alert - Threats" Profile Match List?

1. A. The source address of SMTP traffic that matches a threat is automatically blocked as BadGuys for 180 minutes.
2. B. The source address of traffic that matches a threat is automatically blocked as BadGuys for 180 minutes.
3. C. The source address of traffic that matches a threat is automatically tagged as BadGuys for 180 minutes.
4. D. The source address of SMTP traffic that matches a threat is automatically tagged as BadGuys for 180 minutes.

Correct Answer: D

A network security engineer must implement Quality of Service policies to ensure specific levels of delivery guarantees for various applications in the environment They want to ensure that they know as much as they can about QoS before deploying.
Which statement about the QoS feature is correct?

1. A. QoS is only supported on firewalls that have a single virtual system configured
2. B. QoS can be used in conjunction with SSL decryption
3. C. QoS is only supported on hardware firewalls
4. D. QoS can be used on firewalls with multiple virtual systems configured

Correct Answer: D

An administrator is attempting to create policies tor deployment of a device group and template stack. When creating the policies, the zone drop down list does not include the required zone.
What must the administrator do to correct this issue?

1. A. Specify the target device as the master device in the device group
2. B. Enable "Share Unused Address and Service Objects with Devices" in Panorama settings
3. C. Add the template as a reference template in the device group
4. D. Add a firewall to both the device group and the template

Correct Answer: D

A web server is hosted in the DMZ and the server is configured to listen for incoming connections on TCP port 443 A Security policies rules allowing access from the Trust zone to the DMZ zone needs to be configured to allow web-browsing access. The web server hosts its contents over HTTP(S). Traffic from Trust to DMZ is being decrypted with a Forward Proxy rule.
Which combination of service and application, and order of Security policy rules, needs to be configured to allow cJeartext web-browsing traffic to this server on tcp/443?

1. A. Rule #1 application: web-browsing; service application-default; action: allow Rule #2- application: ssl; service: application-default; action: allow
2. B. Rule #1: application; web-browsing; service: service-https; action: allow Rule #2 application: ssl; service: application-default, action: allow
3. C. Rule #1: application: web-browsing; service: service-http; action: allow Rule #2: application: ssl; service: application-default; action: allow
4. D. Rule tf1 application: ssl; service: application-default; action: allow Rule #2 application; web-browsing; service application-default; action: allow

Correct Answer: B