CertsTopics Logo

Month End Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Palo Alto Certifications and Accreditations PCNSE Paloalto Networks Study Notes

Page: 16 / 25
Total 334 questions
Get PCNSE Full Access Download PCNSE PDF

Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0 Questions and Answers

Question 61

Review the images. A firewall policy that permits web traffic includes the global-logs policy is depicted

What is the result of traffic that matches the "Alert - Threats" Profile Match List?

Options:

A.

The source address of SMTP traffic that matches a threat is automatically blocked as BadGuys for 180 minutes.

B.

The source address of traffic that matches a threat is automatically blocked as BadGuys for 180 minutes.

C.

The source address of traffic that matches a threat is automatically tagged as BadGuys for 180 minutes.

D.

The source address of SMTP traffic that matches a threat is automatically tagged as BadGuys for 180 minutes.

Question 62

An administrator has been tasked with configuring decryption policies,

Which decryption best practice should they consider?

Options:

A.

Consider the local, legal, and regulatory implications and how they affect which traffic can be decrypted.

B.

Decrypt all traffic that traverses the firewall so that it can be scanned for threats.

C.

Place firewalls where administrators can opt to bypass the firewall when needed.

D.

Create forward proxy decryption rules without Decryption profiles for unsanctioned applications.

Question 63

An administrator is troubleshooting why video traffic is not being properly classified.

If this traffic does not match any QoS classes, what default class is assigned?

Options:

A.

1

B.

2

C.

3

D.

4

Question 64

An enterprise Information Security team has deployed policies based on AD groups to restrict user access to critical infrastructure systems. However, a recent phishing campaign against the organization has prompted Information Security to look for more controls that can secure access to critical assets. For users that need to access these systems. Information Security wants to use PAN-OS multi-factor authentication (MFA) integration to enforce MFA.

What should the enterprise do to use PAN-OS MFA?

Options:

A.

Configure a Captive Portal authentication policy that uses an authentication sequence.

B.

Configure a Captive Portal authentication policy that uses an authentication profile that references a RADIUS profile.

C.

Create an authentication profile and assign another authentication factor to be used by a Captive Portal authentication policy.

D.

Use a Credential Phishing agent to detect, prevent, and mitigate credential phishing campaigns.

Page: 16 / 25
Total 334 questions
Get PCNSE Full Access Download PCNSE PDF