The Palo Alto Networks Certified Network Security Engineer (PCNSE) is a formal, third-party proctored certification that certifies candidates’ ability to design, install, configure, manage, and troubleshoot the vast majority of Palo Alto Networks platform implementations. Customers who use Palo Alto Networks products, value-added resellers, pre-sales system engineers, system integrators, and support staff should all take the PCNSE test to demonstrate a comprehensive understanding of Palo Alto Networks technologies.
Question 1
Which CLI command can be used to export the tcpdump capture?
A. scp export tcpdump from mgmt.pcap to < username@host:path>
B. scp extract mgmt-pcap from mgmt.pcap to < username@host:path>
C. scp export mgmt-pcap from mgmt.pcap to < username@host:path>
D. download mgmt-pcap
Answer : C
Question 2
An administrator has configured the Palo Alto Networks NGFWג€™s management interface to connect to the internet through a dedicated path that does not traverse back through the NGFW itself.
Which configuration setting or step will allow the firewall to get automatic application signature updates?
A. A scheduler will need to be configured for application signatures.
B. A Security policy rule will need to be configured to allow the update requests from the firewall to the update servers.
C. A Threat Prevention license will need to be installed.
D. A service route will need to be configured.
Answer : D
Question 3
Which three options are supported in HA Lite? (Choose three.)
A. Virtual link
B. Active/passive deployment
C. Synchronization of IPsec security associations
D. Configuration synchronization
E. Session synchronization
Answer : BCD
Question 4
Which CLI command enables an administrator to view details about the firewall including uptime, PAN-OSֲ® version, and serial number?
A. debug system details
B. show session info
C. show system info
D. show system details
Answer : C
Question 5
During the packet flow process, which two processes are performed in application identification? (Choose two.)
A. Pattern based application identification
B. Application override policy match
C. Application changed from content inspection
D. Session application identified
Answer : BD
Question 6
Which tool provides an administrator the ability to see trends in traffic over periods of time, such as threats detected in the last 30 days?
A. Session Browser
B. Application Command Center
C. TCP Dump
D. Packet Capture
Answer : B
Question 7
If an administrator does not possess a websiteג€™s certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to inspect traffic when users browse to HTTP(S) websites?
A. SSL Forward Proxy
B. SSL Inbound Inspection
C. TLS Bidirectional proxy
D. SSL Outbound Inspection
Answer : B
Question 8
Which three steps will reduce the CPU utilization on the management plane? (Choose three.)
A. Disable SNMP on the management interface.
B. Application override of SSL application.
C. Disable logging at session start in Security policies.
D. Disable predefined reports.
E. Reduce the traffic being decrypted by the firewall.
Answer : ACD
Question 9
Which feature must you configure to prevent users from accidentally submitting their corporate credentials to a phishing website?
A. URL Filtering profile
B. Zone Protection profile
C. Anti-Spyware profile
D. Vulnerability Protection profile
Answer : A
Question 10
How can a candidate or running configuration be copied to a host external from Panorama?
A. Commit a running configuration.
B. Save a configuration snapshot.
C. Save a candidate configuration.
D. Export a named configuration snapshot.
Answer : D
Conclusion
For those who require assistance with their preparation, SPOTO dumps will be the most advantageous solution. When you use our Verified Exam Questions to take the SPOTO Dumps Exam, you’ll notice that every question on the test corresponds to the SPOTO Dumps.
Comments