PCNSE Exam Sample Questions Answers

Question No 1:

What are the differences between using a service versus using an application for Security Policy match?

A. Use of a “service” enables the firewall to take immediate action with the first observed packet based on port numbers. Use of an “application” allows the firewall
to take immediate action if the port being used is a member of the application standard port list.
B. There are no differences between “service” or “application”. Use of an “application” simplifies configuration by allowing use of a friendly application name instead
of port numbers.
C. Use of a “service” enables the firewall to take immediate action with the first observed packet based on port numbers. Use of an “application” allows the firewall
to take action after enough packets allow for App-ID identification regardless of the ports being used
D. Use of a “service” enables the firewall to take action after enough packets allow for App-ID identification

Answer: A

Question No 2:

The certificate information displayed in the following image is for which type of certificate?

A. Forward Trust certificate
B. Self-Signed Root CA certificate
C. Web Server certificate
D. Public CA signed certificate

Answer: B

Question No 3:

An administrator using an enterprise PKI needs to establish a unique chain of trust to ensure mutual authentication between Panorama and the managed firewalls and Log Collectors. How would the administrator establish the chain of trust?

A. Use custom certificates
B. Enable LDAP or RADIUS integration
C. Set up multi-factor authentication
D. Configure strong password authentication

Answer: A

Question No 4:

Which two benefits come from assigning a Decryption Profile to a Decryption policy rule with a “No Decrypt” action? (Choose two.)

A. Block sessions with expired certificates
B. Block sessions with client authentication
C. Block sessions with unsupported cipher suites
D. Block sessions with untrusted issuers
E. Block credential phishing

Answer: A, D

Question No 5:

A customer wants to set up a site-to-site VPN using tunnel interfaces.
Which two formats are correct for naming tunnel interfaces? (Choose two.)

A. tunnel.1
B. vpn-tunnel.1
C. tunnel.1025
D. vpn-tunnel.1024

Answer: A, C

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *