Guarantee All Exams 100% Pass One Time!

2019 NEW Palo Alto Networks PCNSE:

Palo Alto Networks Certified Security
Engineer (PCNSE) PAN-OS 8.0 Exam
Questions and Answers RELEASED in
Braindump2go.com Online IT Study
Website Today!
2019 Braindump2go Valid Palo Alto Networks
PCNSE Exam Preparation Materials:

2019 Latest 304Q&As PCNSE PDF Dumps and VCE Dumps:

https://www.braindump2go.com/70-742.html
New Question
Which device Group option is assigned by default in Panorama whenever a new device group is
created to manage a Firewall?

A. Universal
B. Master
C. Global
D. Shared

Answer: D
Explanation:
Select the Parent Device Group (default is Shared) that will be just above the device group you
are creating in the device group hierarchy.
https://www.paloaltonetworks.com/documentation/70/panorama/panorama_adminguide/manage-
firewalls/add-a-device-group#_26700

New Question
When performing the "ping" test shown in this CLI output:

Free Download Braindump2go 2019 Latest PCNSE Exam PDF and VCE
Dumps 304q from www.braindump2go.com
100% Pass Guaranteed! 100% Real Exam Questions!
https://www.braindump2go.com/pcnse.html
 Guarantee All Exams 100% Pass One Time!

What will be the source address in the ICMP packet?

A. 10.46.64.94
B. 10.30.0.93
C. 192.168.93.1
D. 10.46.72.93

Answer: A

New Question
Site-A and Site- have a site-to-site VPN set up between them. OSPF is configured to dynamically
create the routes between the sites. The OSPF configuration in Site- is configured properly, but
the route for the tunnel is not being established. The Site- interfaces in the graphic are using a
broadcast Link Type. The administrator has determined that the OSPF configuration in Site- is
Free Download Braindump2go 2019 Latest PCNSE Exam PDF and VCE
Dumps 304q from www.braindump2go.com
100% Pass Guaranteed! 100% Real Exam Questions!
https://www.braindump2go.com/pcnse.html
 Guarantee All Exams 100% Pass One Time!
using the wrong Link Type for one of its interfaces.

Which Link Type setting will correct the error?

A. Set ethernet1/21 to p2p

B. Set tunnel.10 to p2p
C. Set tunnel.10 to p2mp
D. Set ethernet1/21 to p2mp

Answer: B
Explanation:
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/vpns/site-to-site-vpn-quick-
configs/site-to-site-vpn-with-ospf.html

New Question
A network design calls for a "router on a stick" implementation with a PA-5060 performing inter-
VLAN routing. All VLAN-tagged traffic will be forwarded to the PA-5060 through a single dot1q
trunk interface.
Which interface type and configuration setting will support this design?

A. Layer 3 subinterface type with specified tag

B. Layer 3 interface type with specified tag
C. Trunk interface type with specified lag
D. Layer 2 interface type with a VLAN assigned

Answer: A
Explanation:
The interface ethernet1/15 is configured as a layer 3 interface. Subinterfaces corresponding to
each one of the VLAN are created off of the parent interface Ethernet 1/15. Each subinterface is
assigned a VLAN tag and an IP address corresponding to the VLAN provides connectivity.

Free Download Braindump2go 2019 Latest PCNSE Exam PDF and VCE
Dumps 304q from www.braindump2go.com
100% Pass Guaranteed! 100% Real Exam Questions!
https://www.braindump2go.com/pcnse.html
 Guarantee All Exams 100% Pass One Time!

Note: Inter VLAN routing with each VLAN in a unique IP subnet In order for network devices in
different VLANs to communicate, a router must be used to route traffic between the VLANs. While
VLANs help to control local traffic, if a device in one VLAN needs to communicate with a device in
another VLAN, one or more routers must be used for inter VLAN communication. In this
configuration a Palo Alto networks firewall can used to securely route traffic within the VLAN. This
is also commonly called "one arm routing" or "router on a stick".

New Question
Which two virtualized environments support Active/Active High Availability (HA) in PAN-OS 7.0?
(Choose two.)

A. VMware ESX
B. AWS
C. VMware NSX
D. KVM

Answer: AD
Explanation:

New Question
Which Panorama feature allows for logs generated by Panorama to be forwarded to an external
Security Information and Event Management (SIEM) system?

A. Panorama Device Group Log Forwarding

B. Panorama Log Settings
C. Collector Log Forwarding for Collector Groups
D. Panorama Log Templates

Answer: B
Explanation:
To forward Panorama logs:
Panorama > Log Settings > System
Panorama > Log Settings > Config
https://www.paloaltonetworks.com/documentation/61/panorama/panorama_adminguide/manage-
log-collection/enable-log-forwarding-from-panorama-to-external-destinations#_91682
Free Download Braindump2go 2019 Latest PCNSE Exam PDF and VCE
Dumps 304q from www.braindump2go.com
100% Pass Guaranteed! 100% Real Exam Questions!
https://www.braindump2go.com/pcnse.html
 Guarantee All Exams 100% Pass One Time!

New Question
In an enterprise deployment, a network security engineer wants to assign rights to a group of
administrators without creating local administrator accounts on the firewall.
Which authentication method must be used?

A. Kerberos
B. RADlUS with Vendor-Specific Attributes
C. Certificate-based authentication
D. LDAP

Answer: C
Explanation:
As a more secure alternative to password-based authentication to the Panorama web interface,
you can configure certificate-based authentication for administrator accounts that are local to
Panorama. Certificate- based authentication involves the exchange and verification of a digital
signature instead of a password.
https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/set-up-
panorama/configure-a-panorama-administrator-with-certificate-based-authentication-for-the-web-
interface

New Question
Which option is an IPv6 routing protocol?

A. OSPFv3
B. BGP NG
C. OSPFv2
D. RIPv3

Answer: A
Explanation:
OSPFv3 provides support for the OSPF routing protocol within an IPv6 network. As such, it
provides support for IPv6 addresses and prefixes.
https://www.paloaltonetworks.com/documentation/60/pan-os/newfeaturesguide/networking-
features/ospf- v3-support

New Question
Which URL Filtering Security Profile action logs the URL Filtering category to the URL Filtering
log?

A. Allow
B. Log
C. Default
D. Alert

Answer: D
Explanation:
The website is allowed and a log entry is generated in the URL filtering log.
Incorrect Answers:
A: Allow: The website is allowed and no log entry is generated.
Free Download Braindump2go 2019 Latest PCNSE Exam PDF and VCE
Dumps 304q from www.braindump2go.com
100% Pass Guaranteed! 100% Real Exam Questions!
https://www.braindump2go.com/pcnse.html
 Guarantee All Exams 100% Pass One Time!
B: There is no URL Filtering Security Profile action named log.
C: There is no URL Filtering Security Profile action named default.
https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/url-filtering/url-filtering-
profile-actions

New Question
Which authentication source requires the installation of Palo Alto Networks software, other than
PAN-OS 7x, to obtain username-to-IP-address mapping?

A. Aerohive Wireless Access Point

B. Microsoft Terminal Services
C. Palo Alto Networks Captive Portal
D. Microsoft Active Directory

Answer: B
Explanation:
Configure User Mapping for Terminal Server Users
Individual terminal server users appear to have the same IP address and therefore an IP address
to username mapping is not sufficient to identify a specific user. To enable identification of
specific users on Windows-based terminal servers, the Palo Alto Networks Terminal Services
agent (TS agent) allocates a port range to each user. It then notifies every connected firewall
about the allocated port range, which allows the firewall to create an IP address-port-user
mapping table and enable user- and group-based security policy enforcement.
Incorrect Answers:
A: If you want to integrate Aerohive with Palo Alto the suggested route is to run a script on a Kiwi
Syslog Server which parses the Aerohive log and then updates the Palo Alto with Username/IP
address mapping.
A working VB script for Kiwi is provided below.
Etc.
https://www.paloaltonetworks.com/documentation/60/pan-os/pan-os/user-id/configure-user-
mapping-for-terminal-server-users

New Question
Which two actions are required to make Microsoft Active Directory users appear in a firewall
traffic log? (Choose two.)

A. Run the User-ID Agent using an Active Directory account that has "event log viewer" permissions
B. Configure a RADIUS server profile to point to a domain controller
C. Enable User-ID on the zone object for the source zone
D. Enable User-ID on the zone object for the destination zone
E. Run the User-ID Agent using an Active Directory account that has "domain administrator"
permissions

Answer: AC

New Question
Firewall administrators cannot authenticate to a firewall GUI.
Which two logs on that firewall will contain authentication-related information useful in
troubleshooting this issue? (Choose two.)

Free Download Braindump2go 2019 Latest PCNSE Exam PDF and VCE
Dumps 304q from www.braindump2go.com
100% Pass Guaranteed! 100% Real Exam Questions!
https://www.braindump2go.com/pcnse.html
 Guarantee All Exams 100% Pass One Time!
A. dp-monitor.log
B. Traffic log
C. ms.log
D. authd.log
E. System log

Answer: BE

Free Download Braindump2go 2019 Latest PCNSE Exam PDF and VCE
Dumps 304q from www.braindump2go.com
100% Pass Guaranteed! 100% Real Exam Questions!
https://www.braindump2go.com/pcnse.html