WWW.NWEXAM.COM
Palo Alto PCNSE Exam Details:Network Security Engineer
PCNSE
$160 USD 90 minutes
75 70%
Firewall Essentials 8.0: Configuration and Management (EDU-210)
Panorama 8.0: Manage Multiple Firewalls (EDU-221)
Firewall 8.0: Debug and Troubleshoot (EDU-311)
PEARSON VUE Palo Alto PCNSE Sample Questions
1
WWW.NWEXAM.COM
We Will Provide You Latest Exam Question and Answers.
1. The Management network port on a firewall can be configured as which type of interface? a) b) c) d)
Layer 2 Layer 3 Virtual wire Serial
Ans. B 2. Which two Palo Alto Networks firewall models support active/active High Availability? (Choose two.) a) b) c) d) e)
PA-200 VM-300 PA-7050 PA-3020 VM-200
Ans. C, D 3. Which three statements are true about Palo Alto Networks Next-Generation Firewalls? (Choose three.) a) The Single Pass Architecture design includes an industry-leading content scanning engine available as a software or hardware option. b) Palo Alto Networks firewalls are part of a Security Platform that includes integration with a Threat Intelligence Cloud. c) The App-ID next-generation feature of the firewall will accurately identify the responsible application generating all traffic passing through the firewall. d) Palo Alto Networks firewalls natively support encrypted connections with IPSec and SSL encryption technologies.
Ans. B, C, D
2
WWW.NWEXAM.COM
4. Complete the following statement: Packet captures can be performed by: (choose three) a) b) c) d)
Security profiles manual configuration by an administrator in the WebUI manual configuration on the CLI specified trigger events from the WebUI
Ans. A, B, C 5. What are three advantages of the Palo Alto Networks Next-Generation Firewall? (Choose three.) a) Application-based rather than port-based traffic recognition for better rules and granularity b) Ports can now be safely ignored because they are no longer a factor c) Uses a stream-based, single-pass parallel processing engine for fast performance d) Application signatures are distributed regularly from Palo Alto Networks, although custom signatures cannot be created e) Provides full Unified Threat Management on a single platform with one policy and log database
Ans. A, C, E
6. In a new firewall, which port provides WebUI access by default? a) b) c) d) e)
Traffic port #1 Any Traffic port Management port Console port Maintenance port
Ans. C 7. Which statement is not true about User-ID? a) b) c) d)
User-ID is collected by an endpoint agent. User-ID monitors Domain Controllers for authentication. User-ID tasks can be shared among multiple firewalls. User-ID collects LDAP group membership data for users.
Ans. A 3
WWW.NWEXAM.COM
8. Firewall configuration files can : (choose two) a) b) c) d)
Be captured at any time and stored on the firewall Restored to the running configuration Transferred out of the firewall Shared between firewalls
Ans. A, C 9. Which two types of encryptions can a Palo Alto Networks firewall decrypt through decryption policies? (Choose two.) a) b) c) d) e)
SSL Blowfish AES SSH 3DES
Ans. A, B
10. The configuration of a DoS Protection profile can defend nodes from which attacks? a) b) c) d)
Floods TCP port scans IP address spoofing ICMP large packets
Ans. A
4
WWW.NWEXAM.COM
VISIT www.nwexam.com
5