Get Full Version of the Exam
http://www.EnsurePass.com/PCNSE.html
Question No.141
When a malware-infected host attemptsto resolve a known command-and-control server, the traffic matches a security policy with DNS sinhole enabled, generating a traffic log. What will be the destination IP Address in that log entry?
-
The IP Address of sinkhole.paloaltonetworks.com
-
The IP Address of the command-and-control server
-
The IP Address specified in the sinkhole configuration
-
The IP Address of one of the external DNS servers identified in the anti-spyware database
Correct Answer: C
Explanation:
https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Verify-DNS-Sinkhole-Function- is-Working/ta-p/65864
Question No.142
Palo Alto Networks maintains a dynamic database of malicious domains. Which two Security Platform components use this database to prevent threats? (Choose two)
-
Brute-force signatures
-
BrightCloud Url Filtering
-
PAN-DB URL Filtering
-
DNS-based command-and-control signatures
Correct Answer: CD
Question No.143
Which two methods can be used to mitigate resource exhaustion of an application server? (Choose two)
-
Vulnerability Object
-
DoS Protection Profile
-
Data Filtering Profile
-
Zone Protection Profile
Correct Answer: BD
Question No.144
Several offices are connected with VPNs using static IPv4 routes. An administrator has been tasked with implementing OSPF to replace static routing. Which step is required to accomplish this goal?
-
Assign an IP address on each tunnel interface at each site
-
Enable OSPFv3 on each tunnel interface and use Area ID 0.0.0.0
-
Assign OSPF Area ID 0.0.0.0 to all Ethernet and tunnel interfaces
-
Create new VPN zones at each site toterminate each VPN connection
Correct Answer: C
Question No.145
How can a Palo Alto Networks firewall be configured to send syslog messages in a format compatible with non-standard syslog servers?
-
Enable support for non-standard syslog messages under device management
-
Check the custom-format check box in the syslog server profile
-
Select a non-standard syslog server profile
-
Create a custom log format under the syslog server profile
Correct Answer: D
Question No.146
Which two mechanisms help prevent a spilt brain scenario an Active/Passive High Availability (HA) pair? (Choose two)
-
Configure the management interface as HA3 Backup
-
Configure Ethernet 1/1 as HA1 Backup
-
Configure Ethernet 1/1 as HA2 Backup
-
Configure the management interface as HA2 Backup
-
Configure the management interface as HA1 Backup
-
Configure ethernet1/1 as HA3 Backup
Correct Answer: BE
Question No.147
Which Palo Alto Networks VM-Seriesfirewall is supported for VMware NSX?
-
VM-100
-
VM-200
-
VM-1000-HV
-
VM-300
Correct Answer: C
Question No.148
A network engineer has revived a report of problems reaching 98.139.183.24 through vr1 onthe firewall. The routing table on this firewall is extensive and complex. Which CLI command will help identify the issue?
-
test routing fib virtual-router vr1
-
show routing route type static destination 98.139.183.24
-
test routing fib-lookup ip98.139.183.24 virtual-router vr1
-
show routing interface
Correct Answer: C
Question No.149
Which URL Filtering Security Profile action togs the URL Filtering category to the URLFiltering log?
-
Log
-
Alert
-
Allow
-
Default
Correct Answer: B
Question No.150
A client is deploying a pair of PA-5000 series firewalls using High Availability (HA) in Active/Passive mode. Which statement is true about this deployment?
-
The two devices must share a routable floating IP address
-
The two devices may be different models within the PA-5000 series
-
The HA1 IP address from each peer must be on a different subnet
-
The management port may be used for a backup control connection
Correct Answer: D
Get Full Version of the Exam
PCNSE Dumps
PCNSE VCE and PDF