Palo Alto PCNSE Practice Test Bank Questions and Answers Updated summer 2022-2023, A+ level Guide.
Palo Alto PCNSE NGFW Questions
When creating a custom admin role, which four types of privileges can be defined? (Choose
four.)
A. Command Line
B. Panorama
C. XML API
D. Java API
E. REST API
F. WebUI
ACEF
Global user authentication is supported by which three authentication services? (Choose
three.)
A. Certificate
B. RADIUS
C. SAML
D. LDAP
E. TACACS+
BCE
What is the result of performing a firewall Commit operation?
A. The saved configuration becomes the loaded configuration.
B. The loaded configuration becomes the candidate configuration.
C. The candidate configuration becomes the running configuration.
D. The candidate configuration becomes the saved configuration.
C
Which three MGT port configuration settings must be configured before you can remotely
access the web interface? (Choose three.)
A. netmask
B. default gateway
C. hostname
D. DNS server
E. IP address
ABE
When committing changes to a firewall, what is the result of clicking the Preview Changes
link?
A. shows any error messages that would appear during a commit
B. lists the individual settings for which you are committing changes
C. compares the candidate configuration to the running configuration
D. displays any unresolved application dependencies
C
Which two separate firewall planes comprise the PAN-OS architecture? (Choose two.)
A. HA plane
B. signature processing plane
C. data plane
D. management (control) plane
E. routing plane
CD
Which two statements are true regarding the candidate configuration? (Choose two.)
A. It controls the current operation of the firewall.
B. It always contains the factory default configuration.
C. It contains possible changes to the current configuration.
D. It can be reverted to the current configuration.
CD
Which object cannot be segmented using virtual systems on a firewall?
A. network security zone
B. data plane interface
C. administrative access
D. MGT interface
D
The Palo Alto Networks Cybersecurity Portfolio focuses on which three principle
technologies? (Choose three.)
A. securing the cloud
B. securing operations response
C. securing third-party application access
D. securing the enterprise
E. securing the internet of things
ABD
What are the two attributes of the dedicated out-of-band network management port in Palo
Alto Networks firewalls? (Choose two.)
A. supports only SSH connections
B. labeled MGT by default
C. requires a static, non-DHCP network configuration
D. cannot be configured as a standard traffic port
BD
True or false? To register a hardware firewall, you will need the firewall’s serial number.
A. true
B. false
A
n the web interface, what is signified when a text box is highlighted in red?
A. The value in the text box is required.
B. The value in the text box is controlled by Panorama.
C. The value in the text box is optional.
D. The value in the text box is an error.
A
True or false? Service routes can be used to configure an in-band port to access external
services.
A. true
B. false
A
True or false? The running configuration consists of configuration changes in progress but
not active on the firewall.
A. true
B. false
B
True or false? Server Profiles define connections that the firewall can make to external
servers.
A. true
B. false
A
True or false? Certificate-based authentication replaces all other forms of either local or
external authentication.
A. true
B. false
A
Which two activities are part of the cyberattack lifecycle reconnaissance stage? (Choose
two.)
A. port scans
B. social engineering
C. RAT installation
D. establish C2
AB
At which packet flow stage does the firewall detect and block pre-session reconnaissance
and DoS attacks?
A. application identification
B. content inspection
C. ingress
D. slowpath
C
True or false? A Layer 3 interface can be configured as dual stack with both IPv4 and IPv6
addresses.
A. true
B. false
A
Which protection method can be used to mitigate single-session DoS attacks?
A. DoS Protection policy
B. packet buffer protection
C. Zone Protection Profile
D. DoS Protection Profile
B
True or false? DoS Protection policy is applied to session traffic before a Zone Protection
Profile.
A. true
B. false
B
Which type of protection is provided by both a Zone Protection Profile and a DoS
Protection Profile?
A. packet-based and protocol-based
B. session limits
C. reconnaissance
D. flood
D
Which firewall configuration component is used to block access to known-bad IP
addresses?
A. NAT policy
B. IP Security Profile
C. Security policy
D. Vulnerability Protection Profile
C
In which three locations can you configure the firewall to use an EDL? (Choose three.)
A. DoS Protection Profile
B. URL Filtering Profile
C. Antivirus Profile
D. Anti-Spyware Profile
E. Security policy
BDE
Category | Exams and Certifications |
Comments | 0 |
Rating | |
Sales | 0 |