[Free] 2019(Nov) EnsurePass Palo Alto Networks PCNSE Dumps with VCE and PDF 111-120

November 4, 2019

PCNSE Dumps 2019-11

, , , , , ,

Get Full Version of the Exam
http://www.EnsurePass.com/PCNSE.html

Question No.111

A global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck near the User-ID agent server. Which solution in PAN-OS庐 software would help in this case?

  1. Application override

  2. Redistribution of user mappings

  3. Virtual Wire mode

  4. Content inspection

Correct Answer: B

Question No.112

Which two virtualization platforms officially support the deployment of Palo Alto NetworksVM- Series firewalls? (Choose two.)

  1. Red Hat Enterprise Virtualization (RHEV)

  2. Kernel Virtualization Module (KVM)

  3. Boot Strap Virtualization Module (BSVM)

  4. Microsoft Hyper-V

Correct Answer: BD

Explanation:

https://www.paloaltonetworks.com/products/secure-the-network/virtualized-next-generation- firewall/vm-series

Question No.113

Which three user authentication services can be modified to provide the Palo Alto Networks NGFW with both usernames and role names? (Choose three.)

  1. TACACS

  2. Kerberos

  3. PAP

  4. LDAP

  5. SAML

  6. RADIUS

Correct Answer: ADF

Question No.114

A customer wants to set up a VLAN interface for a Layer 2 Ethernet port. Which two mandatory options are used to configure a VLAN interface? (Choose two.)

  1. Virtual router

  2. Security zone

  3. ARP entries

  4. Netflow Profile

Correct Answer: AB

Explanation:

https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/network/network- interfaces/pa-7000-series-layer-2-interface#idd2bcaacc-54b9-4ec9-a1dd-8064499f5b9d

Question No.115

Which User-ID method maps IP address to usernames for users connectingthrough a web proxy that has already authenticated the user?

  1. Client Probing

  2. Port mapping

  3. Server monitoring

  4. Syslog listening

Correct Answer: D

Question No.116

Which Security policy rule will allow an admin to block facebook chat but allow Facebook in general?

  1. Deny application facebook-chat before allowing application facebook

  2. Deny application facebook on top

  3. Allow application facebook on top

  4. Allow application facebook before denying application facebook-chat

Correct Answer: A

Explanation:

https://live.paloaltonetworks.com/t5/Configuration-Articles/Failed-to-Block-Facebook-Chat- Consistently/ta-p/115673

Question No.117

Which option enables a Palo Alto Networks NGFW administrator to schedule Application and Threat updateswhile applying only new content-IDs to traffic?

  1. Select download-and-install.

  2. Select download-and-install, with quot;Disable new apps in content updatequot; selected.

  3. Select download-only.

  4. Select disable application updates and select quot;Install only Threatupdatesquot;

Correct Answer: C

Question No.118

An administrator needs to implement an NGFW between their DMZ and Core network. EIGRP Routingbetween the two environments is required. Which interface type would support this business requirement?

  1. Virtual Wire interfaces to permit EIGRP routing to remain between the Core and DMZ

  2. Layer 3 or Aggregate Ethernet interfaces, but configuring EIGRPon subinterfaces only

  3. Tunnel interfaces to terminate EIGRP routing on an IPsec tunnel (with the GlobalProtect License to support LSVPN and EIGRP protocols)

  4. Layer 3 interfaces, but configuring EIGRP on the attached virtual router

Correct Answer: C

Question No.119

Which three steps willreduce the CPU utilization on the management plane? (Choose three.)

  1. Disable SNMP on the management interface.

  2. Application override of SSL application.

  3. Disable logging at session start in Security policies.

  4. Disable predefined reports.

  5. Reduce the traffic being decrypted by the firewall.

Correct Answer: CDE

Question No.120

Which option would an administrator choose to define the certificate and protocol that Panorama and its managed devices use for SSL/TLSservices?

  1. Configure a Decryption Profile and select SSL/TLS services.

  2. Set up SSL/TLS under Polices gt;Service/URL Categorygt;Service.

  3. Set up Security policy rule to allow SSL communication.

  4. Configure an SSL/TLS Profile.

Correct Answer: D

Explanation:

https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/device/device- certificate-management-ssltls-service-profile

Get Full Version of the Exam
PCNSE Dumps
PCNSE VCE and PDF

Related Posts