Free Access to PaloAltoNetworks.PCNSE.v2025-06-10.q351 with Valid Practice Test (Page 15)

Question 66

An internal system is not functioning. The firewall administrator has determined that the incorrect egress interface is being used.
After looking at the configuration, the administrator believes that the firewall is not using a static route.
What are two reasons why the firewall might not use a static route? (Choose two.)

A.no install on the route
B.duplicate static route
C.path monitoring on the static route
D.disabling of the static route

Question 67

An administrator has been asked to configure active/active HA for a pair of Palo Alto Networks NGFWs. The firewall use Layer 3 interfaces to send traffic to a single gateway IP for the pair.
Which configuration will enable this HA scenario?

A.The two firewalls will share a single floating IP and will use gratuitous ARP to share the floating IP.
B.Each firewall will have a separate floating IP, and priority will determine which firewall has the primary IP.
C.The firewalls do not use floating IPs in active/active HA.
D.The firewalls will share the same interface IP address, and device 1 will use the floating IP if device 0 fails.

Question 68

A security engineer needs firewall management access on a trusted interface.
Which three settings are required on an SSL/TLS Service Profile to provide secure Web UI authentication?
(Choose three.)

A.Minimum TLS version
B.Certificate
C.Encryption Algorithm
D.Maximum TLS version
E.Authentication Algorithm

Question 69

When is the content inspection performed in the packet flow process?

A.after the application has been identified
B.before session lookup
C.before the packet forwarding process
D.after the SSL Proxy re-encrypts the packet

Question 70

View the GlobalProtect configuration screen capture.

What is the purpose of this configuration?

A.It configures the tunnel address of all internal clients to an IP address range starting at 192.168.10.1.
B.It forces an internal client to connect to an internal gateway at IP address 192.168.10.1.
C.It enables a client to perform a reverse DNS lookup on 192.168.10.1 to detect that it is an internal client.
D.It forces the firewall to perform a dynamic DNS update, which adds the internal gateway's hostname and IP address to the DNS server.

Question 66

Question 67

Question 68

Question 69

Question 70

Download PDF File