New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

PDF PCNSE Study Guide

Page: 8 / 13
Total 250 questions

Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0 Questions and Answers

Question 29

An auditor is evaluating the configuration of Panorama and notices a discrepancy between the Panorama template and the local firewall configuration.

When overriding the firewall configuration pushed from Panorama, what should you consider?

Options:

A.

The firewall template will show that it is out of sync within Panorama.

B.

The modification will not be visible in Panorama.

C.

Only Panorama can revert the override.

D.

Panorama will update the template with the overridden value.

Question 30

An engineer is configuring a firewall with three interfaces:

• MGT connects to a switch with internet access.

• Ethernet1/1 connects to an edge router.

• Ethernet1/2 connects to a visualization network.

The engineer needs to configure dynamic updates to use a dataplane interface for internet traffic. What should be configured in Setup > Services > Service Route Configuration to allow this traffic?

Options:

A.

Set DNS and Palo Alto Networks Services to use the ethernet1/1 source interface.

B.

Set DNS and Palo Alto Networks Services to use the ethernet1/2 source interface.

C.

Set DNS and Palo Alto Networks Services to use the MGT source interface.

D.

Set DDNS and Palo Alto Networks Services to use the MGT source interface.

Question 31

A superuser is tasked with creating administrator accounts for three contractors. For compliance purposes, all three contractors will be working with different device-groups in their hierarchy to deploy policies and objects

Which type of role-based access is most appropriate for this project?

Options:

A.

Create a Dynamic Read only superuser.

B.

Create a Dynamic Admin with the Panorama Administrator role

C.

Create a Device Group and Template Admin

D.

Create a Custom Panorama Admin

Question 32

An engineer must configure a new SSL decryption deployment.

Which profile or certificate is required before any traffic that matches an SSL decryption rule is decrypted?

Options:

A.

A Decryption profile must be attached to the Decryption policy that the traffic matches.

B.

A Decryption profile must be attached to the Security policy that the traffic matches.

C.

There must be a certificate with only the Forward Trust option selected.

D.

There must be a certificate with both the Forward Trust option and Forward Untrust option selected.

Page: 8 / 13
Total 250 questions