Free PCNSE Exam Braindumps

An engineer discovers the management interface is not routable to the User-ID agent What configuration is needed to allow the firewall to communicate to the User-ID agent?

1. A. Create a NAT policy for the User-ID agent server
2. B. Add a Policy Based Forwarding (PBF) policy to the User-ID agent IP
3. C. Create a custom service route for the UID Agent
4. D. Add a static route to the virtual router

Correct Answer: C
To allow the firewall to communicate with the User-ID agent, you need to configure a custom service route f the UID Agent23. A custom service route allows you to specify which interface and source IP address the firewall uses to connect to a specific destination service. By default, the firewall uses its management interface for services such as User-ID, but you can override this behavior by creating a custom service route.
To configure a custom service route for the UID Agent, you need to do the following steps:
Go to Device > Setup > Services and click Service Route Configuration.
In the Service column, select User-ID Agent from the drop-down list.
In the Interface column, select an interface that can reach the User-ID agent server from the drop-down list.
In the Source Address column, select an IP address that belongs to that interface from the drop-down list.
Click OK and Commit your changes.
The correct answer is C. Create a custom service route for UID Agent

What can be used to create dynamic address groups?

1. A. dynamic address
2. B. region objects
3. C. tags
4. D. FODN addresses

Correct Answer: C

Given the following snippet of a WildFire submission log. did the end-user get access to the requested information and why or why not?

1. A. Ye
2. B. because the action is set to "allow ''
3. C. No because WildFire categorized a file with the verdict "malicious"
4. D. Yes because the action is set to "alert"
5. E. No because WildFire classified the seventy as "high."

Correct Answer: A

An engineer needs to see how many existing SSL decryption sessions are traversing a firewall What command should be used?

1. A. show dataplane pool statistics I match proxy
2. B. debug dataplane pool statistics I match proxy
3. C. debug sessions I match proxy
4. D. show sessions all

Correct Answer: B

The same route appears in the routing table three times using three different protocols Which mechanism determines how the firewall chooses which route to use?

1. A. Administrative distance
2. B. Round Robin load balancing
3. C. Order in the routing table
4. D. Metric

Correct Answer: A
Administrative distance is the measure of trustworthiness of a routing protocol. It is used to determine the best path when multiple routes to the same destination exist. The route with the lowest administrative distance is chosen as the best route.
When the same route appears in the routing table three times using three different protocols, the mechanism that determines which route the firewall chooses to use is the administrative distance. This is explained in the Palo Alto Networks PCNSE Study Guide in Chapter 6: Routing, under the section "Route Selection":
"Administrative distance is a value assigned to each protocol that the firewall uses to determine which route to use if multiple protocols provide routes to the same destination. The route with the lowest administrative distance is preferred."