Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Palo Alto Networks PCNSE Exam

Certification Provider: Palo Alto Networks
Exam: Palo Alto Networks Certified Network Security Engineer
Duration: 2 Hours
Number of questions in the database: 448
Exam Version: Nov. 5, 2022
Exam Topics:
  • Topic 1: Single Topic
Palo Alto Networks PCNSE Comments:
MohamadSameeullah
Highly Voted 7 months, 2 weeks ago
Passed the PCNSE exam on Friday (15/Apr/2022). Around 60% of the questions here were on the exam. Yes, a lot of SSL decryption questions as @Mp84047 said. And few new questions that @Mp84047 has posted here. By the way, I just organized some new questions on GDocs for free: https://docs.google.com/document/d/1Xt_c8bnxGGrnX1pu14oucyPokg80OKzkISWEZ_oafDY/ Goood luck!
upvoted 20 times
Rider85
7 months, 1 week ago
Thank you very much for your contribution, it is good for those of us who are going to examine ourselves in a few days. The questions that I see that are not here I will share with the community.
upvoted 1 times
betko
7 months ago
Be aware, in his word file, there are mostly wrong answers.
upvoted 1 times
Rider85
7 months ago
Last Wednesday I passed the exam following the questions on this list in addition to those published by MohamadSameeullah reviewing the answers that as betko indicates there are some that are not right.
upvoted 1 times
...
...
...
...
PAUGURU
Highly Voted 1 year, 10 months ago
Passed exam today, just more or less 8 new questions, the one I can recall are: - Format of Panorama template variables -> $Panorama - why on panorama in health monitor some entries are in red -> deviations from 7 day average treshold - USB bootstrap file on NTFS filesystem not working -> unsupported filesystem - wildfire file type with basic subscription -> question present here but has different options, I had 4: vbs, bat, pe, eps Good luck
upvoted 16 times
...
Dano26
Most Recent 2 weeks ago
Passed PNCSE exam today. In my exam u have 70% of this questions. If you dont have problems with this test you will not have problems for pass. Good luck
upvoted 2 times
...
pcnsaking
2 months ago
Are these questions up-to-date as of Sept 2022?
upvoted 6 times
arnebagge
1 month, 1 week ago
These are mostly up to date, I saw about 15 questions out of 75 in the exam that are not presented here.
upvoted 2 times
...
...
Skirka
3 months, 1 week ago
Very accurate Q here
upvoted 4 times
...
mopui5154
3 months, 3 weeks ago
Help please with this question, I have doubts between A,BE or B,D,E as correct answer : A network administrator wants to deploy GlobalProtect with pre-logon for Windows 10 endpoints and follow Palo Alto Networks best practices. To install the certificate and key for an endpoint, which three components are required? (Choose three.) A . server certificate B . local computer store C . private key D . self-signed certificate E . machine certificate
upvoted 1 times
jb1770
3 months, 2 weeks ago
I think it's B C and E based on https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEYCA0
upvoted 1 times
...
...
mopui5154
4 months ago
Can anyone help me please with this question : What must be configured on Prisma Access to provide connectivity to the resources in the datacenter? A-Configure a mobile user gateway in the region closest to the datacenter to enable connectivity to the datacenter B-Configure a remote network to provide connectivity to the datacenter C-Configure Dynamic Routing to provide connectivity to the datacenter D-Configure a service connection to provide connectivity to the datacenter
upvoted 1 times
bambooCR
4 months ago
B-Configure a remote network to provide connectivity to the datacenter
upvoted 2 times
...
Quality89
4 months ago
It's D From a slide deck: Service connections are created by using IPsec tunnels between the Prisma Access infrastructure and central sites that usually contain resources to which your remote network users and mobile users, Global Protect or Explicit Proxy, need access. These sites can be physical or virtual. The service connections typically are high-speed connections to a central site, such as headquarters or a private cloud data center, or to virtual networks that support workloads in the public cloud. A service connection usually is used when there is an existing on-premises security device. The service connection should terminate on that on-premises security device. Although this configuration is most common, the technical requirement is that the service connection terminate to an IPsec-compliant device.
upvoted 3 times
...
Alen
4 months ago
no reason a service connection cant be used depending on the deployment. one of the two reasons a service connection exists is to provide access to internal resources in a data centre
upvoted 1 times
...
...
mopui5154
4 months, 2 weeks ago
Hi, can anyone please help me with question ? : When planning to configure SSL Froward Proxy on a PA 5260, a user asks how SSL decryption can be implemented using phased approach in alignment with Palo Alto Networks best practices. What should you recommend? A. Enable SSL decryption for known malicious source IP addresses. B. Enable SSL decryption for source users and known malicious URL categories. C. Enable SSL decryption for malicious source users. D. Enable SSL decryption for known malicious destination IP addresses.
upvoted 2 times
jshow
4 months, 2 weeks ago
i believe D https://docs.paloaltonetworks.com/best-practices/9-1/decryption-best-practices/decryption-best-practices/plan-ssl-decryption-best-practice-deployment
upvoted 2 times
Alen
4 months ago
as per the url, "Plan to decrypt the riskiest traffic first (URL Categories most likely to harbor malicious traffic, such as gaming or high-risk) and then decrypt more as you gain experience". logical answer would be B
upvoted 2 times
...
...
...
mtopolovec
5 months, 3 weeks ago
I passed yesterday...very few questions from this DUMP, but there were some...
upvoted 1 times
...
Alessandr0
5 months, 3 weeks ago
When using certificate authentication for firewall administration, which method us used for authorization a) Radius b) LDAP c) Kerberos d) Local
upvoted 1 times
Alessandr0
5 months, 3 weeks ago
It sound d to me "https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClcCCAS"
upvoted 3 times
...
...
TONNHAN779
6 months ago
You need to allow users to access the office-suite application of their choice. How should you configure the firewall to allow access to any office-suite application? A. Create an Application Group and add Office 365, Evernote Google Docs and Libre Office B. Create an Application Group and add business-systems to it. C. Create an Application Filter and name it Office Programs, then filter it on the office programs subcategory. D. Create an Application Filter and name it Office Programs then filter on the business-systems category.
upvoted 2 times
funmax
5 months, 4 weeks ago
I think it is C
upvoted 8 times
confusion
5 months, 3 weeks ago
A is not as for example there's Open Office which would not be allowed B is not as business-systems will allow much more than just office apps C sounds like correct answer D is not as business-systems category has a lot more than just office applications
upvoted 1 times
confusion
5 months, 3 weeks ago
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/app-id/use-application-objects-in-policy/create-an-application-filter "For example, you may want to enable employees to choose their own office programs (such as Evernote, Google Docs, or Microsoft Office 365) for business use. To safely enable these types of applications, you could create an application filter that matches on the Category business-systems and the Subcategory office-programs."
upvoted 1 times
...
...
...
Jury
5 months, 3 weeks ago
i think it is D
upvoted 2 times
...
...
Makaveli1
6 months, 4 weeks ago
I passed the exam Today (May 4), as it was already shared around 60-70% of the question are from here.
upvoted 2 times
...
Jheax
7 months ago
I passed today (May 5, 2022). I agree with NTL, you cannot rely on ExamTopics alone to pass it. ExamTopics should be used to test yourself and check what areas you need improvement. I would suggest having some real-life experience before you try it. Best of luck to anyone that is going to take this test in the days to come.
upvoted 3 times
...
Alessandr0
7 months ago
152.Cortex XDR notifies an administrator about grayware on the endpoints. There are no entnes about grayware in any of the logs of the corresponding firewall. Which setting can the administrator configure on the firewall to log grayware verdicts? 1- in Threat General Settings, select “Report Grayware Files” 2- in Wildfire General Settings, select “Report Grayware Files” 3- within the log forwarding profile attached to the Security policy rule 4- within the log settings option in the Device tab
upvoted 3 times
Alen
6 months, 4 weeks ago
2 is the answer https://docs.paloaltonetworks.com/wildfire/10-0/wildfire-admin/monitor-wildfire-activity/use-the-firewall-to-monitor-malware/configure-wildfire-submissions-log-settings/enable-logging-for-benign-and-grayware-samples
upvoted 2 times
...
calibre
6 months, 1 week ago
i think 2. only wildfire have that option for grayware
upvoted 5 times
GeoGR2022
5 months, 3 weeks ago
Device->Setup->WildFire and then check the "Report Grayware Files" option: When this option is enabled (disabled by default), files analyzed by WildFire that are determined to be grayware will appear in the Monitor > WildFire Submissions log. Note: Even if this option is enabled on the firewall, email links that WildFire determines to be grayware will not be logged because of the potential quantity of links processed. Value: Enable reporting grayware files to log session information, network activity, host activity, and other information that helps with analytics.
upvoted 2 times
...
...
...
Alessandr0
7 months ago
What would allow a network security administrator to authenticate and identify a user with a new BYOD-type device that is not joined to the corporate domain? A . a Security policy with "known-user” selected in the Source User field B . an Authentication policy with "known-user” selected in the Source User field C . an Authentication policy with ‘unknown’ selected in the Source User field D . a Security policy with “unknown” selected in the Source User field
upvoted 1 times
melek18
6 months ago
C in my opinion
upvoted 4 times
aalz
6 months ago
Are you sure it is not A ?
upvoted 2 times
...
...
Jury
5 months, 3 weeks ago
i think it is D
upvoted 1 times
...
GeoGR2022
5 months, 3 weeks ago
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/policies/policies-authentication/building-blocks-of-an-authentication-policy-rule known-user: Includes all users for whom the firewall already has IP address-to-username mappings before the rule evokes authentication.
upvoted 2 times
...
...
betko
7 months ago
Just to let everyone know: "We are currently updating the PCNSE exam. The new exam will be live in May 2022. Candidates should reference this Blueprint for the upcoming exam." https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/datasheets/education/pcnse-blueprint-future.pdf https://www.paloaltonetworks.com/services/education/certification Looks like this is the reason for all new questions...
upvoted 1 times
...
betko
7 months ago
When you navigate to Network: > GlobalProtect > Portals > Method section, which three options are available? (Choose three) A . user-logon (always on) B . pre-logon then on-demand C . on-demand (manual user initiated connection) D . post-logon (always on) E . certificate-logon A, B, C Checked on my PA.
upvoted 6 times
...

Get ready to prepare like you’ve never prepared before

As we often say at ExamTopics, work smarter not harder. You are about to see a study guide that took hours of hard collection work, expert preparation, and constant feedback. That’s why we know this exam prep will help you get that high-score on your journey to certification. Our study guides are the real thing. Our study guides are so accurate, we have to fight the droves of clone test prep sites that actually steal our material. Don’t worry though, we believe by offering our material free and upholding good values, ExamTopics will always have a strong community and a coveted place in the certification world.

Your journey to pass the PCNSE

Perhaps this is your first step toward the certification, or perhaps you are coming back for another round. We hope that you feel this exam challenges you, teaches you, and prepares you to pass the PCNSE. If this is your first study guide, take a moment to relax. This could be the first step to a new high-paying job and an AMAZING career. If you’ve been around the block a few times, consider taking a moment and answering some questions from newer techies. After all, it’s our great community that illuminates the material and helps build something great.

What should you know before studying the PCNSE?

Every exam and certification has different requirements. If this is a serious venture, make sure to read the prerequisites before preceding. Nothing is worse than wasting months studying for an exam you can’t take or passing an exam that won’t help you get a certification! Our easy search tools are designed to help you find relevant information as well and search for a variety of different exams.

What is the PCNSE focused on?

The PCNSE or as it’s also known, the Palo Alto Networks Certified Network Security Engineer, like all tests, there is a bit of freedom on Palo Alto Networks's part to exam an array of subjects. That means knowing the majority of PCNSE content is required because they test randomly on the many subjects available. Be aware too that experience requirements often exist because they’ve observed the average person and what is required. You can always push past that to succeed with the PCNSE but it may take some extra work.

Rome wasn’t built in a day

Remember that incredible things take time. And just like ancient monuments took years of effort, certification is not easy. It is not always quick either. But it is worth it! Our toolset allows you to engage with an incredible community of expert tech workers and add to the conversation at ExamTopics. If you have questions, don’t forget to leave a comment and reach out. It’s here that you’ll get personalized help unheard of on test prep sites, without the outrageous fees.

Always check the foundation

Some certifications have requirements going back to older exams, while others use two or more tests to help someone pass. If you find the PCNSE is over your head, that’s ok. It might make sense to see if a lower level exam will give you some clarity.

If offered, read the exam objectives

The exam objectives are different for every single exam and usually provided by the certification provider. These normally tell the test taker what subjects are relevant, what they need to know, and why the exam seeks to cover these topics. It’s important to find them out for your specific exam. This can be found on nearly every vendor website and greatly informs the way you’ll study! Don’t worry though, we have taken those objectives into account and seek to create a testing experience comparable to an actual exam.

Remember that certification is quite rewarding

It can be hard to keep your focus on studying but remember that the best jobs in the world are only a few tests away. Whether you enter Cyber Security or do entry level tech work, certification is a clear, learnable, and rewarding path to careers that pay a LOT of money. They offer better work-life balance and you’ll get in with some of the major leaders in the business world. So don’t give up, it is worth it, and all this work will pay off!

Using ExamTopics

Practicing for an exam like the PCNSE can be a full-time job. In fact some exams are actually paid for by work because they are so intensive. Certification is not simple and takes immense work. It takes time, practice, and the right focus. We here at ExamTopics understand that. We understand that because we have been in this industry for years and working in space full of less savory test prep sources. These terrible prep sources pushed our team to make a positive change in the Exam space. We got sick and tired of seeing potential exam candidates get price-gouged over CCNA braindumps. We couldn’t handle knowing that hard workers from across the world, seeking new skills and a better life, get tricked into paying absurd amounts for low-quality exam materials. Often material that was out of date or at best, available online through community sites without hurting the wallet. And it had to stop. You are ready to jump in!

That’s it, the next page will be full of practice questions. Challenging material. And best of all, a chance to hone your skills. It’s ok if you feel in over your head. We all did at some point, this next step is about pushing through that fear and getting ready to tackle something as challenging as the PCNSE. If you get stuck, reach out. If you see others stuck, help them. And as always, like we love to say, work smarter NOT harder!

Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...