Practice Exams:

Free PCNSE Exam Braindumps

Pass your Palo Alto Networks Certified Security Engineer (PCNSE)PAN-OS 9.0 exam with these free Questions and Answers

Page 8 of 18
PDF with 89 Questions
QUESTION 31

An engineer is designing a deployment of multi-vsys firewalls.
What must be taken into consideration when designing the device group structure?

  1. A. Multiple vsys and firewalls can be assigned to a device group, and a multi-vsys firewall must have all its vsys in a single device group.
  2. B. Only one vsys or one firewall can be assigned to a device group, except for a multi-vsys firewall, which must have all its vsys in a single device group.
  3. C. Multiple vsys and firewalls can be assigned to a device group, and a multi-vsys firewall can have each vsys in a different device group.
  4. D. Only one vsys or one firewall can be assigned to a device group, and a multi-vsys firewall can have each vsys in a different device group.

Correct Answer: A

QUESTION 32

Cortex XDR notifies an administrator about grayware on the endpoints. There are no entries about grayware in any of the logs of the corresponding firewall. Which setting can the administrator configure on the firewall to log grayware verdicts?

  1. A. within the log forwarding profile attached to the Security policy rule
  2. B. within the log settings option in the Device tab
  3. C. in WildFire General Settings, select "Report Grayware Files"
  4. D. in Threat General Settings, select "Report Grayware Files"

Correct Answer: C

QUESTION 33

Your company occupies one floor in a single building. You have two Active Directory domain controllers on a single network. The firewall's management-plane resources are lightly utilized.
Given the size of this environment, which User-ID collection method is sufficient?

  1. A. Citrix terminal server agent deployed on the network
  2. B. Windows-based agent deployed on each domain controller
  3. C. PAN-OS integrated agent deployed on the firewall
  4. D. a syslog listener

Correct Answer: C

QUESTION 34

Which statement regarding HA timer settings is true?

  1. A. Use the Recommended profile for typical failover timer settings
  2. B. Use the Moderate profile for typical failover timer settings
  3. C. Use the Aggressive profile for slower failover timer settings.
  4. D. Use the Critical profile for faster failover timer settings.

Correct Answer: A

QUESTION 35

When configuring forward error correction (FEC) for PAN-OS SD-WAN, an administrator would turn on the feature inside which type of SD-WAN profile?

  1. A. Certificate profile
  2. B. Path Quality profile
  3. C. SD-WAN Interface profile
  4. D. Traffic Distribution profile

Correct Answer: C

Page 8 of 18
PDF with 89 Questions

Post your Comments and Discuss Paloalto-Networks PCNSE exam with other Community members: