Practice Exams:

Free PCNSE Exam Braindumps

Pass your Palo Alto Networks Certified Security Engineer (PCNSE)PAN-OS 9.0 exam with these free Questions and Answers

Page 3 of 18
PDF with 89 Questions
QUESTION 6

Which function is handled by the management plane (control plane) of a Palo Alto Networks firewall?

  1. A. signature matching for content inspection
  2. B. IPSec tunnel standup
  3. C. Quality of Service
  4. D. logging

Correct Answer: D

QUESTION 7

Which configuration task is best for reducing load on the management plane?

  1. A. Disable logging on the default deny rule
  2. B. Enable session logging at start
  3. C. Disable pre-defined reports
  4. D. Set the URL filtering action to send alerts

Correct Answer: C

QUESTION 8

Which statement accurately describes service routes and virtual systems?

  1. A. Virtual systems that do not have specific service routes configured inherit the global service and service route settings for the firewall.
  2. B. Virtual systems can only use one interface for all global service and service routes of the firewall.
  3. C. Virtual systems cannot have dedicated service routes configured; and virtual systems always use the global service and service route settings for the firewall.
  4. D. The interface must be used for traffic to the required external services.

Correct Answer: A

QUESTION 9

A firewall engineer creates a new App-ID report under Monitor > Reports > Application Reports > New Application to monitor new applications on the network and better assess any Security policy updates the engineer might want to make.
How does the firewall identify the New App-ID characteristic?

  1. A. It matches to the New App-IDs downloaded in the last 30 days.
  2. B. It matches to the New App-IDs downloaded in the last 90 days
  3. C. It matches to the New App-IDs installed since the last time the firewall was rebooted
  4. D. It matches to the New App-IDs in the most recently installed content releases.

Correct Answer: D
When creating a new App-ID report under Monitor > Reports > Application Reports > New Application, the firewall identifies new applications based on the New App-IDs in the most recently installed content releases. The New App-IDs are the application signatures that have been added in the latest content release, which can be found under Objects > Security Profiles > Application. This allows the engineer to monitor any new applications that have been added to the firewall's database and evaluate whether to allow or block them with a Security policy update.

QUESTION 10

When using certificate authentication for firewall administration, which method is used for authorization?

  1. A. Radius
  2. B. LDAP
  3. C. Kerberos
  4. D. Local

Correct Answer: A

Page 3 of 18
PDF with 89 Questions

Post your Comments and Discuss Paloalto-Networks PCNSE exam with other Community members: