Palo Alto Networks PCNSE Practice Exams
Last updated on Apr 01,2025- Exam Code: PCNSE
- Exam Name: Palo Alto Networks Certified Network Security Engineer Exam
- Certification Provider: Palo Alto Networks
- Latest update: Apr 01,2025
Refer to the exhibit.
Which will be the egress interface if the traffic’s ingress interface is ethernet1/7 sourcing from 192.168.111.3 and to the destination 10.46.41.113?
- A . ethernet1/6
- B . ethernet1/3
- C . ethernet1/7
- D . ethernet1/5
What is the best definition of the Heartbeat Interval?
- A . The interval in milliseconds between hello packets
- B . The frequency at which the HA peers check link or path availability
- C . The frequency at which the HA peers exchange ping
- D . The interval during which the firewall will remain active following a link monitor failure
Why would a traffic log list an application as "not-applicable”?
- A . The firewall denied the traffic before the application match could be performed.
- B . The TCP connection terminated without identifying any application data
- C . There was not enough application data after the TCP connection was established
- D . The application is not a known Palo Alto Networks App-ID.
An engineer is deploying multiple firewalls with common configuration in Panorama.
What are two benefits of using nested device groups? (Choose two.)
- A . Inherit settings from the Shared group
- B . Inherit IPSec crypto profiles
- C . Inherit all Security policy rules and objects
- D . Inherit parent Security policy rules and objects
Which two policy components are required to block traffic in real time using a dynamic user group (DUG)? (Choose two.)
- A . A Deny policy for the tagged traffic
- B . An Allow policy for the initial traffic
- C . A Decryption policy to decrypt the traffic and see the tag
- D . A Deny policy with the "tag" App-ID to block the tagged traffic
What must be configured to apply tags automatically based on User-ID logs?
- A . Device ID
- B . Log Forwarding profile
- C . Group mapping
- D . Log settings
A network administrator wants to deploy SSL Forward Proxy decryption.
What two attributes should a forward trust certificate have? (Choose two.)
- A . A subject alternative name
- B . A private key
- C . A server certificate
- D . A certificate authority (CA) certificate
A network administrator is trying to prevent domain username and password submissions to phishing sites on some allowed URL categories
Which set of steps does the administrator need to take in the URL Filtering profile to prevent credential phishing on the firewall?
- A . Choose the URL categories in the User Credential Submission column and set action to block Select the User credential Detection tab and select Use Domain Credential Filter Commit
- B . Choose the URL categories in the User Credential Submission column and set action to block Select the User credential Detection tab and select use IP User Mapping Commit
- C . Choose the URL categories on Site Access column and set action to block Click the User credential
Detection tab and select IP User Mapping Commit - D . Choose the URL categories in the User Credential Submission column and set action to block Select the URL filtering settings and enable Domain Credential Filter Commit
Which statement is correct given the following message from the PanGPA log on the GlobalProtect app?
Failed to connect to server at port:47 67
- A . The PanGPS process failed to connect to the PanGPA process on port 4767
- B . The GlobalProtect app failed to connect to the GlobalProtect Portal on port 4767
- C . The PanGPA process failed to connect to the PanGPS process on port 4767
- D . The GlobalProtect app failed to connect to the GlobalProtect Gateway on port 4767
An engineer is tasked with deploying SSL Forward Proxy decryption for their organization.
What should they review with their leadership before implementation?
- A . Browser-supported cipher documentation
- B . Cipher documentation supported by the endpoint operating system
- C . URL risk-based category distinctions
- D . Legal compliance regulations and acceptable usage policies