[Free] 2019(Nov) EnsurePass Palo Alto Networks PCNSE Dumps with VCE and PDF 171-180

Get Full Version of the Exam
http://www.EnsurePass.com/PCNSE.html

Question No.171

The company#39;s Panorama server (IP 10.10.10.5) is not able to manage a firewall that was recently deployed.The firewall#39;s dedicated management port is being used to connect to the management network. Which two commands may be used to troubleshoot this issue from the CLI of the new firewall? (Choose two)

  1. test panoramas-connect 10.10.10.5

  2. showpanoramas-status

  3. show arp all I match 10.10.10.5

  4. topdump filter quot;host 10.10.10.5

  5. debug dataplane packet-diag set capture on

Correct Answer: BD

Question No.172

Firewall administrators cannot authenticate to a firewall GUI. Which two logs on that firewall will contain authentication-related information useful in troubleshooting this issue? (Choose two.)

  1. ms log

  2. authd log

  3. System log

  4. Traffic log

  5. dp-monitor .log

Correct Answer: BC

Question No.173

People are having intermittent quality issues during a live meeting via web application.

  1. Use QoS profile to define QoS Classes

  2. Use QoS Classes to define QoS Profile

  3. Use QoS Profile to define QoS Classes and a QoS Policy

  4. Use QoS Classes to define QoS Profile and a QoS Policy

Correct Answer: C

Question No.174

A host attached to ethernet1/3 cannot access the internet. Thedefault gateway is attached to ethernet1/4. After troubleshooting. It is determined that traffic cannot pass from the ethernet1/3 to ethernet1/4. What can be the cause of the problem?

  1. DHCP has been set to Auto.

  2. Interface ethernet1/3 is in Layer 2 mode and interface ethernet1/4 is in Layer 3 mode.

  3. Interface ethernet1/3 and ethernet1/4 are in Virtual Wire Mode.

  4. DNS has not been properly configured on the firewall

Correct Answer: B

Question No.175

A company hosts a publicly accessible web server behind a Palo Alto Networks next-generation firewall with the following configuration information:

image

image

image

Users outside the company are in the quot;Untrust-L3quot; zone. The web server physically resides in the quot;Trust-L3quot; zone. Web server public IP address: 23.54.6.10

image

Web server private IP address: 192.168.1.10

Which two items must the NAT policy contain to allow users in the Untrust-L3 zone to access the web server? (Choose two.)

  1. Destination IPof 23.54.6.10

  2. UntrustL3 for both Source and Destination Zone

  3. Destination IP of 192.168.1.10

  4. UntrustL3 for Source Zone and Trust-L3 for Destination Zone

Correct Answer: AB

Question No.176

What will be the source address in the ICMP packet?

image

A.

10.30.0.93

B.

10.46.72.93

C.

10.46.64.94

D.

192.168.93.1

Correct Answer: C

Question No.177

A network security engineer is asked to provide a report on bandwidth usage. Which tab in the ACC provides the information needed to create the report?

  1. Blocked Activity

  2. Bandwidth Activity

  3. Threat Activity

  4. Network Activity

Correct Answer: D

Question No.178

A firewall administrator has completed most of the steps required to provision a standalone Palo Alto Networks Next-Generation Firewall. As a final step, the administrator wants to test one of the security policies. Which CLI command syntax will display the rule that matches the test?

  1. test security -policy- match source lt;ip_addressgt; destination lt;IP_addressgt; destination port lt;port numbergt; protocol lt;protocol number

  2. show security rule source lt;ip_addressgt; destination lt;IP_addressgt; destination port lt;port numbergt; protocol lt;protocol numbergt;

  3. test security rule source lt;ip_addressgt; destination lt;IP_addressgt; destination port lt;port numbergt; protocol lt;protocol numbergt;

  4. show security-policy-match source lt;ip_addressgt; destination lt;IP_addressgt; destination port lt;port numbergt; protocol lt;protocol numbergt;

Correct Answer: A

Explanation:

test security-policy-match source lt;source IPgt;destination lt;destination IPgt; protocol lt;protocol numbergt;

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Test-Which-Security-Policy- Applies-to-a-Traffic-Flow/ta-p/53693

Question No.179

An administrator is configuring an IPSec VPN to a Cisco ASA at the administrator#39;s home and experiencing issues completing the connection. the followingis the output from the command:

image

What could be the cause of this problem?

  1. The dead peer detection settings do not match between the Palo Alto Networks Firewall and the ASA.

  2. The Proxy IDs on the Palo Alto Networks Firewall do not match the settingon the ASA.

  3. The public IP addresses do not match for both the Palo Alto Networks Firewall and the ASA.

  4. The shared secrets do not match between the Palo Alto Networks Firewall and the ASA.

Correct Answer: C

Question No.180

Which two virtualized environments support Active/Active High Availability (HA) in PAN-OS 8.0? (Choose two.)

  1. KVM

  2. VMware ESX

  3. VMware NSX

  4. AWS

Correct Answer: AB

Get Full Version of the Exam
PCNSE Dumps
PCNSE VCE and PDF