Palo Alto Networks PCNSE Quiz 62 Topic 8 Questions 306-310

Question: 1

Company.com has an in-house application that the Palo Alto Networks device doesn't identify correctly. A Threat Management Team member has mentioned that this in-house application is very sensitive and all traffic being identified needs to be inspected by the Content-ID engine.

Which method should company.com use to immediately address this traffic on a Palo Alto Networks device?

ACreate a custom Application without signatures, then create an Application Override policy that includes the source, Destination, Destination Port/Protocol and Custom Application of the traffic.

BWait until an official Application signature is provided from Palo Alto Networks.

CModify the session timer settings on the closest referanced application to meet the needs of the in-house application

DCreate a Custom Application with signatures matching unique identifiers of the in-house application traffic

Show Answer

Question: 2

When is it necessary to activate a license when provisioning a new Palo Alto Networks firewall?

AWhen configuring Certificate Profiles

BWhen configuring GlobalProtect portal

CWhen configuring User Activity Reports

DWhen configuring Antivirus Dynamic Updates

Show Answer

Question: 3

Which option is an IPv6 routing protocol?

ARIPv3

BOSPFv3

COSPv3

DBGP NG

Show Answer

Question: 4

Firewall administrators cannot authenticate to a firewall GUI.

Which two logs on that firewall will contain authentication-related information useful in troubleshooting this issue? (Choose two.)

Ams log

Bauthd log

CSystem log

DTraffic log

Edp-monitor .log

Show Answer

Question: 5

An administrator receives the following error message:

'IKE phase-2 negotiation failed when processing Proxy ID. Received local id 192. 168.33.33/24 type IPv4 address protocol 0 port 0, received remote id

172.16.33.33/24 type IPv4 address protocol 0 port 0.'

How should the administrator identify the root cause of this error message?

AVerify that the IP addresses can be pinged and that routing issues are not causing the connection failure.

BCheck whether the VPN peer on one end is set up correctly using policy-based VPN.

CIn the IKE Gateway configuration, verify that the IP address for each VPN peer is accurate.

DIn the IPSec Crypto profile configuration, verify that PFS is either enabled on both VPN peers or disabled on both VPN peers.

Show Answer

Palo Alto Networks PCNSE Quiz:62 Topic:8 Questions:306-310