[Jan 25, 2025] Palo Alto Networks PCNSE Exam Dumps Files, Q1/213: A client has a sensitive application server in their data center and is particularly concerned about

Join the discussion

Question 1/213

A client has a sensitive application server in their data center and is particularly concerned about resource exhaustion because of distributed denial-of-service attacks.
How can the Palo Alto Networks NGFW be configured to specifically protect this server against resource exhaustion originating from multiple IP addresses (DDoS attack)?

A. Define a custom App-ID to ensure that only legitimate application traffic reaches the server.

B. Add a Vulnerability Protection Profile to block the attack.

C. Add QoS Profiles to throttle incoming requests.

D. Add a DoS Protection Profile with defined session count.

Add Comments

Other Question (213q): Q1. A client has a sensitive application server in their data center and is particularly conce...; Q2. An administrator allocates bandwidth to a Prisma Access Remote Networks compute location w...; Q3. A firewall administrator wants to avoid overflowing the company syslog server with traffic...; Q4. Which two settings can be configured only locally on the firewall and not pushed from a Pa...; Q5. How can a Palo Alto Networks firewall be configured to send syslog messages in a format co...; Q6. A firewall administrator requires an A/P HA pair to fail over more quickly due to critical...; Q7. Which profile generates a packet threat type found in threat logs?...; Q8. What can be used as an Action when creating a Policy-Based Forwarding (PBF) policy?...; Q9. What is exchanged through the HA2 link?; Q10. Review the screenshot of the Certificates page. (Exhibit) An administrator for a small LLC...; Q11. Which action disables Zero Touch Provisioning (ZTP) functionality on a ZTP firewall during...; Q12. An engineer must configure the Decryption Broker feature. Which Decryption Broker security...; Q13. An administrator creates an application-based security policy rule and commits the change ...; Q14. Which method will dynamically register tags on the Palo Alto Networks NGFW?...; Q15. An administrator needs to determine why users on the trust zone cannot reach certain websi...; Q16. Which GlobalProtect gateway selling is required to enable split-tunneling by access route,...; Q17. Which two subscriptions are available when configuring panorama to push dynamic updates to...; Q18. Refer to the exhibit. (Exhibit) Using the above screenshot of the ACC, what is the best me...; Q19. An administrator accidentally closed the commit window/screen before the commit was finish...; Q20. An administrator needs to optimize traffic to prefer business-critical applications over n...; Q21. Refer to exhibit. An organization has Palo Alto Networks NGFWs that send logs to remote mo...; Q22. Which two actions would be part of an automatic solution that would block sites with untru...; Q23. What is exchanged through the HA2 link?; Q24. Which version of GlobalProtect supports split tunneling based on destination domain, clien...; Q25. How does Panorama prompt VMWare NSX to quarantine an infected VM?...; Q26. How are IPV6 DNS queries configured to user interface ethernet1/3?...; Q27. How can Panorama help with troubleshooting problems such as high CPU or resource exhaustio...; Q28. When configuring forward error correction (FEC) for PAN-OS SD-WAN, an administrator would ...; Q29. An administrator accidentally closed the commit window/screen before the commit was finish...; Q30. What type of address object would be useful for internal devices where the addressing stru...; Q31. What file type upload is supported as part of the basic WildFire service?...; Q32. An administrator wants multiple web servers in the DMZ to receive connections initiated fr...; Q33. Your company has to Active Directory domain controllers spread across multiple WAN links A...; Q34. An administrator needs to upgrade an NGFW to the most current version of PAN-OS® software....; Q35. Click the Exhibit button below, (Exhibit) A firewall has three PBF rules and a default rou...; Q36. Which GlobalProtect gateway selling is required to enable split-tunneling by access route,...; Q37. How does Panorama prompt VMWare NSX to quarantine an infected VM?...; Q38. Which method will dynamically register tags on the Palo Alto Networks NGFW?...; Q39. When setting up a security profile, which three items can you use? (Choose three.)...; Q40. An administrator receives the following error message: "IKE phase-2 negotiation failed whe...; Q41. Several offices are connected with VPNs using static IPv4 routes. An administrator has bee...; Q42. Which feature must you configure to prevent users form accidentally submitting their corpo...; Q43. A network-security engineer attempted to configure a bootstrap package on Microsoft Azure,...; Q44. An engineer is in the planning stages of deploying User-ID in a diverse directory services...; Q45. An administrator has a PA-820 firewall with an active Threat Prevention subscription The a...; Q46. Which statement is true regarding a Best Practice Assessment?...; Q47. A customer is replacing its legacy remote-access VPN solution Prisma Access has been selec...; Q48. A bootstrap USB flash drive has been prepared using a Windows workstation to load the init...; Q49. An administrator wants to enable WildFire inline machine learning. Which three file types ...; Q50. An administrator just enabled HA Heartbeat Backup on two devices. However, the status on t...; Q51. What are the two behavior differences between Highlight Unused Rules and the Rule Usage Hi...; Q52. An administrator wants to grant read-only access to all firewall settings, except administ...; Q53. Which three options does the WF-500 appliance support for local analysis? (Choose three)...; Q54. An administrator would like to determine which action the firewall will take for a specifi...; Q55. An engineer configures a specific service route in an environment with multiple virtual sy...; Q56. Which DoS protection mechanism detects and prevents session exhaustion attacks?...; Q57. What type of address object would be useful for internal devices where the addressing stru...; Q58. An administrator has been asked to configure a Palo Alto Networks NGFW to provide protecti...; Q59. Where is Palo Alto Networks Device Telemetry data stored on a firewall with a device certi...; Q60. What are two benefits of nested device groups in Panorama? (Choose two.)...; Q61. An administrator encountered problems with inbound decryption. Which option should the adm...; Q62. A firewall has been assigned to a new template stack that contains both "Global" and "Loca...; Q63. You need to allow users to access the office-suite applications of their choice. How shoul...; Q64. A network engineer has discovered that asymmetric routing is causing a Palo Alto Networks ...; Q65. An administrator pushes a new configuration from Panorama to a pair of firewalls that are ...; Q66. A company is upgrading its existing Palo Alto Networks firewall from version 7.0.1 to 7.0....; Q67. A Security policy rule is configured with a Vulnerability Protection Profile and an action...; Q68. What does App-ID inspect to identify an application?...; Q69. A customer wants to set up a VLAN interface for a Layer 2 Ethernet port. Which two mandato...; Q70. Which of the following commands would you use to check the total number of the sessions th...; Q71. What happens when an A/P firewall cluster synchronizes IPsec tunnel security associations ...; Q72. In which two types of deployment is active/active HA configuration supported? (Choose two....; Q73. At which stage of the cyber-attack lifecycle would the attacker attach an infected PDF fil...; Q74. A web server is hosted in the DMZ and the server is configured to listen for incoming conn...; Q75. After implementing a new NGFW, a firewall engineer sees a VoIP traffic issue going through...; Q76. An engineer is deploying multiple firewalls with common configuration in Panorama. What ar...; Q77. What are three valid qualifiers for a Decryption Policy Rule match? (Choose three )...; Q78. Which statement regarding HA timer settings is true?...; Q79. Which feature can provide NGFWs with User-ID mapping information?...; Q80. An administrator wants to upgrade an NGFW from PAN-OS 8.0.2 to PAN-OS 9.0. The firewall is...; Q81. Match each type of DoS attack to an example of that type of attack (Exhibit)...; Q82. A company needs to preconfigure firewalls to be sent to remote sites with the least amount...; Q83. Users have reported an issue when they are trying to access a server on your network. The ...; Q84. Which value in the Application column indicates UDP traffic that did not match an App-ID s...; Q85. Which User-ID method maps IP addresses to usernames for users connecting through an 802.1x...; Q86. Which logs enable a firewall administrator to determine whether a session was decrypted?...; Q87. A client is concerned about resource exhaustion because of denial-of-service attacks again...; Q88. An engineer is tasked with deploying SSL Forward Proxy decryption for their organization. ...; Q89. Based on the image, what caused the commit warning? (Exhibit)...; Q90. Refer to the exhibit. (Exhibit) Based on the screenshots above, what is the correct order ...; Q91. What type of address object would be useful for internal devices where the addressing stru...; Q92. A new application server 192.168.197.40 has been deployed in the DMZ. There are no public ...; Q93. What is considered the best practice with regards to zone protection?...; Q94. Which two actions must an engineer take to configure SSL Forward Proxy decryption? (Choose...; Q95. What are two best practices for incorporating new and modified App-IDs? (Choose two.)...; Q96. Which protection feature is available only in a Zone Protection Profile?...; Q97. Which CLI command displays the current management plane memory utilization?...; Q98. An engineer creates a set of rules in a Device Group (Panorama) to permit traffic to vario...; Q99. If the firewall is configured for credential phishing prevention using the "Domain Credent...; Q100. How would an administrator monitor/capture traffic on the management interface of the Palo...; Q101. Which PAN-OS® policy must you configure to force a user to provide additional credentials ...; Q102. Refer to Exhibit: (Exhibit) A firewall has three PDF rules and a default route with a next...; Q103. Which configuration is backed up using the Scheduled Config Export feature in Panorama?...; Q104. An administrator can not see any Traffic logs from the Palo Alto Networks NGFW in Panorama...; Q105. When you configure an active/active high availability pair which two links can you use? (C...; Q106. Which new PAN-OS 11.0 feature supports IPv6 traffic?...; Q107. What must be configured to apply tags automatically based on User-ID logs?...; Q108. Support for which authentication method was added in PAN-OS 8.0?...; Q109. An administrator creates an application-based security policy rule and commits the change ...; Q110. To more easily reuse templates and template stacks, you can create template variables in p...; Q111. An administrator can not see any Traffic logs from the Palo Alto Networks NGFW in Panorama...; Q112. A web server is hosted in the DMZ and the server is configured to listen for incoming conn...; Q113. A firewall engineer reviews the PAN-OS GlobalProtect application and sees that it implicit...; Q114. A customer wants to combine multiple Ethernet interfaces into a single virtual interface u...; Q115. Use the image below If the firewall has the displayed link monitoring configuration what w...; Q116. What are two best practices for incorporating new and modified App-IDs? (Choose two)...; Q117. A network administrator configured a site-to-site VPN tunnel where the peer device will ac...; Q118. Which prerequisite must be satisfied before creating an SSH proxy Decryption policy?...; Q119. What can you use with Global Protect to assign user-specific client certificates to each G...; Q120. An administrator would like to determine which action the firewall will take for a specifi...; Q121. An administrator has been asked to configure active/passive HA for a pair of Palo Alto Net...; Q122. What happens when an A/P firewall cluster synchronizes IPsec tunnel security associations ...; Q123. A client wants to detect the use of weak and manufacturer-default passwords for loT device...; Q124. Which operation will impact the performance of the management plane?...; Q125. Cortex XDR notifies an administrator about grayware on the endpoints. There are no entries...; Q126. Refer to the exhibit. (Exhibit) An administrator cannot see any of the Traffic logs from t...; Q127. How would an administrator configure a Bidirectional Forwarding Detection profile for BGP ...; Q128. Which GlobalProtect component must be configured to enable Clientless VPN?...; Q129. What will be the egress interface if the traffic's ingress interface is ethernet1/6 sourci...; Q130. Information Security is enforcing group-based policies by using security-event monitoring ...; Q131. An engineer troubleshooting a VPN issue needs to manually initiate a VPN tunnel from the C...; Q132. Which three methods are supported for split tunneling in the GlobalProtect Gateway? (Choos...; Q133. Which function is handled by the management plane (control plane) of a Palo Alto Networks ...; Q134. A QoS profile is configured as shown in the image. The following throughput is realized: -...; Q135. How can an administrator configure the NGFW to automatically quarantine a device using Glo...; Q136. An administrator would like to determine which action the firewall will take for a specifi...; Q137. A company is using wireless controllers to authenticate users. Which source should be used...; Q138. An organization conducts research on the benefits of leveraging the Web Proxy feature of P...; Q139. A traffic log might list an application as "not-applicable" for which two reasons'? (Choos...; Q140. An administrator needs to assign a specific DNS server to one firewall within a device gro...; Q141. Which logs enable a firewall administrator to determine whether a session was decrypted?...; Q142. Refer to the exhibit. (Exhibit) Review the screenshots and consider the following informat...; Q143. What are two benefits of nested device groups in Panorama? (Choose two.)...; Q144. What file type upload is supported as part of the basic WildFire service?...; Q145. What must be configured to apply tags automatically based on User-ID logs?...; Q146. Which three options does Panorama offer for deploying dynamic updates to its managed devic...; Q147. Below are the steps in the workflow for creating a Best Practice Assessment in a firewall ...; Q148. Which profile generates a packet threat type found in threat logs?...; Q149. A firewall is configured with SSL Forward Proxy decryption and has the following four ente...; Q150. Which protection feature is available only in a Zone Protection Profile?...; Q151. During the packet flow process, which two processes are performed in application identific...; Q152. Cortex XDR notifies an administrator about grayware on the endpoints. There are no entnes ...; Q153. An engineer must configure the Decryption Broker feature. To which router must the enginee...; Q154. What is the purpose of the firewall decryption broker?...; Q155. Given the screenshot, how did the firewall handle the traffic?...; Q156. A network engineer has discovered that asymmetric routing is causing a Palo Alto Networks ...; Q157. To more easily reuse templates and template slacks , you can create term plate variables i...; Q158. A network security engineer wants to prevent resource-consumption issues on the firewall. ...; Q159. When an in-band data port is set up to provide access to required services, what is requir...; Q160. What happens, by default, when the GlobalProtect app fails to establish an IPSec tunnel to...; Q161. Which User-ID method maps IP addresses to usernames for users connecting through an 802.1x...; Q162. Refer to the diagram. Users at an internal system want to ssh to the SSH server The server...; Q163. Refer to the exhibit. (Exhibit) An administrator cannot see any of the Traffic logs from t...; Q164. An enterprise has a large Palo Alto Networks footprint that includes onsite firewalls and ...; Q165. Based on the following image, (Exhibit) what is the correct path of root, intermediate, an...; Q166. What are the three key components of a successful Three Tab Demo? (Select the three correc...; Q167. An engineer needs to redistribute User-ID mappings from multiple data centers. Which data ...; Q168. An administrator wants multiple web servers in the DMZ to receive connections initiated fr...; Q169. SAML SLO is supported for which two firewall features? (Choose two.)...; Q170. The UDP-4501 protocol-port is used between which two GlobalProtect components?...; Q171. With the default TCP and UDP settings on the firewall, what will be the identified applica...; Q172. A speed/duplex negotiation mismatch is between the Palo Alto Networks management port and ...; Q173. Drag and Drop Question Match each SD-WAN configuration element to the description of that ...; Q174. On the NGFW. how can you generate and block a private key from export and thus harden your...; Q175. A firewall administrator wants to have visibility on one segment of the company network. T...; Q176. In which two types of deployment is active/active HA configuration supported? (Choose two....; Q177. Which two benefits come from assigning a Decryption Profile to a Decryption policy rule wi...; Q178. A firewall should be advertising the static route 10.2.0.0/24 into OSPF. The configuration...; Q179. After configuring HA in Active/Passive mode on a pair of firewalls the administrator gets ...; Q180. Which Security policy rule will allow an admin to block facebook chat but allow Facebook i...; Q181. Which feature prevents the submission of corporate login information into website forms?...; Q182. In High Availability, which information is transferred via the HA data link?...; Q183. When backing up and saving configuration files, what is achieved using only the firewall a...; Q184. In a template, which two objects can be configured? (Choose two.)...; Q185. Which protocol is supported by GlobalProtect Clientless VPN?...; Q186. An administrator is required to create an application-based Security policy rule to allow ...; Q187. A speed/duplex negotiation mismatch is between the Palo Alto Networks management port and ...; Q188. A company has recently migrated their branch office's PA-220S to a centralized Panorama. T...; Q189. Refer to exhibit. (Exhibit) An organization has Palo Alto Networks NGFWs that send logs to...; Q190. Which action disables Zero Touch Provisioning (ZTP) functionality on a ZTP firewall during...; Q191. What is considered the best practice with regards to zone protection?...; Q192. The decision to upgrade to PAN-OS 10.2 has been approved. The engineer begins the process ...; Q193. Refer to the exhibit. (Exhibit) Based on the screenshots above what is the correct order i...; Q194. In the screenshot above which two pieces of information can be determined from the ACC con...; Q195. Why would a traffic log list an application as "not-applicable"?...; Q196. Decrypted packets from the website https://www.microsoft.com will appear as which applicat...; Q197. Which DoS protection mechanism detects and prevents session exhaustion attacks?...; Q198. Place the steps to onboard a ZTP firewall into Panorama/CSP/ZTP-Service in the correct ord...; Q199. An administrator needs to identify which NAT policy is being used for internet traffic. Fr...; Q200. An administrator wants to upgrade an NGFW from PAN-OS 7.1.2 to PAN-OS 8.1.0. The firewall ...; Q201. Which CLI command enables an administrator to view details about the firewall including up...; Q202. An administrator cannot see any Traffic logs from the Palo Alto Networks NGFW in Panorama ...; Q203. An administrator is configuring a Panorama device group Which two objects are configurable...; Q204. Which virtual router feature determines if a specific destination IP address is reachable?...; Q205. Starting with PAN-OS version 9.1, application dependency information is now reported in wh...; Q206. Below are the steps in the workflow for creating a Best Practice Assessment in a firewall ...; Q207. A global corporate office has a large-scale network with only one User-ID agent, which cre...; Q208. An administrator accidentally closed the commit window/screen before the commit was finish...; Q209. An administrator wants multiple web servers in the DMZ to receive connections initiated fr...; Q210. A company with already deployed Palo Alto firewalls has purchased their first Panorama ser...; Q211. Which CLI command displays the physical media that are connected to ethernet1/8?...; Q212. After switching to a different WAN connection, users have reported that various websites w...; Q213. A company.com wants to enable Application Override. Given the following screenshot: (Exhib...

Join the discussion

Question 1/213

Add Comments

Download PDF File