Weekend Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bigdisc65

PCNSE Exam Dumps - Paloalto Networks Palo Alto Certifications and Accreditations Questions and Answers

Question # 34

An engineer creates a set of rules in a Device Group (Panorama) to permit traffic to various services for a specific LDAP user group.

What needs to be configured to ensure Panorama can retrieve user and group information for use in these rules?

Options:

A.

A service route to the LDAP server

B.

A Master Device

C.

Authentication Portal

D.

A User-ID agent on the LDAP server

Buy Now
Question # 35

A company wants to use GlobalProtect as its remote access VPN solution.

Which GlobalProtect features require a Gateway license?

Options:

A.

Multiple external gateways

B.

Single or multiple internal gateways

C.

Split DNS and HIP checks

D.

IPv6 for internal gateways

Buy Now
Question # 36

Which User-ID mapping method should be used in a high-security environment where all IP address-to-user mappings should always be explicitly known?

Options:

A.

PAN-OS integrated User-ID agent

B.

GlobalProtect

C.

Windows-based User-ID agent

D.

LDAP Server Profile configuration

Buy Now
Question # 37

An administrator has two pairs of firewalls within the same subnet. Both pairs of firewalls have been configured to use High Availability mode with Active/Passive. The ARP tables for upstream routes display the same MAC address being shared for some of these firewalls.

What can be configured on one pair of firewalls to modify the MAC addresses so they are no longer in conflict?

Options:

A.

Configure a floating IP between the firewall pairs.

B.

Change the Group IDs in the High Availability settings to be different from the other firewall pair on the same subnet.

C.

Change the interface type on the interfaces that have conflicting MAC addresses from L3 to VLAN.

D.

On one pair of firewalls, run the CLI command: set network interface vlan arp.

Buy Now
Question # 38

What action does a firewall take when a Decryption profile allows unsupported modes and unsupported traffic with TLS 1.2 protocol traverses the firewall?

Options:

A.

It blocks all communication with the server indefinitely.

B.

It downgrades the protocol to ensure compatibility.

C.

It automatically adds the server to the SSL Decryption Exclusion list.

D.

It generates an decryption error message but allows the traffic to continue decryption.

Buy Now
Question # 39

An administrator needs to validate that policies that will be deployed will match the appropriate rules in the device-group hierarchy. Which tool can the administrator use to review the policy creation logic and verify that unwanted traffic is not allowed?

Options:

A.

Preview Changes

B.

Managed Devices Health

C.

Test Policy Match

D.

Policy Optimizer

Buy Now
Question # 40

An administrator has configured OSPF with Advanced Routing enabled on a Palo Alto Networks firewall running PAN-OS 10.2. After OSPF was configured, the administrator noticed that OSPF routes were not being learned.

Which two actions could an administrator take to troubleshoot this issue? (Choose two.)

Options:

A.

Run the CLI command show advanced-routing ospf neighbor

B.

In the WebUI, view the Runtime Stats in the virtual router

C.

Look for configuration problems in Network > virtual router > OSPF

D.

In the WebUI, view Runtime Stats in the logical router

Buy Now
Question # 41

An organization conducts research on the benefits of leveraging the Web Proxy feature of PAN-OS 11.0.

What are two benefits of using an explicit proxy method versus a transparent proxy method? (Choose two.)

Options:

A.

No client configuration is required for explicit proxy, which simplifies the deployment complexity.

B.

Explicit proxy supports interception of traffic using non-standard HTTPS ports.

C.

It supports the X-Authenticated-User (XAU) header, which contains the authenticated username in the outgoing request.

D.

Explicit proxy allows for easier troubleshooting, since the client browser is aware of the existence of the proxy.

Buy Now
Question # 42

A company wants to deploy IPv6 on its network which requires that all company Palo Alto Networks firewalls process IPv6 traffic and to be configured with IPv6 addresses. Which consideration should the engineers take into account when planning to enable IPv6?

Options:

A.

Device > Setup Settings Do not enable on each interface

B.

Network > Zone Settings Do not enable on each interface

C.

Network > Zone Settings Enable on each interface

D.

Device > Setup Settings Enable on each interface

Buy Now
Question # 43

A network engineer has discovered that asymmetric routing is causing a Palo Alto Networks firewall to drop traffic. The network architecture cannot be changed to correct this.

Which two actions can be taken on the firewall to allow the dropped traffic permanently? (Choose two.)

Options:

A.

Navigate to Network > Zone Protection Click AddSelect Packet Based Attack Protection > TCP/IP Drop Set "Reject Non-syn-TCP" to No Set "Asymmetric Path" to Bypass

B.

> set session tcp-reject-non-syn no

C.

Navigate to Network > Zone Protection Click AddSelect Packet Based Attack Protection > TCP/IP Drop Set "Reject Non-syn-TCP" to Global Set "Asymmetric Path" to Global

D.

# set deviceconfig setting session tcp-reject-non-syn no

Buy Now
Exam Code: PCNSE
Exam Name: Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0
Last Update: Jun 14, 2025
Questions: 346
PCNSE pdf

PCNSE PDF

$29.75  $84.99
 Add to Cart
PCNSE Engine

PCNSE Testing Engine

$33.25  $94.99
 Add to Cart
PCNSE PDF + Engine

PCNSE PDF + Testing Engine

$47.25  $134.99
 Add to Cart