PCNSE8 Online Practice Questions and Answers

Which feature can provide NGFWs with User-ID mapping information?

A. Web Captcha

B. Native 802.1q authentication

C. GlobalProtect

D. Native 802.1x authentication

What should an administrator consider when planning to revert Panorama to a pre-PAN-OS 8.1 version?

A. Panorama cannot be reverted to an earlier PAN-OS release if variables are used in templates or template stacks.

B. An administrator must use the Expedition tool to adapt the configuration to the pre-PAN-OS 8.1 state.

C. When Panorama is reverted to an earlier PAN-OS release, variables used in templates or template stacks will be removed automatically.

D. Administrators need to manually update variable characters to those used in pre-PAN-OS 8.1.

An administrator has been asked to configure a Palo Alto Networks NGFW to provide protection against worms and trojans. Which Security Profile type will protect against worms and trojans?

A. Anti-Spyware

B. WildFire

C. Vulnerability Protection

D. Antivirus

Which three settings are defined within the Templates object of Panorama? (Choose three.)

A. Setup

B. Virtual Routers

C. Interfaces

D. Security

E. Application Override

Which three file types can be forwarded to WildFire for analysis as a part of the basic WildFire service? (Choose three.)

A. dll

B. exe

C. src

D. apk

E. pdf

F. jar

An administrator has users accessing network resources through Citrix XenApp 7 x.

Which User-ID mapping solution will map multiple users who are using Citrix to connect to the network and access resources?

A. Client Probing

B. Terminal Services agent

C. GlobalProtect

D. Syslog Monitoring

A client has a sensitive application server in their data center and is particularly concerned about resource exhaustion because of distributed denial-of-service attacks. How can the Palo Alto Networks NGFW be configured to specifically protect this server against resource exhaustion originating from multiple IP addresses (DDoS attack)?

A. Define a custom App-ID to ensure that only legitimate application traffic reaches the server.

B. Add a Vulnerability Protection Profile to block the attack.

C. Add QoS Profiles to throttle incoming requests.

D. Add a DoS Protection Profile with defined session count.

A company has a pair of Palo Alto Networks firewalls configured as an Acitve/Passive High Availability (HA) pair. What allows the firewall administrator to determine the last date a failover event occurred?

A. From the CLI issue use the show System log

B. Apply the filter subtype eq ha to the System log

C. Apply the filter subtype eq ha to the configuration log

D. Check the status of the High Availability widget on the Dashboard of the GUI

Several offices are connected with VPNs using static IPV4 routes. An administrator has been tasked with implementing OSPF to replace static routing. Which step is required to accoumplish this goal?

A. Assign an IP address on each tunnel interface at each site

B. Enable OSPFv3 on each tunnel interface and use Area ID 0.0.0.0

C. Assign OSPF Area ID 0.0.0.0 to all Ethernet and tunnel interfaces

D. Create new VPN zones at each site to terminate each VPN connection

Which Device Group option is assigned by default in Panorama whenever a new device group is created to manage a Firewall?

A. Master

B. Universal

C. Shared

D. Global