CertsTopics Logo

Month End Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

PCNSE Exam Results

Page: 11 / 22
Total 294 questions
Get PCNSE Full Access Download PCNSE PDF

Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0 Questions and Answers

Question 41

An engineer must configure a new SSL decryption deployment.

Which profile or certificate is required before any traffic that matches an SSL decryption rule is decrypted?

Options:

A.

A Decryption profile must be attached to the Decryption policy that the traffic matches.

B.

A Decryption profile must be attached to the Security policy that the traffic matches.

C.

There must be a certificate with only the Forward Trust option selected.

D.

There must be a certificate with both the Forward Trust option and Forward Untrust option selected.

Question 42

What action does a firewall take when a Decryption profile allows unsupported modes and unsupported traffic with TLS 1.2 protocol traverses the firewall?

Options:

A.

It blocks all communication with the server indefinitely.

B.

It downgrades the protocol to ensure compatibility.

C.

It automatically adds the server to the SSL Decryption Exclusion list.

D.

It generates an decryption error message but allows the traffic to continue decryption.

Question 43

A network security administrator wants to inspect HTTPS traffic from users as it egresses through a firewall to the Internet/Untrust zone from trusted network zones.

The security admin wishes to ensure that if users are presented with invalid or untrusted security certificates, the user will see an untrusted certificate warning.

What is the best choice for an SSL Forward Untrust certificate?

Options:

A.

A web server certificate signed by the organization's PKI

B.

A self-signed certificate generated on the firewall

C.

A subordinate Certificate Authority certificate signed by the organization's PKI

D.

A web server certificate signed by an external Certificate Authority

Question 44

An administrator would like to determine which action the firewall will take for a specific CVE. Given the screenshot below, where should the administrator navigate to view this information?

Options:

A.

The profile rule action

B.

CVE column

C.

Exceptions lab

D.

The profile rule threat name

Page: 11 / 22
Total 294 questions
Get PCNSE Full Access Download PCNSE PDF