01. A Panorama template stack contains two templates and one configuration setting has a different value in each template. When Panorama pushes the template stack to the managed firewalls, which setting value will the firewalls receive?
a) value from the top template of the stack
b) value from the bottom template in the stack
c) value from the template designated as the parent
d) value an administrator selects from the two available values
02. Which two external authentication methods can be used with Authentication Profiles in PAN-OS?
(Choose two.)
a) NTLM
b) RSH
c) LDAP
d) RADIUS
03. A company is deploying a pair of PA5060 firewalls in an environment requiring support for asymmetric routing. Which High Availability (HA) mode best supports this design requirement?
a) ActiveActive mode
b) ActivePassive mode
c) HALiteActivePassivemode
d) ActivePassive mode with "tcprejectnonsyn" set to "no"
04. A website is presenting an RSA 2048-bit key. By default, what will the size of the key in the certificate sent by the firewall to the client be when doing SSL Decryption?
a) 512 bits
b) 1024 bits
c) 2048 bits
d) 4096 bits
05. Which two functions can be performed with a nextgeneration firewall but NOT with a legacy firewall?
(Choose two.)
a) Inspecting traffic at the application layer
b) Creating virtual connections out of UDP traffic
c) Checking for suspicious, but technically compliant, protocol behavior
d) Temporarily allowing an external web server to send inbound packets after an outbound request for a web page
06. The Palo Alto Networks Cortex Data Lake can accept logging data from which two products?
(Choose two.)
a) Cortex XDR
b) next-generation firewalls
c) Prisma SaaS
d) MineMeld
e) AutoFocus
07. A legacy virtual router can use a Redistribution Profile to share routes between which three routing protocols?
(Choose three.)
a) static routes
b) IGRP
c) RIP
d) OSPF
e) multicast
08. A potential customer says it wants to maximize the threat detection capability of its next-generation firewall. Which three additional services should it consider implementing to enhance its firewall’s capability to detect threats?
(Choose three.)
a) Cortex XDR
b) WildFire
c) URL Filtering
d) Expedition
e) DNS Security
09. How are log retention periods on Palo Alto Networks firewalls increased?
a) add storage to any firewall model
b) increase the allocation for overall log storage within the firewall
c) turn on log compression
d) forward logs to external Log Collectors
10. A network Administrator needs to view the default action for a specific spyware signature. The administrator follows the tabs and menus through Objects> Security Profiles> Anti-Spyware and select default profile. Wha t should be done next?
a) Click the simple-critical rule and then click the Action drop-down list.
b) Click the Exceptions tab and then click show all signatures.
c) View the default actions displayed in the Action column.
d) Click the Rules tab and then look for rules with "default" in the Action column.
Before you write the Palo Alto PCNSE certification exam, you may have certain doubts in your mind regarding the pattern of the test, the types of questions asked in it, the difficulty level of the questions and time required to complete the questions. These Palo Alto Networks Certified Network Security Engineer (PCNSE PAN-OS 10) sample questions and demo exam help you in removing these doubts and prepare you to take the test.