Free PCNSE Exam Braindumps

The Aggregate Ethernet interface is showing down on a passive PA-7050 firewall of an active/passive HA pair. The HA Passive Link State is set to "Auto" under Device > High Availability > General > Active/Passive Settings. The AE interface is configured with LACP enabled and is up only on the active firewall.
Why is the AE interface showing down on the passive firewall?

1. A. It does not perform pre-negotiation LACP unless "Enable in HA Passive State" is selected under the High Availability Options on the LACP tab of the AE Interface.
2. B. It does not participate in LACP negotiation unless Fast Failover is selected under the Enable LACP selection on the LACP tab of the AE Interface.
3. C. It participates in LACP negotiation when Fast is selected for Transmission Rate under the Enable LACP selection on the LACP tab of the AE Interface.
4. D. It performs pre-negotiation of LACP when the mode Passive is selected under the Enable LACP selection on the LACP tab of the AE Interface.

Correct Answer: A

An administrator discovers that a file blocked by the WildFire inline ML feature on the firewall is a false-positive action. How can the administrator create an exception for this particular file?

1. A. Add partial hash and filename in the file section of the WildFire inline ML tab of the Antivirus profile.
2. B. Set the WildFire inline ML action to allow for that protocol on the Antivirus profile.
3. C. Add the related Threat ID in the Signature exceptions tab of the Antivirus profile.
4. D. Disable the WildFire profile on the related Security policy.

Correct Answer: A

What best describes the HA Promotion Hold Time?

1. A. the time that is recommended to avoid an HA failover due to the occasional flapping of neighboring devices
2. B. the time that is recommended to avoid a failover when both firewalls experience the same link/path monitor failure simultaneously
3. C. the time that the passive firewall will wait before taking over as the active firewall after communications with the HA peer have been lost
4. D. the time that a passive firewall with a low device priority will wait before taking over as the active firewall if the firewall is operational again

Correct Answer: C

You need to allow users to access the office-suite applications of their choice. How should you configure the firewall to allow access to any office-suite application?

1. A. Create an Application Group and add Office 365, Evernote Google Docs and Libre Office
2. B. Create an Application Group and add business-systems to it.
3. C. Create an Application Filter and name it Office Programs, then filter it on the office programs subcategory.
4. D. Create an Application Filter and name it Office Programs then filter on the business-systems category.

Correct Answer: C

An enterprise information Security team has deployed policies based on AD groups to restrict user access to critical infrastructure systems However a recent phisning campaign against the organization has prompted Information Security to look for more controls that can secure access to critical assets For users that need to access these systems Information Security wants to use PAN-OS multi-factor authentication (MFA) integration to enforce MFA.
What should the enterprise do to use PAN-OS MFA1?

1. A. Configure a Captive Porta1 authentication policy that uses an authentication profile that references a RADIUS profile
2. B. Create an authentication profile and assign another authentication factor to be used by a Captive Portal authentication policy
3. C. Configure a Captive Portal authentication policy that uses an authentication sequence
4. D. Use a Credential Phishing agent to detect prevent and mitigate credential phishing campaigns

Correct Answer: C