PCNSE8 Online Practice Questions and Answers

Based on the image, what caused the commit warning?

A. The CA certificate for FWDtrust has not been imported into the firewall.

B. The FWDtrust certificate has not been flagged as Trusted Root CA.

C. SSL Forward Proxy requires a public certificate to be imported into the firewall.

D. The FWDtrust certificate does not have a certificate chain.

Which method does an administrator use to integrate all non-native MFA platforms in PAN-OS? software?

A. Okta

B. DUO

C. RADIUS

D. PingID

How would an administrator monitor/capture traffic on the management interface of the Palo Alto Networks NGFW?

A. Use the debug dataplane packet-diag set capture stage firewall file command.

B. Enable all four stages of traffic capture (TX, RX, DROP, Firewall).

C. Use the debug dataplane packet-diag set capture stage management file command.

D. Use the tcpdump command.

A session in the Traffic log is reporting the application as "incomplete." What does "incomplete" mean?

A. The three-way TCP handshake was observed, but the application could not be identified.

B. The three-way TCP handshake did not complete.

C. The traffic is coming across UDP, and the application could not be identified.

D. Data was received but was instantly discarded because of a Deny policy was applied before App-ID could be applied.

Which feature prevents the submission of corporate login information into website forms?

A. Data filtering

B. User-ID

C. File blocking

D. Credential phishing prevention

Which feature can be configured on VM-Series firewalls?

A. aggregate interfaces

B. machine learning

C. multiple virtual systems

D. GlobalProtect

The firewall identifies a popular application as an unknown-tcp. Which two options are available to identify the application? (Choose two.)

A. Create a custom application.

B. Create a custom object for the custom application server to identify the custom application.

C. Submit an Apple-ID request to Palo Alto Networks.

D. Create a Security policy to identify the custom application.

Which two statements are correct for the out-of-box configuration for Palo Alto Networks NGFWs? (Choose two)

A. The devices are pre-configured with a virtual wire pair out the first two interfaces.

B. The devices are licensed and ready for deployment.

C. The management interface has an IP address of 192.168.1.1 and allows SSH and HTTPS connections.

D. A default bidirectional rule is configured that allows Untrust zone traffic to go to the Trust zone.

E. The interface are pingable.

A company has a pair of Palo Alto Networks firewalls configured as an Acitve/Passive High Availability (HA) pair. What allows the firewall administrator to determine the last date a failover event occurred?

A. From the CLI issue use the show System log

B. Apply the filter subtype eq ha to the System log

C. Apply the filter subtype eq ha to the configuration log

D. Check the status of the High Availability widget on the Dashboard of the GUI

Which option is an IPv6 routing protocol?

A. RIPv3

B. OSPFv3

C. OSPv3

D. BGP NG