Practice Exams:

Free PCNSE Exam Braindumps

Pass your Palo Alto Networks Certified Security Engineer (PCNSE)PAN-OS 9.0 exam with these free Questions and Answers

Page 7 of 18
PDF with 89 Questions
QUESTION 26

An engineer needs to configure SSL Forward Proxy to decrypt traffic on a PA-5260. The engineer uses a forward trust certificate from the enterprise PKI that expires December 31, 2025. The validity date on the PA-generated certificate is taken from what?

  1. A. The trusted certificate
  2. B. The server certificate
  3. C. The untrusted certificate
  4. D. The root CA

Correct Answer: B

QUESTION 27

An engineer is bootstrapping a VM-Series Firewall Other than the 'config folder, which three directories are mandatory as part of the bootstrap package directory structure? (Choose three.)

  1. A. /software
  2. B. /opt
  3. C. /license
  4. D. /content
  5. E. /plugins

Correct Answer: AD

QUESTION 28

An administrator creates an application-based security policy rule and commits the change to the firewall. Which two methods should be used to identify the dependent applications for the respective rule? (Choose two.)

  1. A. Use the show predefined xpath <value> command and review the output.
  2. B. Review the App Dependency application list from the Commit Status view.
  3. C. Open the security policy rule and review the Depends On application list.
  4. D. Reference another application group containing similar applications.

Correct Answer: AB

QUESTION 29

An engineer is configuring Packet Buffer Protection on ingress zones to protect from single-session DoS attacks Which sessions does Packet Buffer Protection apply to?

  1. A. It applies to existing sessions and is not global
  2. B. It applies to new sessions and is global
  3. C. It applies to new sessions and is not global
  4. D. It applies to existing sessions and is global

Correct Answer: D

QUESTION 30

What are two best practices for incorporating new and modified App-IDs? (Choose two.)

  1. A. Run the latest PAN-OS version in a supported release tree to have the best performance for the new App-IDs
  2. B. Configure a security policy rule to allow new App-IDs that might have network-wide impact
  3. C. Perform a Best Practice Assessment to evaluate the impact of the new or modified App-IDs
  4. D. Study the release notes and install new App-IDs if they are determined to have low impact

Correct Answer: BD
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/app-id/manage-new-app-ids-introduced-in-content

Page 7 of 18
PDF with 89 Questions

Post your Comments and Discuss Paloalto-Networks PCNSE exam with other Community members: