CertsTopics Logo

Month End Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

PCNSE Questions Bank

Page: 2 / 28
Total 374 questions
Get PCNSE Full Access Download PCNSE PDF

Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0 Questions and Answers

Question 5

An administrator has been tasked with configuring decryption policies,

Which decryption best practice should they consider?

Options:

A.

Consider the local, legal, and regulatory implications and how they affect which traffic can be decrypted.

B.

Decrypt all traffic that traverses the firewall so that it can be scanned for threats.

C.

Place firewalls where administrators can opt to bypass the firewall when needed.

D.

Create forward proxy decryption rules without Decryption profiles for unsanctioned applications.

Question 6

A firewall administrator is changing a packet capture filter to troubleshoot a specific traffic flow. Upon opening the newly created packet capture, the administrator still sees traffic for the previous filter.

What can the administrator do to limit the captured traffic to the newly configured filter?

Options:

A.

In the GUI under Monitor > Packet Capture > Manage Filters, under Ingress Interface, select an interface.

B.

Command line: > debug dataplane packet-diag clear filter all

C.

In the GUI under Monitor > Packet Capture > Manage Filters, under the Non-IP field, select "exclude."

D.

Command line: > debug dataplane packet-diag clear filter-marked-session all

Question 7

An administrator is troubleshooting intermittent connectivity problems with a user's GlobalProtect connection. Packet captures at the firewall reveal missing UDP packets, suggesting potential packet loss on the connection. The administrator aims to resolve the issue by enforcing an SSL tunnel over TCP specifically for this user.

What configuration change is necessary to implement this troubleshooting solution for the user?

Options:

A.

Enable SSL tunnel within the GlobalProtect gateway remote user's settings.

B.

Modify the user's client to prioritize UDP traffic for GlobalProtect.

C.

Enable SSL tunnel over TCP in a new agent configuration for the specific user.

D.

Increase the user's VPN bandwidth allocation in the GlobalProtect settings.

Question 8

View the screenshots

A QoS profile and policy rules are configured as shown. Based on this information which two statements are correct?

Options:

A.

SMTP has a higher priority but lower bandwidth than Zoom.

B.

DNS has a higher priority and more bandwidth than SSH.

C.

google-video has a higher priority and more bandwidth than WebEx.

D.

Facetime has a higher priority but lower bandwidth than Zoom.

Page: 2 / 28
Total 374 questions
Get PCNSE Full Access Download PCNSE PDF