Exam (elaborations)
Palo Alto PCNSE NGFW Questions
- Course
- Institution
Palo Alto PCNSE NGFW Questions
[Show more]
Content preview
Palo Alto PCNSE NGFW Questions1. When creating a custom admin role, which four types of privileges can
be defined? (Choose four.)
A. Command Line
B. Panorama
C. XML API
D. Java API
E. REST API
F.WebUI: ACEF
2. Global user authentication is supported by which three authentication
ser- vices? (Choose three.)
A. Certificate
B. RADIUS
C. SAML
D. LDAP
E. TACACS+: BCE
3. What is the result of performing a firewall Commit operation?
A. The saved configuration becomes the loaded configuration.
B. The loaded configuration becomes the candidate configuration.
C. The candidate configuration becomes the running configuration.
D. The candidate configuration becomes the saved configuration.: C
4. Which three MGT port configuration settings must be configured before
you can remotely access the web interface? (Choose three.)
A. netmask
B. default gateway
C. hostname
D. DNS server
E. IP address: ABE
5. When committing changes to a firewall, what is the result of clicking
the Preview Changes link?
A. shows any error messages that would appear during a commit
B. lists the individual settings for which you are committing changes
C. compares the candidate configuration to the running configuration
D. displays any unresolved application dependencies: C
6. Which two separate firewall planes comprise the PAN-OS
architecture? (Choose two.)
A. HA plane
B. signature processing plane
C. data plane
, Palo Alto PCNSE NGFW Questions
D. management (control) plane
E. routing plane: CD
7. Which two statements are true regarding the candidate
configuration? (Choose two.)
A. It controls the current operation of the firewall.
B. It always contains the factory default configuration.
C. It contains possible changes to the current configuration.
D. It can be reverted to the current configuration.: CD
8. Which object cannot be segmented using virtual systems on a firewall?
A. network security zone
B. data plane interface
C. administrative access
D. MGT interface: D
9. The Palo Alto Networks Cybersecurity Portfolio focuses on which
three principle technologies? (Choose three.)
A. securing the cloud
B. securing operations response
C. securing third-party application access
D. securing the enterprise
E. securing the internet of things: ABD
10. What are the two attributes of the dedicated out-of-band network
manage- ment port in Palo Alto Networks firewalls? (Choose two.)
A. supports only SSH connections
B. labeled MGT by default
C. requires a static, non-DHCP network configuration
D. cannot be configured as a standard traffic port: BD
11. True or false? To register a hardware firewall, you will need the
firewall's serial number.
A. true
B. false: A
12. n the web interface, what is signified when a text box is highlighted in
red?
A. The value in the text box is required.
B. The value in the text box is controlled by Panorama.
C. The value in the text box is optional.
D. The value in the text box is an error.: A
13. True or false? Service routes can be used to configure an in-band port
to access external services.
A. true
, Palo Alto PCNSE NGFW Questions
B. false: A
, Palo Alto PCNSE NGFW Questions
14. True or false? The running configuration consists of
configuration changes in progress but not active on the firewall.
A. true
B. false: B
15. True or false? Server Profiles define connections that the firewall can
make to external servers.
A. true
B. false: A
16. True or false? Certificate-based authentication replaces all other forms
of either local or external authentication.
A. true
B. false: A
17. Which two activities are part of the cyberattack lifecycle
reconnaissance stage? (Choose two.)
A. port scans
B. social engineering
C. RAT installation
D. establish C2: AB
18. At which packet flow stage does the firewall detect and block pre-
session reconnaissance and DoS attacks?
A. application identification
B. content inspection
C. ingress
D. slowpath: C
19. True or false? A Layer 3 interface can be configured as dual stack with
both IPv4 and IPv6 addresses.
A. true
B. false: A
20. Which protection method can be used to mitigate single-session
DoS attacks?
A. DoS Protection policy
B. packet buffer protection
C. Zone Protection Profile
D. DoS Protection Profile: B
21. True or false? DoS Protection policy is applied to session traffic before
a Zone Protection Profile.
A. true
B. false: B
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Constantina. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
83637 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now