PCNSE8 Online Practice Questions and Answers

Which three authentication services can administrator use to authenticate admins into the Palo Alto Networks NGFW without defining a corresponding admin account on the local firewall? (Choose three.)

A. Kerberos

B. PAP

C. SAML

D. TACACS+

E. RADIUS

F. LDAP

Which User-ID method should be configured to map IP addresses to usernames for users connected through a terminal server?

A. port mapping

B. server monitoring

C. client probing

D. XFF headers

Which DoS protection mechanism detects and prevents session exhaustion attacks?

A. Packet Based Attack Protection

B. Flood Protection

C. Resource Protection

D. TCP Port Scan Protection

A company wants to install a PA-3060 firewall between two core switches on a VLAN trunk link. They need to assign each VLAN to its own zone and to assign untagged (native) traffic to its own zone, which options differentiates multiple VLAN into separate zones?

A. Create VLAN objects for each VLAN and assign VLAN interfaces matching each VLAN ID. Repeat for every additional VLANand use a VLAN ID of 0 for untagged traffic. Assign each interface/subinterface to a unique zone.

B. Create V-Wire objects with two V-Wire sub interface and assign only a single VLAN ID to the "Tag Allowed field one of the V-Wire object Repeat for every additional VLAN and use a VIAN ID of 0 for untagged traffic. Assign each interface/ subinterfaceto a unique zone.

C. Create V-Wire objects with two V-Wire interfaces and define a range "0- 4096" in the 'Tag Allowed filed of the V-Wire object.

D. Create Layer 3 sub interfaces that are each assigned to a single VLAN ID and a common virtual router. The physical Layer 3interface would handle untagged traffic. Assign each interface /subinterface to a unique zone. Do not assign any interface anIP address

Which is the maximum number of samples that can be submitted to WildFire per day, based on wildfire subscription?

A. 15,000

B. 10,000

C. 75,00

D. 5,000

When configuring the firewall for packet capture, what are the valid stage types?

A. Receive, management , transmit , and drop

B. Receive , firewall, send , and non-syn

C. Receive management , transmit, and non-syn

D. Receive , firewall, transmit, and drop

Which option enables a Palo Alto Networks NGFW administrator to schedule Application and Threat updates while applying only new content-IDs to traffic?

A. Select download-and-install.

B. Select download-and-install, with "Disable new apps in content update" selected.

C. Select download-only.

D. Select disable application updates and select "Install only Threat updates"

Which three options are available when creating a security profile? (Choose three)

A. Anti-Malware

B. File Blocking

C. Url Filtering

D. IDS/ISP

E. Threat Prevention

F. Antivirus

How are IPV6 DNS queries configured to user interface ethernet1/3?

A. Network > Virtual Router > DNS Interface

B. Objects > CustomerObjects > DNS

C. Network > Interface Mgrnt

D. Device > Setup > Services > Service Route Configuration

Which two actions are required to make Microsoft Active Directory users appear in a firewall traffic log? (Choose two.)

A. Run the User-ID Agent using an Active Directory account that has "event log viewer" permissions

B. Enable User-ID on the zone object for the destination zone

C. Run the User-ID Agent using an Active Directory account that has "domain administrator" permissions

D. Enable User-ID on the zone object for the source zone

E. Configure a RADIUS server profile to point to a domain controller