Month End Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

PDF PCNSE Study Guide

Page: 8 / 22
Total 294 questions

Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0 Questions and Answers

Question 29

Which two actions must an engineer take to configure SSL Forward Proxy decryption? (Choose two.)

Options:

A.

Configure the decryption profile.

B.

Define a Forward Trust Certificate.

C.

Configure SSL decryption rules.

D.

Configure a SSL/TLS service profile.

Question 30

An engineer configures a specific service route in an environment with multiple virtual systems instead of using the inherited global service route configuration.

What type of service route can be used for this configuration?

Options:

A.

IPv6 Source or Destination Address

B.

Destination-Based Service Route

C.

IPv4 Source Interface

D.

Inherit Global Setting

Question 31

A company has a PA-3220 NGFW at the edge of its network and wants to use active directory groups in its Security policy rules. There are 1500 groups in its active directory. An engineer has been provided 800 active directory groups to be used in the Security policy rules.

What is the engineer's next step?

Options:

A.

Create a Group Mapping with 800 groups in the Group Include List.

B.

Create two Group Include Lists, each with 400 Active Directory groups.

C.

Create a Group Include List with the 800 Active Directory groups.

D.

Create two Group Mappings, each with 400 groups in the Group Include List.

Question 32

Which two profiles should be configured when sharing tags from threat logs with a remote User-ID agent? (Choose two.)

Options:

A.

Log Ingestion

B.

HTTP

C.

Log Forwarding

D.

LDAP

Page: 8 / 22
Total 294 questions