Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. Palo Alto Networks
  3. PCNSE

Palo Alto Networks PCNSE Exam (page: 12)
Palo Alto Networks Certified Network Security Engineer
Updated on: 02-Mar-2026

Viewing Page 12 of 123
PCNSE PDF 606 Questions

An administrator creates an SSL decryption rule decrypting traffic on all ports. The administrator also creates a Security policy rule allowing only the applications DNS, SSL, and web-browsing.

The administrator generates three encrypted BitTorrent connections and checks the Traffic logs. There are three entries. The first entry shows traffic dropped as application Unknown. The next two entries show traffic allowed as application SSL.

Which action will stop the second and subsequent encrypted BitTorrent connections from being allowed as SSL?

  1. Create a decryption rule matching the encrypted BitTorrent traffic with action “No-Decrypt,” and place the rule at the top of the Decryption policy.
  2. Create a Security policy rule that matches application “encrypted BitTorrent” and place the rule at the top of the Security policy.
  3. Disable the exclude cache option for the firewall.
  4. Create a Decryption Profile to block traffic using unsupported cyphers, and attach the profile to the decryption rule.

Answer(s): D


Reference:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRtCAK



Refer to the exhibit.

Which certificates can be used as a Forward Trust certificate?

  1. Certificate from Default Trust Certificate Authorities
  2. Domain Sub-CA
  3. Forward_Trust
  4. Domain-Root-Cert

Answer(s): B



Which option would an administrator choose to define the certificate and protocol that Panorama and its managed devices use for SSL/TLS services?

  1. Configure a Decryption Profile and select SSL/TLS services.
  2. Set up SSL/TLS under Policies > Service/URL Category > Service.
  3. Set up Security policy rule to allow SSL communication.
  4. Configure an SSL/TLS Profile.

Answer(s): D


Reference:

https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/device/device-certificate-management-ssltls-service-profile



Which menu item enables a firewall administrator to see details about traffic that is currently active through the NGFW?

  1. ACC
  2. System Logs
  3. App Scope
  4. Session Browser

Answer(s): D



Which protection feature is available only in a Zone Protection Profile?

  1. SYN Flood Protection using SYN Flood Cookies
  2. ICMP Flood Protection
  3. Port Scan Protection
  4. UDP Flood Protections

Answer(s): C



Viewing Page 12 of 123



Share your comments for Palo Alto Networks PCNSE exam with other users:

Joseph J 7/11/2023 2:53:00 PM

i found the questions helpful
UNITED STATES


Meg 10/12/2023 8:02:00 AM

q 105 . ans is d
INDIA


Navaneeth S 7/14/2023 7:57:00 AM

i have interest to get a sybase iq dba certification
UNITED STATES


Aish 10/11/2023 5:27:00 AM

want to pass exm.
INDIA


Anonymous 6/12/2023 7:23:00 AM

are the answers correct?
INDIA


Kris 7/7/2023 9:43:00 AM

good morning, could you please upload this exam again, i need it to test my knowledge in sd-wan with version 7.0.
Anonymous


Meghraj mali 10/7/2023 1:47:00 PM

very nice question
CANADA


Noel 11/1/2022 9:14:00 PM

i have learning disability and this exam dumps allowed me to focus on the actual questions and not worry about notes and the those other study materials.
SOUTH AFRICA


Jas 10/25/2023 6:01:00 PM

165 should be apt
UNITED STATES


Neetu 6/22/2023 8:41:00 AM

please upload the dumps, real need of them
Anonymous


Mark 10/24/2023 1:34:00 AM

any recent feeedback?
UNITED STATES


Gopinadh 8/9/2023 4:05:00 AM

question number 2 is indicating you are giving proper questions. observe and change properly.
Anonymous


Santhi 1/1/2024 8:23:00 AM

passed today.40% questions were new.litwere case study,lots of new questions on afd,ratelimit,tm,lb,app gatway.got 2 set series of questions which are not present here.questions on azure cyclecloud, no.of vnet/vms required for implimentation,blueprints assignment/management group etc
INDIA


Raviraj Magadum 1/12/2024 11:39:00 AM

practice test
INDIA


sivaramakrishnan 7/27/2023 8:12:00 AM

want the dumps for emc content management server programming(cmsp)
Anonymous


Aderonke 10/23/2023 1:52:00 PM

brilliant and helpful
UNITED KINGDOM


Az 9/16/2023 2:43:00 PM

q75. azure files is pass
SWITZERLAND


ketty 11/9/2023 8:10:00 AM

very helpful
Anonymous


Sonail 5/2/2022 1:36:00 PM

thank you for these questions. it helped a lot.
UNITED STATES


Shariq 7/28/2023 8:00:00 AM

how do i get the h12-724 dumps
Anonymous


adi 10/30/2023 11:51:00 PM

nice data dumps
Anonymous


EDITH NCUBE 7/25/2023 7:28:00 AM

answers are correct
SOUTH AFRICA


Raja 6/20/2023 4:38:00 AM

good explanation
UNITED STATES


BigMouthDog 1/22/2022 8:17:00 PM

hi team just want to know if there is any update version of the exam 350-401
AUSTRALIA


francesco 10/30/2023 11:08:00 AM

helpful on 2017 scrum guide
EUROPEAN UNION


Amitabha Roy 10/5/2023 3:16:00 AM

planning to attempt for the exam.
Anonymous


Prem Yadav 7/29/2023 6:20:00 AM

pleaseee upload
INDIA


Ahmed Hashi 7/6/2023 5:40:00 PM

thanks ly so i have information cia
EUROPEAN UNION


mansi 5/31/2023 7:58:00 AM

hello team, i need sap qm dumps for practice
INDIA


Jamil aljamil 12/4/2023 4:47:00 AM

it’s good but not senatios based
UNITED KINGDOM


Cath 10/10/2023 10:19:00 AM

q.119 - the correct answer is b - they are not captured in an update set as theyre data.
VIET NAM


P 1/6/2024 11:22:00 AM

good matter
Anonymous


surya 7/30/2023 2:02:00 PM

please upload c_sacp_2308
CANADA


Sasuke 7/11/2023 10:30:00 PM

please upload the dump. thanks very much !!
Anonymous