PCNSE Free Practice Test

A firewall administrator needs to be able to inspect inbound HTTPS traffic on servers hosted in their DMZ to prevent the hosted service from being exploited. Which combination of features can allow PAN-OS to detect exploit traffic in a session with TLS encapsulation?

1. A. Decryption policy and a Data Filtering profile
2. B. a WildFire profile and a File Blocking profile
3. C. Vulnerability Protection profile and a Decryption policy
4. D. a Vulnerability Protection profile and a QoS policy

Correct Answer: C

You need to allow users to access the office-suite applications of their choice. How should you configure the firewall to allow access to any office-suite application?

1. A. Create an Application Group and add Office 365, Evernote Google Docs and Libre Office
2. B. Create an Application Group and add business-systems to it.
3. C. Create an Application Filter and name it Office Programs, then filter it on the office programs subcategory.
4. D. Create an Application Filter and name it Office Programs then filter on the business-systems category.

Correct Answer: C

When using SSH keys for CLI authentication for firewall administration, which method is used for authorization?

1. A. Local
2. B. LDAP
3. C. Kerberos
4. D. Radius

Correct Answer: A
When using SSH keys for CLI authentication for firewall administration, the method used for authorization is local. This is described in the Palo Alto Networks PCNSE Study Guide in Chapter 4: Authentication and Authorization, under the section "CLI Authentication with SSH Keys":
"SSH keys use public key cryptography to authenticate users, but they do not provide a mechanism for authorization. Therefore, when using SSH keys for CLI authentication, authorization is always performed locally on the firewall."

The manager of the network security team has asked you to help configure the company's Security Profiles according to Palo Alto Networks best practice As part of that effort, the manager has assigned you the Vulnerability Protection profile for the internet gateway firewall.
Which action and packet-capture setting for items of high severity and critical severity best matches Palo Alto Networks best practice?

1. A. action 'reset-both' and packet capture 'extended-capture'
2. B. action 'default' and packet capture 'single-packet'
3. C. action 'reset-both' and packet capture 'single-packet'
4. D. action 'reset-server' and packet capture 'disable'

Correct Answer: C
https://docs.paloaltonetworks.com/best-practices/10-2/internet-gateway-best-practices/best-practice-internet-gate "Enable extended-capture for critical, high, and medium severity events and single-packet capture for low severity events. "
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/objects/objects-security-profiles-vulner

What are two valid deployment options for Decryption Broker? (Choose two)

1. A. Transparent Bridge Security Chain
2. B. Layer 3 Security Chain
3. C. Layer 2 Security Chain
4. D. Transparent Mirror Security Chain

Correct Answer: AB
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/decryption/decryption-broker