Free Access PaloAltoNetworks.PCNSE.v2023-09-11.q127 Practice Test (Page 9)

Question 36

What is a key step in implementing WildFire best practices?

A.In a mission-critical network, increase the WildFire size limits to the maximum value.

B.Configure the firewall to retrieve content updates every minute.

C.In a security-first network, set the WildFire size limits to the minimum value.

D.Ensure that a Threat Prevention subscription is active.

Question 37

What are two best practices for incorporating new and modified App-IDs? (Choose two.)

A.Run the latest PAN-OS version in a supported release tree to have the best performance for the new App-IDs

B.Configure a security policy rule to allow new App-IDs that might have network-wide impact

C.Perform a Best Practice Assessment to evaluate the impact of the new or modified App-IDs

D.Study the release notes and install new App-IDs if they are determined to have low impact

Question 38

You need to allow users to access the office-suite applications of their choice. How should you configure the firewall to allow access to any office-suite application?

A.Create an Application Group and add Office 365, Evernote Google Docs and Libre Office

B.Create an Application Group and add business-systems to it.

C.Create an Application Filter and name it Office Programs, then filter it on the office programs subcategory.

D.Create an Application Filter and name it Office Programs then filter on the business-systems category.

Question 39

What happens, by default, when the GlobalProtect app fails to establish an IPSec tunnel to the GlobalProtect gateway?

A.It stops the tunnel-establishment processing to the GlobalProtect gateway immediately.

B.It tries to establish a tunnel to the GlobalProtect gateway using SSL/TLS.

C.It keeps trying to establish an IPSec tunnel to the GlobalProtect gateway.

D.It tries to establish a tunnel to the GlobalProtect portal using SSL/TLS.

Question 40

Refer to the diagram. Users at an internal system want to ssh to the SSH server The server is configured to respond only to the ssh requests coming from IP 172.16.16.1.
In order to reach the SSH server only from the Trust zone, which Security rule and NAT rule must be configured on the firewall?