Get Full Version of the Exam
http://www.EnsurePass.com/PCNSE.html
Question No.191
The web server is configured to listen for HTTP traffic on port 8080. The clients access the web server using the IPaddress 1.1.1.100 on TCP Port 80. The destination NAT rule is configured to translate both IP address and report to 10.1.1.100 on TCP Port 8080. Which NAT and security rules must be configured on the firewall? (Choose two)
-
A security policy with asource of any from untrust-I3 Zone to a destination of 10.1.1.100 in dmz-I3 zone using web-browsing application
-
A NAT rule with a source of any from untrust-I3 zone to a destination of 10.1.1.100 in dmz-zone using service-http service.
-
A NAT rule with a source of any from untrust-I3 zone to a destination of 1.1.1.100 in untrust-I3 zone using service-http service.
-
A security policy with a source of any from untrust-I3 zone to a destination of 1.1.100 in dmz-I3 zone using web-browsing application.
Correct Answer: BD
Question No.192
A company has a pair of Palo Alto Networks firewalls configured asan Acitve/Passive High Availability (HA) pair. What allows the firewall administrator to determine the last date a failover event occurred?
-
From the CLI issue use the show System log
-
Apply the filter subtype eq ha to the System log
-
Apply the filter subtype eq ha to the configuration log
-
Check the status of the High Availability widget on the Dashboard of the GUI
Correct Answer: B
Question No.193
Which two logs on the firewallwill contain authentication-related information useful for troubleshooting purpose? (Choose two)
-
ms.log
-
traffic.log
-
system.log
-
dp-monitor.log
-
authd.log
Correct Answer: CE
Question No.194
Which two options are required on an M-100 appliance to configure it as a Log Collector? (Choose two)
-
From the Panorama tab of the Panorama GUI select Log Collector mode and then commit changes
-
Enter the command request system system-mode logger then enter Y to confirm the change to Log Collector mode.
-
From the Device tab ofthe Panorama GUI select Log Collector mode and then commit changes.
-
Enter the command logger-mode enable the enter to confirm the change to Log Collector mode.
-
Log in the Panorama CLI of the dedicated Log Collector
Correct Answer: BE
Explanation: https://www.paloaltonetworks.com/documentation/60/panorama/panorama_adminguide/set-up- panorama/set-up-the-m-100-appliance
Question No.195
Which three options does the WF-500 appliance support for local analysis? (Choose three)
-
E-mail links
-
APK files
-
jar files
-
PNG files
-
Portable Executable (PE) files
Correct Answer: ACE
Question No.196
A network design change requires an existing firewall to start accessing Palo Alto Updates from a data plane interface address instead of the management interface. Which configuration setting needs to be modified?
-
Service route
-
Default route
-
Management profile
-
Authentication profile
Correct Answer: A
Question No.197
How are IPV6 DNS queries configured to user interface ethernet1/3?
-
Network gt; Virtual Router gt; DNS Interface
-
Objects gt;CustomerObjects gt; DNS
-
Network gt; Interface Mgrnt
-
Device gt; Setup gt; Services gt; Service Route Configuration
Correct Answer: D
Question No.198
Which three rule types are available when defining policies in Panorama? (Choose three.)
-
Pre Rules
-
Post Rules
-
Default Rules
-
Stealth Rules
-
Clean Up Rules
Correct Answer: ABC
Explanation:
https://www.paloaltonetworks.com/documentation/71/pan-os/web-interface-help/panorama-web- interface/defining-policies-on-panorama
Question No.199
When using the predefined default profile, the policy will inspect for viruses on the decoders. Match each decoder with its default action. Answer options may be used more than once or not at all.
Correct Answer:
Question No.200
Which two interface types can be used when configuring GlobalProtect Portal? (Choose two)
-
Virtual Wire
-
Loopback
-
Layer 3
-
Tunnel
Correct Answer: BC
Get Full Version of the Exam
PCNSE Dumps
PCNSE VCE and PDF