CertsTopics Logo

Weekend Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Palo Alto Certifications and Accreditations PCNSE Exam Dumps

Page: 10 / 26
Total 346 questions
Get PCNSE Full Access Download PCNSE PDF

Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0 Questions and Answers

Question 37

‘SSL Forward Proxy decryption is configured, but the firewall uses Untrusted-CA to sign the website important-website com certificate, End-users are receiving the "security certificate is no: trusted” warning, Without SSL decryption, the web browser shows chat the website certificate is trusted and signet by well-known certificate chain Well-Known-intermediate and Wako Hebe CA Security administrator who represents the customer requires the following two behaviors when SSL Forward Proxy is enabled:

1. End-users must not get the warning for the website.

2. End-users should get the warning for any other untrusted website.

Which approach meets the two customer requirements?

Options:

A.

Install the Well-Known-intermediate-CA and Well:Known Root-CA certificates on all end-user systems in the user and local computer stores:

B.

Clear the Forward Untrust-CA Certificate check box on the Untrusted-CA certificate= and commit the configuration

C.

Navigate to Device > Certificate Management > Certificates > Default Trusted Certificate Authorities, import Well-Known-Intermediate-CA 2nd Well-Known-Root-CA select the Trusted Root CA check box, aid commit the configuration.

D.

Navigate to Device > Certificate Management > Certificates > Device Certificates, import Well-known-Intermediate-CA and Well-Know5-Root-CA, Select the Trusted Root CA check box, and commit the configuration.

Question 38

An engineer is tasked with deploying SSL Forward Proxy decryption for their organization.

What should they review with their leadership before implementation?

Options:

A.

Browser-supported cipher documentation

B.

Cipher documentation supported by the endpoint operating system

C.

URL risk-based category distinctions

D.

Legal compliance regulations and acceptable usage policies

Question 39

For company compliance purposes, three new contractors will be working with different device-groups in their hierarchy to deploy policies and objects.

Which type of role-based access is most appropriate for this project?

Options:

A.

Create a Device Group and Template Admin.

B.

Create a Custom Panorama Admin.

C.

Create a Dynamic Admin with the Panorama Administrator role.

D.

Create a Dynamic Read only superuser.

Question 40

An administrator notices that an interface configuration has been overridden locally on a firewall. They require all configuration to be managed from Panorama and overrides are not allowed. What is one way the administrator can meet this requirement?

Options:

A.

Perform a device-group commit push from Panorama using the "Include Device and Network Templates" option

B.

Perform a template commit push from Panorama using the "Force Template Values" option

C.

Perform a commit force from the CLI of the firewall

D.

Reload the running configuration and perform a firewall local commit

Page: 10 / 26
Total 346 questions
Get PCNSE Full Access Download PCNSE PDF