Palo Alto PCNSE Practice Test Bank Questions and Answers Updated summer 2022-2023, A+ level Guide.

Palo Alto PCNSE NGFW Questions

When creating a custom admin role, which four types of privileges can be defined? (Choose

four.)

A. Command Line

B. Panorama

C. XML API

D. Java API

E. REST API

F. WebUI

ACEF

Global user authentication is supported by which three authentication services? (Choose

three.)

A. Certificate

B. RADIUS

C. SAML

D. LDAP

E. TACACS+

BCE

What is the result of performing a firewall Commit operation?

A. The saved configuration becomes the loaded configuration.

B. The loaded configuration becomes the candidate configuration.

C. The candidate configuration becomes the running configuration.

D. The candidate configuration becomes the saved configuration.

C

Which three MGT port configuration settings must be configured before you can remotely

access the web interface? (Choose three.)

A. netmask

B. default gateway

C. hostname

D. DNS server

E. IP address

ABE

When committing changes to a firewall, what is the result of clicking the Preview Changes

link?

A. shows any error messages that would appear during a commit

B. lists the individual settings for which you are committing changes

C. compares the candidate configuration to the running configuration

D. displays any unresolved application dependencies

C

Which two separate firewall planes comprise the PAN-OS architecture? (Choose two.)

A. HA plane

B. signature processing plane

C. data plane

D. management (control) plane

E. routing plane

CD

Which two statements are true regarding the candidate configuration? (Choose two.)

A. It controls the current operation of the firewall.

B. It always contains the factory default configuration.

C. It contains possible changes to the current configuration.

D. It can be reverted to the current configuration.

CD

Which object cannot be segmented using virtual systems on a firewall?

A. network security zone

B. data plane interface

C. administrative access

D. MGT interface

D

The Palo Alto Networks Cybersecurity Portfolio focuses on which three principle

technologies? (Choose three.)

A. securing the cloud

B. securing operations response

C. securing third-party application access

D. securing the enterprise

E. securing the internet of things

ABD

What are the two attributes of the dedicated out-of-band network management port in Palo

Alto Networks firewalls? (Choose two.)

A. supports only SSH connections

B. labeled MGT by default

C. requires a static, non-DHCP network configuration

D. cannot be configured as a standard traffic port

BD

True or false? To register a hardware firewall, you will need the firewall’s serial number.

A. true

B. false

A

n the web interface, what is signified when a text box is highlighted in red?

A. The value in the text box is required.

B. The value in the text box is controlled by Panorama.

C. The value in the text box is optional.

D. The value in the text box is an error.

A

True or false? Service routes can be used to configure an in-band port to access external

services.

A. true

B. false

A

True or false? The running configuration consists of configuration changes in progress but

not active on the firewall.

A. true

B. false

B

True or false? Server Profiles define connections that the firewall can make to external

servers.

A. true

B. false

A

True or false? Certificate-based authentication replaces all other forms of either local or

external authentication.

A. true

B. false

A

Which two activities are part of the cyberattack lifecycle reconnaissance stage? (Choose

two.)

A. port scans

B. social engineering

C. RAT installation

D. establish C2

AB

At which packet flow stage does the firewall detect and block pre-session reconnaissance

and DoS attacks?

A. application identification

B. content inspection

C. ingress

D. slowpath

C

True or false? A Layer 3 interface can be configured as dual stack with both IPv4 and IPv6

addresses.

A. true

B. false

A

Which protection method can be used to mitigate single-session DoS attacks?

A. DoS Protection policy

B. packet buffer protection

C. Zone Protection Profile

D. DoS Protection Profile

B

True or false? DoS Protection policy is applied to session traffic before a Zone Protection

Profile.

A. true

B. false

B

Which type of protection is provided by both a Zone Protection Profile and a DoS

Protection Profile?

A. packet-based and protocol-based

B. session limits

C. reconnaissance

D. flood

D

Which firewall configuration component is used to block access to known-bad IP

addresses?

A. NAT policy

B. IP Security Profile

C. Security policy

D. Vulnerability Protection Profile

C

In which three locations can you configure the firewall to use an EDL? (Choose three.)

A. DoS Protection Profile

B. URL Filtering Profile

C. Antivirus Profile

D. Anti-Spyware Profile

E. Security policy

BDE