PCNSE Free Practice Test

The same route appears in the routing table three times using three different protocols Which mechanism determines how the firewall chooses which route to use?

1. A. Administrative distance
2. B. Round Robin load balancing
3. C. Order in the routing table
4. D. Metric

Correct Answer: A
Administrative distance is the measure of trustworthiness of a routing protocol. It is used to determine the best path when multiple routes to the same destination exist. The route with the lowest administrative distance is chosen as the best route.
When the same route appears in the routing table three times using three different protocols, the mechanism that determines which route the firewall chooses to use is the administrative distance. This is explained in the Palo Alto Networks PCNSE Study Guide in Chapter 6: Routing, under the section "Route Selection":
"Administrative distance is a value assigned to each protocol that the firewall uses to determine which route to use if multiple protocols provide routes to the same destination. The route with the lowest administrative distance is preferred."

Cortex XDR notifies an administrator about grayware on the endpoints. There are no entries about grayware in any of the logs of the corresponding firewall. Which setting can the administrator configure on the firewall to log grayware verdicts?

1. A. within the log forwarding profile attached to the Security policy rule
2. B. within the log settings option in the Device tab
3. C. in WildFire General Settings, select "Report Grayware Files"
4. D. in Threat General Settings, select "Report Grayware Files"

Correct Answer: C

A company has configured a URL Filtering profile with override action on their firewall. Which two profiles are needed to complete the configuration? (Choose two)

1. A. SSUTLS Service
2. B. HTTP Server
3. C. Decryption
4. D. Interface Management

Correct Answer: AD

A network security administrator wants to begin inspecting bulk user HTTPS traffic flows egressing out of the internet edge firewall. Which certificate is the best choice to configure as an SSL Forward Trust certificate?

1. A. A self-signed Certificate Authority certificate generated by the firewall
2. B. A Machine Certificate for the firewall signed by the organization's PKI
3. C. A web server certificate signed by the organization's PKI
4. D. A subordinate Certificate Authority certificate signed by the organization's PKI

Correct Answer: A

SSL Forward Proxy decryption is configured but the firewall uses Untrusted-CA to sign the website https://www important-website com certificate End-users are receiving me "security certificate is not trusted is warning Without SSL decryption the web browser shows that the website certificate is trusted and signed by a well-known certificate chain Well-Known-lntermediate and Well-Known-Root- CA.
The network security administrator who represents the customer requires the following two behaviors when SSL Forward Proxy is enabled:
1 End-users must not get the warning for the https://www.very-important-website.com website. 2 End-users should get the warning for any other untrusted website
Which approach meets the two customer requirements?

1. A. Navigate to Device > Certificate Management > Certificates > Device Certificates importWell-Known-lntermediate-CA and Well-Known-Root-CA select the Trusted Root CA checkbox and commit the configuration
2. B. Install the Well-Known-lntermediate-CA and Well-Known-Root-CA certificates on all end-user systems m the user and local computer stores
3. C. Navigate to Device > Certificate Management - Certificates s Default Trusted Certificate Authorities import Well-Known-intermediate-CA and Well-Known-Root-CA select the Trusted Root CA check box and commit the configuration
4. D. Clear the Forward Untrust Certificate check box on the Untrusted-CA certificate and commit the configuration

Correct Answer: C