pcnse-exam-questions-part-1

PCNSE Exam Questions Part-1

Leave a Comment / online job oriented training / By

PCNSE Exam Questions Part-1

 

Q1. WF-500 Appliance support for local analysis are –

|_Email Link, Java Archives Files(JAR) Files, Portable Executable Files(PE)

|_The WF-500 Appliance is an on-premises Wildfire appliance by Palo Alto Networks.

|_It provide private cloud environment for analyzing suspicious files and identifying malware.

|_It is beneficial for environments with strict data privacy requirements.

 

Q2. Company.com has an in-house application that the Palo Alto Networks device doesn’t identify correctly. A threat management team member has mentioned that this in-house application is very sensitive and all traffic being identified needs to be inspected by the Content-ID engine. Which method should company.com use to immediately address this traffic on a Palo Alto Network Device?

|_Create a custom application with signatures matching unique identifiers of the in-house application traffic

Reason:

|_Create a custom application with a signature and attach it to a security policy or create a custom application and define an application override policy

|_A custom application allows you to customize the definition of the internal application

|_Creating a custom application allows you to correctly identify the application in the ACC and traffic logs and is useful in auditing/reporting on the application on your network.

|_Note: how to create Custom Application with signatures

!!! Go to Objects ->Applications in the firewall, Then enter a name and description, Also application properties such as category, subcategory, risk and characteristics for the custom applications. Under the advanced tab, define the signature settings!!!

 

Q 3. After pushing a security policy from Panorma to a PA-3020 firewall, the firewall administrator notices that traffic logs from the PA-3020 are not appearing in Panormama’s traffic logs. What could be the problem?

Ans: None of the firewall’s policies have been assigned a Log Forwarding profile

|_Log forwarding configuration: Ensure that the PA-3020 firewall is correctly configured to forward logs to Panorama. Check the log forwarding profile and verify that it is applied to the appropriate security policies.

|_Connectivity Issues: Verify that there is network connectivity between PA-3020 firewall and Panorama. Also ensure that there are no firewall rules or network issues blocking the log traffic

Q 4. Which component enabled on a perimeter firewall will allow the identification of existing infected hosts in an environment?

|_Anti-Spyware profiles applied outbound security policies with DNS Query action set to sinkhole

|_DNS sinkhole is an action that can be enabled in Anti-Spyware profiles. A DNS sinkhole can be used to identify infected hosts on a protected network using DNS traffic.

|_The DNS sinkhole enables the Palo Alto Networks device to forge a response to a DNS query for a known malicious domain/URL.

Q 5. Which two statements are correct for the out-of-box configuration for Palo-Alto Networks NGFWs?

|_The device are pre-configured with a virtual wire pair out the first two interfaces

|_The Management interface has an IP address of 192.168.1.1 and allows SSH and HTTPS connections.

Q6. A network security engineer is asked to perform  a Return Merchandise Authorization (RMA) on a firewall. Which part of files needs to be imported back into the replacement firewall that is using Panorama?

|_Device State and license files

|_Device State: this includes the configuration and state of the firewall. You can export the device state from the old firewall and import it into the new one

|_Ensure that the licenses are transferred from the old firewall to the new one. This can be done through the palo alto network support portal

|_Certificate: Any certificates used by the firewall should be exported from the old device and imported into the new one.

Q 7. A network engineer has revived a report of problems reaching 98.139.183.24 through vr1 on the firewall. The routing table on this firewall is extensive and complex. Which CLI command will help identify the issue?

|_test routing fib-lookup ip 98.139.183.24 virtual-router vr1

|_show routing route | match 98.139.183.24

|_show routing fib virtual-router vr1 | Match 98.139.183.24

*this will provide the specific forwarding path for the IP address within the virtual router VR1

Q 8. Which two mechanisms help prevent a split brain scenario an Active/Passive High Availability (HA) pair?

Configure Ethernet 1/1 as HA1 Backup

Configure the management interface as HA1 Backup

A split-brain scenario is an Active/High (HA) pair occurs when both nodes in the HA pair mistakenly believe they are the active node. This can lead to data corruption, network instability and other issues because both nodes are trying to manage the same resources simultaneously.

NOTE: In Active/Passive HA setup, one node is active and handles all the traffic, while the other node is passive and stands by to take over if the active node fails.

Reasons for Split-Brain

—-

  1. Communication failure: if the communication link often called the heartbeat link between the two nodes fails
  2. Network Issues: Problems in the network infrastructure
  3. Configuration Errors: Misconfigurations in the HA setup can lead to split-brain

 

Q9 . What are three valid actions in a File Blocking Profile? – Block, Alert & Continue

Block – When a specified file type is detected, the file is blocked and a customizable block page is presented to the user.

Alert – When a specified file type is detected, a log entry is generated in the data filtering log, but the file is not blocked. This action is useful for monitoring purposes.

Continue – When a specified file type is detected, the user is prompted with a warning and must acknowledge it before the file is allowed to pass through. The users are aware of the potential risks associated with the file.

Q 10. Which interface configuration will accept VLAN IDs? – Subinterface

We can only assign a single VLAN to a subinterface, and not to the physical interface. Each subinterface must have a VLANID before it can pass traffic.

In Palo Alto Networks firewalls, we can configure interfaces to accept VLAN IDs by setting up Layer 2 interfaces and subinterfaces.

  1. Layer 2 Interface: Configure the main interface as a layer 2 interface.
  2. Subinterface: Create subinterfaces under the main layer 2 interface each with a specific VLAN ID.
  3. Assign to Security Zone: Assign each subinterface to a security zone to apply policies.
  4. Example:

To configure ethernet1/1 to handle VLANs 10 and 20, you would create subinterfaces ethernet1/1.10 and ethernet1/1.20 with VLAN tags 10 and 20, respectively

Q 11. Palo Alto networks maintains a dynamic database of malicious domains. Which two security Platform components use this database to prevent threats?

PAN-DB URL Filtering

DNS-based command-and control signatures

 

Leave a Comment

Your email address will not be published. Required fields are marked *

Join Our Community

Enter your email address to register to our newsletter subscription delivered on regular basis!