[Free] 2019(Nov) EnsurePass Palo Alto Networks PCNSE Dumps with VCE and PDF 91-100

Get Full Version of the Exam
http://www.EnsurePass.com/PCNSE.html

Question No.91

An administrator encountered problems with inbound decryption.Which option should the administrator investigate as part of triage?

  1. Security policy rule allowing SSL to the target server

  2. Firewall connectivity to a CRL

  3. Root certificate imported into the firewall with quot;Trustquot; enabled

  4. Importation of a certificatefrom an HSM

Correct Answer: A

Explanation:

https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/decryption/configure-ssl- inbound-inspection

Question No.92

A user#39;s traffic traversing a Palo Alto Networks NGFW sometimes can reach http://www.company.com. At other times the session times out. The NGFW has been configured with a PBF rule that the user#39;s traffic matches when it goes to http://www.company.com. How can the firewall be configured automatically disable the PBF rule if the next hop goes down?

  1. Create and add a Monitor Profile with an action of Wait Recover in the PBF rule in question:.

  2. Create and add a Monitor Profile with an action of Fail Over in the PBF rule in question:.

  3. Enable and configure a Link Monitoring Profile for the external interface of the firewall.

  4. Configure path monitoring for the next hop gateway on the default routein the virtual router.

Correct Answer: C

Question No.93

Where can an administrator see both the management plane and data plane CPU utilization in the WebUI?

  1. System log

  2. CPU Utilization widget

  3. Resources widget

  4. System Utilization log

Correct Answer: C

Question No.94

What are the differences between using a service versus using an application for Security Policy match?

  1. Use of a quot;servicequot; enables the firewall to take action after enough packets allow for App-ID identification

  2. Use of a quot;servicequot; enables the firewall to take immediate action with the first observed packet based on port numbers Use ofan quot;applicationquot; allows the firewall to take action after enough packets allow for App-ID identification regardless of the portsbeing used.

  3. There are no differences between quot;servicequot; or quot;applicationquot; Use of an quot;applicationquot; simplifies configuration by allowing use ofa friendly application name instead of port numbers.

  4. Use of a quot;servicequot; enables the firewall to take immediate action with thefirst observed packet based on port numbers. Use ofan quot;applicationquot; allows the firewall to take immediate action it the port being used is a member of the application standardport list

Correct Answer: B

Question No.95

Refer to the exhibit. Which will be the egress interface if the traffic#39;s ingress interface is ethernet

1/7 sourcing from 192.168.111.3 and to the destination 10.46.41.113?

image

  1. ethernet1/6

  2. ethernet1/3

  3. ethernet1/7

  4. ethernet1/5

Correct Answer: D

Question No.96

Which log file can be used to identify SSL decryption failures?

  1. Configuration

  2. Threats

  3. ACC

  4. Traffic

Correct Answer: C

Question No.97

In High Availability, which information is transferred via the HA data link?

  1. session information

  2. heartbeats

  3. HA state information

  4. User-ID information

Correct Answer: A

Explanation:

https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/high-availability/ha-links-and- backup-links

Question No.98

Which event will happen if an administrator uses an Application OverridePolicy?

  1. Threat-ID processing time is decreased.

  2. The Palo Alto Networks NGFW stops App-ID processing at Layer 4.

  3. The application name assigned to the traffic by the security rule is written to the Traffic log.

  4. App-ID processing time is increased.

Correct Answer: B

Explanation:

https://live.paloaltonetworks.com/t5/Learning-Articles/Tips-amp-Tricks-How-to-Create-an- Application-Override/ta-p/65513

Question No.99

An administrator has been asked to configure a Palo Alto Networks NGFW to provide protection against worms and trojans. Which Security Profile type will protect against worms and trojans?

  1. Anti-Spyware

  2. Instruction Prevention

  3. File Blocking

  4. Antivirus

Correct Answer: D

Explanation:

https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/policy/antivirus-profiles

Question No.100

An administrator creates an SSL decryption rule decrypting traffic on all ports. The administrator also creates a Security policy rule allowing only the applications DNS, SSL, and web-browsing. The administrator generates three encrypted BitTorrent connections and checks the Traffic logs. There are three entries. The first entry shows traffic dropped as application Unknown. The next two entries show traffic allowed as application SSL. Which action will stop the second and subsequent encrypted BitTorrent connections from being allowed as SSL?

  1. Create a decryption rule matching the encrypted BitTorrent traffic with action quot;No-Decrypt,quot; and place the rule at the top of the Decryption policy.

  2. Create a Security policy rule that matches application quot;encrypted BitTorrentquot; and place the rule at the top of the Security policy.

  3. Disable the exclude cache option for the firewall.

  4. Create a Decryption Profile to block traffic using unsupported cyphers, and attach the profile to the decryption rule.

Correct Answer: D

Get Full Version of the Exam
PCNSE Dumps
PCNSE VCE and PDF

Leave a Reply