Practice Exams:

Free PCNSE Exam Braindumps

Pass your Palo Alto Networks Certified Security Engineer (PCNSE)PAN-OS 9.0 exam with these free Questions and Answers

Page 6 of 18
PDF with 89 Questions
QUESTION 21

A user at an internal system queries the DNS server for their web server with a private IP of 10 250 241 131 in the. The DNS server returns an address of the web server's public address, 200.1.1.10.
In order to reach the web server, which security rule and U-Turn NAT rule must be configured on the firewall?
PCNSE dumps exhibit
A)
PCNSE dumps exhibit
B)
PCNSE dumps exhibit
C)
PCNSE dumps exhibit
D)
PCNSE dumps exhibit

  1. A. Option A
  2. B. Option B
  3. C. Option C
  4. D. Option D

Correct Answer: A

QUESTION 22

What is the best description of the HA4 Keep-Alive Threshold (ms)?

  1. A. the maximum interval between hello packets that are sent to verify that the HA functionality on the other firewall is operational.
  2. B. The time that a passive or active-secondary firewall will wait before taking over as the active or active-primary firewall
  3. C. the timeframe within which the firewall must receive keepalives from a cluster member to know that the cluster member is functional.
  4. D. The timeframe that the local firewall wait before going to Active state when another cluster member is preventing the cluster from fully synchronizing.

Correct Answer: C

QUESTION 23

An engineer wants to configure aggregate interfaces to increase bandwidth and redundancy between the firewall and switch. Which statement is correct about the configuration of the interfaces assigned to an aggregate interface group?

  1. A. They can have a different bandwidth.
  2. B. They can have a different interface type such as Layer 3 or Layer 2.
  3. C. They can have a different interface type from an aggregate interface group.
  4. D. They can have different hardware media such as the ability to mix fiber optic and copper.

Correct Answer: C

QUESTION 24

A company wants to install a PA-3060 firewall between two core switches on a VLAN trunk link. They need to assign each VLAN to its own zone and to assign untagged (native) traffic to its own zone which options differentiates multiple VLAN into separate zones?

  1. A. Create V-Wire objects with two V-Wire interfaces and define a range of "0-4096 in the "Tag Allowed" field of the V-Wire object.
  2. B. Create V-Wire objects with two V-Wire subinterfaces and assign only a single VLAN ID to the Tag Allowed" field of the V-Wire objec
  3. C. Repeat for every additional VLAN and use a VLAN ID of 0 for untagged traffi
  4. D. Assign each interface/sub interface to a unique zone.
  5. E. Create Layer 3 subinterfaces that are each assigned to a single VLAN ID and a common virtual router.The physical Layer 3 interface would handle untagged traffi
  6. F. Assign each interface/subinterface t
  7. G. unique zon
  8. H. Do not assign any interface an IP address.
  9. I. Create VLAN objects for each VLAN and assign VLAN interfaces matching each VLAN I
  10. J. Repeat for every additional VLAN and use a VLAN ID of 0 for untagged traffi
  11. K. Assign each interface/sub interface to a unique zone.

Correct Answer: B
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/networking/configure-interfaces/virtual-wire-interfa Virtual wire interfaces by default allow all untagged traffic. You can, however, use a virtual wire to connect two interfaces and configure either interface to block or allow traffic based on the virtual LAN (VLAN) tags. VLAN tag 0 indicates untagged traffic.You can also create multiple subinterfaces, add them into different zones, and then classify traffic according to a VLAN tag or a combination of a VLAN tag with IP classifiers (address, range, or subnet) to apply granular policy control for specific VLAN tags or for VLAN tags from a specific source IP address, range, or subnet.

QUESTION 25

How would an administrator configure a Bidirectional Forwarding Detection profile for BGP after enabling the Advance Routing Engine run on PAN-OS 10.2?

  1. A. create a BFD profile under Network > Network Profiles > BFD Profile and then select the BFD profile under Network > Virtual Router > BGP > BFD
  2. B. create a BFD profile under Network > Routing > Routing Profiles > BFD and then select the BFD profile under Network > Virtual Router > BGP > General > Global BFD Profile
  3. C. create a BFD profile under Network > Routing > Routing Profiles > BFD and then select the BFD profile under Network > Routing > Logical Routers > BGP > General > Global BFD Profile
  4. D. create a BFD profile under Network > Network Profiles > BFD Profile and then select the BFD profile under Network > Routing > Logical Routers > BGP > BFD

Correct Answer: B

Page 6 of 18
PDF with 89 Questions

Post your Comments and Discuss Paloalto-Networks PCNSE exam with other Community members: