Palo Alto Networks PCNSE Quiz 30 Topic 1 Questions 146-150

Question: 1

In a virtual router, which object contains all potential routes?

AMIB

BRIB

CSIP

DFIB

Show Answer

Question: 2

An administrator creates an SSL decryption rule decrypting traffic on all ports. The administrator also creates a Security policy rule allowing only the applications DNS, SSL, and web-browsing.

The administrator generates three encrypted BitTorrent connections and checks the Traffic logs. There are three entries. The first entry shows traffic dropped as application Unknown. The next two entries show traffic allowed as application SSL.

Which action will stop the second and subsequent encrypted BitTorrent connections from being allowed as SSL?

ACreate a decryption rule matching the encrypted BitTorrent traffic with action ''No-Decrypt,'' and place the rule at the top of the Decryption policy.

BCreate a Security policy rule that matches application ''encrypted BitTorrent'' and place the rule at the top of the Security policy.

CDisable the exclude cache option for the firewall.

DCreate a Decryption Profile to block traffic using unsupported cyphers, and attach the profile to the decryption rule.

Show Answer

Question: 3

Which Security policy rule will allow an admin to block facebook chat but allow Facebook in general?

ADeny application facebook-chat before allowing application facebook

BDeny application facebook on top

CAllow application facebook on top

DAllow application facebook before denying application facebook-chat

Show Answer

Question: 4

A client is concerned about resource exhaustion because of denial-of-service attacks against their DNS servers. Which option will protect the individual servers?

AEnable packet buffer protection on the Zone Protection Profile.

BApply an Anti-Spyware Profile with DNS sinkholing.

CUse the DNS App-ID with application-default.

DApply a classified DoS Protection Profile.

Show Answer

Question: 5

If the firewall is configured for credential phishing prevention using the ''Domain Credential Filter'' method, which login will be detected as credential theft?

AMapping to the IP address of the logged-in user.

BFirst four letters of the username matching any valid corporate username.

CUsing the same user's corporate username and password.

DMarching any valid corporate username.

Show Answer

Palo Alto Networks PCNSE Quiz:30 Topic:1 Questions:146-150