PCNSE8 Online Practice Questions and Answers

Which three steps will reduce the CPU utilization on the management plane? (Choose three.)

A. Disable SNMP on the management interface.

B. Application override of SSL application.

C. Disable logging at session start in Security policies.

D. Disable predefined reports.

E. Reduce the traffic being decrypted by the firewall.

An administrator has a requirement to export decrypted traffic from the Palo Alto Networks NGFW to a third-party, deep-level packet inspection appliance. Which interface type and license feature are necessary to meet the requirement?

A. Decryption Mirror interface with the Threat Analysis license

B. Virtual Wire interface with the Decryption Port Export license

C. Tap interface with the Decryption Port Mirror license

D. Decryption Mirror interface with the associated Decryption Port Mirror license

Which data flow describes redistribution of user mappings?

A. User-ID agent to firewall

B. firewall to firewall

C. Domain Controller to User-ID agent

D. User-ID agent to Panorama

Which User-ID method maps IP address to usernames for users connecting through a web proxy that has already authenticated the user?

A. Client Probing

B. Port mapping

C. Server monitoring

D. Syslog listening

Which setting allow a DOS protection profile to limit the maximum concurrent sessions from a source IP address?

A. Set the type to Aggregate, clear the session's box and set the Maximum concurrent Sessions to 4000.

B. Set the type to Classified, clear the session's box and set the Maximum concurrent Sessions to 4000.

C. Set the type Classified, check the Sessions box and set the Maximum concurrent Sessions to 4000.

D. Set the type to aggregate, check the Sessions box and set the Maximum concurrent Sessions to 4000.

A company has a web server behind a Palo Alto Networks next-generation firewall that it wants to make accessible to the public at 1.1.1.1. The company has decided to configure a destination NAT Policy rule. Given the following zone information: DMZ zone: DMZ-L3 Public zone: Untrust-L3 Guest zone: Guest-L3 Web server zone: Trust-L3 Public IP address (Untrust-L3): 1.1.1.1 Private IP address (Trust-L3): 192.168.1.50

What should be configured as the destination zone on the Original Packet tab of NAT Policy rule?

A. Untrust-L3

B. DMZ-L3

C. Guest-L3

D. Trust-L3

The GlobalProtect Portal interface and IP address have been configured. Which other value needs to be defined to complete the network settings configuration of GlobalPortect Portal?

A. Server Certificate

B. Client Certificate

C. Authentication Profile

D. Certificate Profile

Several offices are connected with VPNs using static IPV4 routes. An administrator has been tasked with implementing OSPF to replace static routing. Which step is required to accoumplish this goal?

A. Assign an IP address on each tunnel interface at each site

B. Enable OSPFv3 on each tunnel interface and use Area ID 0.0.0.0

C. Assign OSPF Area ID 0.0.0.0 to all Ethernet and tunnel interfaces

D. Create new VPN zones at each site to terminate each VPN connection

Which two virtualized environments support Active/Active High Availability (HA) in PAN-OS 8.0? (Choose two.)

A. KVM

B. VMware ESX

C. VMware NSX

D. AWS

Which field is optional when creating a new Security Policy rule?

A. Name

B. Description

C. Source Zone

D. Destination Zone

E. Action