PCNSE Free Practice Test

An engineer is configuring SSL Inbound Inspection for public access to a company's application. Which certificate(s) need to be installed on the firewall to ensure that inspection is performed successfully?

1. A. Self-signed CA and End-entity certificate
2. B. Root CA and Intermediate CA(s)
3. C. Self-signed certificate with exportable private key
4. D. Intermediate CA (s) and End-entity certificate

Correct Answer: D

Using multiple templates in a stack to manage many firewalls provides which two advantages? (Choose two.)

1. A. inherit address-objects from templates
2. B. define a common standard template configuration for firewalls
3. C. standardize server profiles and authentication configuration across all stacks
4. D. standardize log-forwarding profiles for security polices across all stacks

Correct Answer: BD

A customer is replacing their legacy remote access VPN solution The current solution is in place to secure only internet egress for the connected clients Prisma Access has been selected to replace the current remote access VPN solution During onboarding the following options and licenses were selected and enabled
- Prisma Access for Remote Networks 300Mbps
- Prisma Access for Mobile Users 1500 Users
- Cortex Data Lake 2TB
- Trusted Zones trust
- Untrusted Zones untrust
- Parent Device Group shared
How can you configure Prisma Access to provide the same level of access as the current VPN solution?

1. A. Configure mobile users with trust-to-untrust Security policy rules to allow the desired traffic outbound to the internet
2. B. Configure mobile users with a service connection and trust-to-trust Security policy rules to allow the desired traffic outbound to the internet
3. C. Configure remote networks with a service connection and trust-to-untrust Security policy rules to allow the desired traffic outbound to the internet
4. D. Configure remote networks with trust-to-trust Security policy rules to allow the desired traffic outbound to the internet

Correct Answer: D

What steps should a user take to increase the NAT oversubscription rate from the default platform setting?

1. A. Navigate to Device > Setup > TCP Settings > NAT Oversubscription Rate
2. B. Navigate to Policies > NAT > Destination Address Translation > Dynamic IP (with session distribution)
3. C. Navigate to Policies > NAT > Source Address Translation > Dynamic IP (with session distribution)
4. D. Navigate to Device > Setup > Session Settings > NAT Oversubscription Rate

Correct Answer: D
NAT oversubscription is a feature that allows you to reuse a translated IP address and port for multiple source devices. This can help you conserve public IP addresses and increase the number of sessions that can be translated by a NAT rule.

In SSL Forward Proxy decryption, which two certificates can be used for certificate signing? (Choose two.)

1. A. wildcard server certificate
2. B. enterprise CA certificate
3. C. client certificate
4. D. server certificate
5. E. self-signed CA certificate

Correct Answer: BE
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/decryption/configure-ssl-forward-proxy.html