• Home
  • Articles
  • Get Latest Sep-2021 Conduct effective penetration tests using TroytecDumps PCNSE exam [Q11-Q35]

Get Latest Sep-2021 Conduct effective penetration tests using TroytecDumps PCNSE exam [Q11-Q35]

Share

Get Latest [Sep-2021] Conduct effective penetration tests using  TroytecDumps PCNSE

Penetration testers simulate PCNSE exam PDF

NEW QUESTION 11
What file type upload is supported as part of the basic WildFire service?

  • A. BAT
  • B. VBS
  • C. PE
  • D. ELF

Answer: C

 

NEW QUESTION 12
A web server is hosted in the DMZ and the server is configured to listen for incoming connections on TCP port 443. A Security policies rules allowing access from the Trust zone to the DMZ zone needs to be configured to allow web-browsing access. The web server hosts its contents over HTTP(S). Traffic from Trust to DMZ is being decrypted with a Forward Proxy rule.
Which combination of service and application, and order of Security policy rules, needs to be configured to allow cleartext web-browsing traffic to this server on tcp/443.

  • A. Rule #1: application: web-browsing; service: service-https; action: allow Rule #2: application: ssl; service: application-default; action: allow
  • B. Rule #1: application: web-browsing; service: application-default; action: allow Rule #2: application: ssl; service: application-default; action: allow
  • C. Rule # 1: application: ssl; service: application-default; action: allow Rule #2: application: web-browsing; service: application-default; action: allow
  • D. Rule #1: application: web-browsing; service: service-http; action: allow Rule #2: application: ssl; service: application-default; action: allow

Answer: B

 

NEW QUESTION 13
An administrator just submitted a newly found piece of spyware for WildFire analysis.
The spyware monitors behavior without the user's knowledge.
What is the expected verdict from WildFire?

  • A. Malware
  • B. Grayware
  • C. Spyware
  • D. Phishing

Answer: B

 

NEW QUESTION 14
To connect the Palo Alto Networks firewall to AutoFocus, which setting must be enabled?

  • A. AutoFocus is enabled by default on the Palo Alto Networks NGFW
  • B. Device>Setup> Management> Logging and Reporting Settings
  • C. Device> Setup>Management >AutoFocus
  • D. Device>Setup>WildFire>AutoFocus
  • E. Device>Setup>Services>AutoFocus

Answer: C

 

NEW QUESTION 15
Click the Exhibit button below,


A firewall has three PBF rules and a default route with a next hop of 172.20.10.1 that is configured in the default VR. A user named Will has a PC with a 192.168.10.10 IP address. He makes an HTTPS connection to
172.16.10.20.
Which is the next hop IP address for the HTTPS traffic from Will's PC?

  • A. 172.20.10.1
  • B. 172.20.30.1
  • C. 172.20.40.1
  • D. 172.20.20.1

Answer: D

 

NEW QUESTION 16
Which is the maximum number of samples that can be submitted to WildFire per day, based on a WildFire subscription?

  • A. 7,500
  • B. 5,000
  • C. 15,000
  • D. 10,000

Answer: D

 

NEW QUESTION 17
A network security engineer needs to configure a virtual router using IPv6 addresses.
Which two routing options support these addresses? (Choose two)

  • A. BGP not sure
  • B. RIP
  • C. Static Route
  • D. OSPFv3

Answer: C,D

Explanation:
Explanation: https://live.paloaltonetworks.com/t5/Management-Articles/Does-PAN-OS- Support-Dynamic-Routing-Protocols-OSPF-or-BGP-with/ta-p/62773

 

NEW QUESTION 18
Which two settings can be configured only locally on the firewall and not pushed from a Panorama template or template stack? (Choose two)

  • A. Network Interface Type
  • B. Master Key
  • C. HA1 IP Address
  • D. Zone Protection Profile

Answer: B,C

Explanation:
Explanation
https://docs.paloaltonetworks.com/panorama/7-1/panorama-admin/manage-firewalls/template-capabilities-and-ex

 

NEW QUESTION 19
Which two actions would be part of an automatic solution that would block sites with untrusted certificates
without enabling SSL Forward Proxy? (Choose two.)

  • A. Create a no-decrypt Decryption Policy rule.
  • B. Create a Security Policy rule with vulnerability Security Profile attached.
  • C. Create a Dynamic Address Group for untrusted sites
  • D. Enable the "Block sessions with untrusted issuers" setting.
  • E. Configure an EDL to pull IP addresses of known sites resolved from a CRL.

Answer: A,B

Explanation:
Explanation/Reference:
Reference: https://www.paloaltonetworks.com/documentation/71/pan-os/web-interface-help/objects/
objects-decryption-profile

 

NEW QUESTION 20
An administrator needs to determine why users on the trust zone cannot reach certain websites. The only information available is shown on the following image.
Which configuration change should the administrator make?
A:

B:

C:

D:

E:

  • A. Option D
  • B. Option B
  • C. Option A
  • D. Option C
  • E. Option E

Answer: B

 

NEW QUESTION 21
An administrator creates an SSL decryption rule decrypting traffic on all ports. The administrator also creates a Security policy rule allowing only the applications DNS, SSL, and web-browsing.
The administrator generates three encrypted BitTorrent connections and checks the Traffic logs.
There are three entries. The first entry shows traffic dropped as application Unknown. The next two entries show traffic allowed as application SSL.
Which action will stop the second and subsequent encrypted BitTorrent connections from being allowed as SSL?

  • A. Create a Security policy rule that matches application "encrypted BitTorrent" and place the rule at the top of the Security policy.
  • B. Disable the exclude cache option for the firewall.
  • C. Create a Decryption Profile to block traffic using unsupported cyphers, and attach the profile to the decryption rule.
  • D. Create a decryption rule matching the encrypted BitTorrent traffic with action "No- Decrypt," and place the rule at the top of the Decryption policy.

Answer: C

 

NEW QUESTION 22
Which rule type controls end user SSL traffic to external websites?

  • A. SSL Forward Proxy
  • B. SSL Inbound Inspection
  • C. SSH Proxy
  • D. SSL Outbound Proxyless Inspection

Answer: B

 

NEW QUESTION 23

What will be the source address in the ICMP packet?

  • A. 10.30.0.93
  • B. 192.168.93.1
  • C. 10.46.72.93
  • D. 10.46.64.94

Answer: D

 

NEW QUESTION 24
Which method does an administrator use to integrate all non-native MFA platforms in PAN-OS® software?

  • A. Okta
  • B. PingID
  • C. RADIUS
  • D. DUO

Answer: C

Explanation:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/authentication/authentication-types/multi-factor-authentication

 

NEW QUESTION 25
Which three log-forwarding destinations require a server profile to be configured? (Choose three)

  • A. Syslog
  • B. Panorama
  • C. Kerberos
  • D. Email
  • E. RADIUS
  • F. SNMP Trap

Answer: A,D,F

Explanation:
Enable a Log Forwarding Profile (see step 4 below).
1. Select Objects > Log Forwarding Profile and Add a new security profile group.
2. Give the profile group a descriptive Name to help identify it when adding the profile to security policies or security zones.
3. If the firewall is in Multiple Virtual System Mode, enable the profile to be Shared by all virtual systems.
4. Add settings for the Traffic logs, Threat logs, and WildFire logs:
Select the Panorama check box for the severity of the Traffic, Threat, or WildFire logs that you want to be forwarded to Panorama.
Specify logs that you want to forward to additional destinations: SNMP Trap destinations, Email servers, or Syslog servers.
5. Click OK to save the log forwarding profile.
https://www.paloaltonetworks.com/documentation/61/pan-os/pan-os/reports-and-logging/log- forwarding-profiles.html

 

NEW QUESTION 26
What should an administrator consider when planning to revert Panorama to a pre-PAN-OS 8.1 version?

  • A. Panorama cannot be reverted to an earlier PAN-OS release if variables are used in templates or template stacks.
  • B. When Panorama is reverted to an earlier PAN-OS release, variables used in templates or template stacks will be removed automatically.
  • C. An administrator must use the Expedition tool to adapt the configuration to the pre-PAN-OS 8.1 state.
  • D. Administrators need to manually update variable characters to those used in pre-PAN-OS 8.1.

Answer: A

Explanation:
Explanation/Reference: https://www.paloaltonetworks.com/documentation/81/pan-os/newfeaturesguide/upgrade-to-pan- os-81/upgradedowngrade-considerations

 

NEW QUESTION 27
Which CLI command displays the current management plan memory utilization?

  • A. > show running resource-monitor
  • B. > show system resources
  • C. > show system info
  • D. > debug management-server show

Answer: B

Explanation:
Explanation
https://live.paloaltonetworks.com/t5/Management-Articles/Show-System-Resource-Command-Displays-CPU-Ut

 

NEW QUESTION 28
Which item enables a firewall administrator to see details about traffic that is currently active through the NGFW?

  • A. Session Browser
  • B. ACC
  • C. App Scope
  • D. System Logs

Answer: A

 

NEW QUESTION 29
Which event will happen if an administrator uses an Application Override Policy?

  • A. The application name assigned to the traffic by the security rule is written to the Traffic log.
  • B. The Palo Alto Networks NGFW stops App-ID processing at Layer 4.
  • C. App-ID processing time is increased.
  • D. Threat-ID processing time is decreased.

Answer: B

Explanation:
Reference:
https://live.paloaltonetworks.com/t5/Learning-Articles/Tips-amp-Tricks-How-to-Create-an-Application-Override

 

NEW QUESTION 30
How does Panorama prompt VMWare NSX to quarantine an infected VM?

  • A. SNMP Server Profile
  • B. Syslog Server Profile
  • C. HTTP Server Profile
  • D. Email Server Profile

Answer: C

Explanation:
Explanation/Reference: https://www.paloaltonetworks.com/documentation/80/virtualization/virtualization/set-up-the-vm- series-firewall-on-vmware-nsx/dynamically-quarantine-infected-guests

 

NEW QUESTION 31
Which setting allow a DOS protection profile to limit the maximum concurrent sessions from a source IP address?

  • A. Set the type to Classified, clear the session's box and set the Maximum concurrent Sessions to
    4000.
  • B. Set the type to Aggregate, clear the session's box and set the Maximum concurrent Sessions to
    4000.
  • C. Set the type Classified, check the Sessions box and set the Maximum concurrent Sessions to
    4000.
  • D. Set the type to aggregate, check the Sessions box and set the Maximum concurrent Sessions to
    4000.

Answer: C

 

NEW QUESTION 32
An administrator has configured a QoS policy rule and a QoS profile that limits the maximum allowable bandwidth for the YouTube application. However , YouTube is consuming more than the maximum bandwidth allotment configured.
Which configuration step needs to be configured to enable QoS?

  • A. Enable QoS monitor
  • B. Enable Qos interface
  • C. Enable Qos in the interface Management Profile.
  • D. Enable QoS Data Filtering Profile

Answer: B

Explanation:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/network/network-qos/qos-interface-settings#

 

NEW QUESTION 33
Which three authentication services can an administrator use to authenticate admins into the Palo Alto Networks NGFW without defining a corresponding admin account on the local firewall? (Choose three.)

  • A. TACACS+
  • B. LDAP
  • C. Kerberos
  • D. RADIUS
  • E. SAML
  • F. PAP

Answer: A,D,E

 

NEW QUESTION 34
What should an administrator consider when planning to revert Panorama to a pre-PAN-OS 8.1 version?

  • A. Panorama cannot be reverted to an earlier PAN-OS release if variables are used in templates or template stacks.
  • B. When Panorama is reverted to an earlier PAN-OS release, variables used in templates or template stacks will be removed automatically.
  • C. An administrator must use the Expedition tool to adapt the configuration to the pre-PAN-OS 8.1 state.
  • D. Administrators need to manually update variable characters to those used in pre-PAN-OS 8.1.

Answer: A

Explanation:
Explanation/Reference: https://www.paloaltonetworks.com/documentation/81/pan-os/newfeaturesguide/upgrade-to-pan-os-
81/upgradedowngrade-considerations

 

NEW QUESTION 35
......

Tested Material Used To PCNSE Test Engine: https://www.troytecdumps.com/PCNSE-troytec-exam-dumps.html

Steps Necessary To Pass The PCNSE Exam: https://drive.google.com/open?id=1tczAyFNo_H-Ht9J2yIxv-ClPq97bNEHR

 

Related Articles

more
Palo Alto Networks PCNSE Certification Practice Exam

Copyright © 2026 TroytecDumps NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy

Disclaimer:
TroytecDumps doesn't offer Real CompTIA Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates
TroytecDumps material do not contain actual actual Oracle Exam Questions or material.
TroytecDumps doesn't offer Real Microsoft Exam Questions.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation
TroytecDumps Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
TroytecDumps.com does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. TroytecDumps does not own or claim any ownership on any of the brands.