Get Full Version of the Exam
http://www.EnsurePass.com/PCNSE.html
Question No.111
A global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck near the User-ID agent server. Which solution in PAN-OS庐 software would help in this case?
-
Application override
-
Redistribution of user mappings
-
Virtual Wire mode
-
Content inspection
Correct Answer: B
Question No.112
Which two virtualization platforms officially support the deployment of Palo Alto NetworksVM- Series firewalls? (Choose two.)
-
Red Hat Enterprise Virtualization (RHEV)
-
Kernel Virtualization Module (KVM)
-
Boot Strap Virtualization Module (BSVM)
-
Microsoft Hyper-V
Correct Answer: BD
Explanation:
https://www.paloaltonetworks.com/products/secure-the-network/virtualized-next-generation- firewall/vm-series
Question No.113
Which three user authentication services can be modified to provide the Palo Alto Networks NGFW with both usernames and role names? (Choose three.)
-
TACACS
-
Kerberos
-
PAP
-
LDAP
-
SAML
-
RADIUS
Correct Answer: ADF
Question No.114
A customer wants to set up a VLAN interface for a Layer 2 Ethernet port. Which two mandatory options are used to configure a VLAN interface? (Choose two.)
-
Virtual router
-
Security zone
-
ARP entries
-
Netflow Profile
Correct Answer: AB
Explanation:
https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/network/network- interfaces/pa-7000-series-layer-2-interface#idd2bcaacc-54b9-4ec9-a1dd-8064499f5b9d
Question No.115
Which User-ID method maps IP address to usernames for users connectingthrough a web proxy that has already authenticated the user?
-
Client Probing
-
Port mapping
-
Server monitoring
-
Syslog listening
Correct Answer: D
Question No.116
Which Security policy rule will allow an admin to block facebook chat but allow Facebook in general?
-
Deny application facebook-chat before allowing application facebook
-
Deny application facebook on top
-
Allow application facebook on top
-
Allow application facebook before denying application facebook-chat
Correct Answer: A
Explanation:
https://live.paloaltonetworks.com/t5/Configuration-Articles/Failed-to-Block-Facebook-Chat- Consistently/ta-p/115673
Question No.117
Which option enables a Palo Alto Networks NGFW administrator to schedule Application and Threat updateswhile applying only new content-IDs to traffic?
-
Select download-and-install.
-
Select download-and-install, with quot;Disable new apps in content updatequot; selected.
-
Select download-only.
-
Select disable application updates and select quot;Install only Threatupdatesquot;
Correct Answer: C
Question No.118
An administrator needs to implement an NGFW between their DMZ and Core network. EIGRP Routingbetween the two environments is required. Which interface type would support this business requirement?
-
Virtual Wire interfaces to permit EIGRP routing to remain between the Core and DMZ
-
Layer 3 or Aggregate Ethernet interfaces, but configuring EIGRPon subinterfaces only
-
Tunnel interfaces to terminate EIGRP routing on an IPsec tunnel (with the GlobalProtect License to support LSVPN and EIGRP protocols)
-
Layer 3 interfaces, but configuring EIGRP on the attached virtual router
Correct Answer: C
Question No.119
Which three steps willreduce the CPU utilization on the management plane? (Choose three.)
-
Disable SNMP on the management interface.
-
Application override of SSL application.
-
Disable logging at session start in Security policies.
-
Disable predefined reports.
-
Reduce the traffic being decrypted by the firewall.
Correct Answer: CDE
Question No.120
Which option would an administrator choose to define the certificate and protocol that Panorama and its managed devices use for SSL/TLSservices?
-
Configure a Decryption Profile and select SSL/TLS services.
-
Set up SSL/TLS under Polices gt;Service/URL Categorygt;Service.
-
Set up Security policy rule to allow SSL communication.
-
Configure an SSL/TLS Profile.
Correct Answer: D
Explanation:
https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/device/device- certificate-management-ssltls-service-profile
Get Full Version of the Exam
PCNSE Dumps
PCNSE VCE and PDF