PCNSE8 Online Practice Questions and Answers

An administrator has been asked to configure active/active HA for a pair of Palo Alto Networks NGFWs. The firewall use Layer 3 interfaces to send traffic to a single gateway IP for the pair. Which configuration will enable this HA scenario?

A. The two firewalls will share a single floating IP and will use gratuitous ARP to share the floating IP.

B. Each firewall will have a separate floating IP, and priority will determine which firewall has the primary IP.

C. The firewalls do not use floating IPs in active/active HA.

D. The firewalls will share the same interface IP address, and device 1 will use the floating IP if device 0 fails.

An administrator pushes a new configuration from Panorama to a pair of firewalls that are configured as an active/passive HA pair. Which NGFW receives the configuration from Panorama?

A. The Passive firewall, which then synchronizes to the active firewall

B. The active firewall, which then synchronizes to the passive firewall

C. Both the active and passive firewalls, which then synchronize with each other

D. Both the active and passive firewalls independently, with no synchronization afterward

An administrator needs to implement an NGFW between their DMZ and Core network. EIGRP Routing between the two environments is required. Which interface type would support this business requirement?

A. Virtual Wire interfaces to permit EIGRP routing to remain between the Core and DMZ

B. Layer 3 or Aggregate Ethernet interfaces, but configuring EIGRP on subinterfaces only

C. Tunnel interfaces to terminate EIGRP routing on an IPsec tunnel (with the GlobalProtect License to support LSVPN and EIGRPprotocols)

D. Layer 3 interfaces, but configuring EIGRP on the attached virtual router

An administrator has been asked to configure a Palo Alto Networks NGFW to provide protection against external hosts attempting to exploit a flaw in an operating system on an internal system.

Which Security Profile type will prevent this attack?

A. Vulnerability Protection

B. Anti-Spyware

C. URL Filtering

D. Antivirus

Which two options prevent the firewall from capturing traffic passing through it? (Choose two.)

A. The firewall is in multi-vsys mode.

B. The traffic is offloaded.

C. The traffic does not match the packet capture filter.

D. The firewall's DP CPU is higher than 50%.

What is exchanged through the HA2 link?

A. hello heartbeats

B. User-ID information

C. session synchronization

D. HA state information

Which logs enable a firewall administrator to determine whether a session was decrypted?

A. Correlated Event

B. Traffic

C. Decryption

D. Security Policy

In which two types of deployment is active/active HA configuration supported? (Choose two.)

A. TAP mode

B. Layer 2 mode

C. Virtual Wire mode

D. Layer 3 mode

What can missing SSL packets when performing a packet capture on dataplane interfaces?

A. The packets are hardware offloaded to the offloaded processor on the dataplane

B. The missing packets are offloaded to the management plane CPU

C. The packets are not captured because they are encrypted

D. There is a hardware problem with offloading FPGA on the management plane

What are two prerequisites for configuring a pair of Palo Alto Networks firewalls in an active/passive High Availability (HA) pair? (Choose two.)

A. The firewalls must have the same set of licenses.

B. The management interfaces must to be on the same network.

C. The peer HA1 IP address must be the same on both firewalls.

D. HA1 should be connected to HA1. Either directly or with an intermediate Layer 2 device.