Free Access PaloAltoNetworks.PCNSE.v2025-03-18.q258 Practice Test (Page 30)

Question 141

A network security administrator wants to inspect HTTPS traffic from users as it egresses through a firewall to the Internet/Untrust zone from trusted network zones. The security admin wishes to ensure that if users are presented with invalid or untrusted security certificates, the user will see an untrusted certificate warning.
What is the best choice for an SSL Forward Untrust certificate?

A.A web server certificate signed by an external Certificate Authority

B.A web server certificate signed by the organization's PKI

C.A self-signed certificate generated on the firewall

D.A subordinate Certificate Authority certificate signed by the organization's PKI

Question 142

How would an administrator monitor/capture traffic on the management interface of the Palo Alto Networks NGFW?

A.Use the debug dataplane packet-diag set capture stage firewall file command.

B.Enable all four stages of traffic capture (TX, RX, DROP, Firewall).

C.Use the debug dataplane packet-diag set capture stage management file command.

D.Use the tcpdump command.

Question 143

The firewall identifies a popular application as an unknown-tcp.
Which two options are available to identify the application? (Choose two.)

A.Create a custom application.

B.Create a custom object for the custom application server to identify the custom application.

C.Submit an App-ID request to Palo Alto Networks.

D.Create a Security policy to identify the custom application.

Question 144

How can an administrator configure the NGFW to automatically quarantine a device using GlobalProtect?

A.by adding the device's Host ID to a quarantine list and configure GlobalProtect to prevent users from connecting to the GlobalProtect gateway from a quarantined device

B.There is no native auto-quarantine feature so a custom script would need to be leveraged.

C.by exporting the list of quarantined devices to a pdf or csv file by selecting PDF/CSV at the bottom of the Device Quarantine page and leveraging the approbate XSOAR playbook

D.by using secunty policies, log forwarding profiles, and log settings.

Question 145

A network engineer has discovered that asymmetric routing is causing a Palo Alto Networks firewall to drop traffic. The network architecture cannot be changed to correct this.
Which two actions can be taken on the firewall to allow the dropped traffic permanently? (Choose two.)

A.Navigate to Network > Zone Protection Click Add
Select Packet Based Attack Protection > TCP/IP Drop Set "Reject Non-syn-TCP" to No Set "Asymmetric Path" to Bypass

B.> set session tcp-reject-non-syn no

C.Navigate to Network > Zone Protection Click Add
Select Packet Based Attack Protection > TCP/IP Drop Set "Reject Non-syn-TCP" to Global Set "Asymmetric Path" to Global

D.# set deviceconfig setting session tcp-reject-non-syn no

Other Version: 4172PaloAltoNetworks.PCNSE.v2024-11-12.q234; 2290PaloAltoNetworks.PCNSE.v2024-05-11.q101; 2765PaloAltoNetworks.PCNSE.v2023-10-12.q86; 4190PaloAltoNetworks.PCNSE.v2023-09-11.q127; 2225PaloAltoNetworks.PCNSE.v2023-03-22.q54; 2655PaloAltoNetworks.PCNSE.v2023-03-21.q68; 2437PaloAltoNetworks.PCNSE.v2023-02-23.q56; 8019PaloAltoNetworks.PCNSE.v2022-07-29.q254; 5104PaloAltoNetworks.PCNSE.v2022-05-14.q137; 5243PaloAltoNetworks.PCNSE.v2022-03-30.q139; 62Palo-Alto-Networks.Exams4sures.PCNSE.v2021-09-24.by.sebastian.300q.pdf

Latest Upload: 201PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 296Nokia.4A0-113.v2026-05-01.q69; 253EC-COUNCIL.312-49v11.v2026-04-30.q214; 228Microsoft.MB-820.v2026-04-30.q101; 209Salesforce.MC-202.v2026-04-30.q57; 205BICSI.INSTC_V8.v2026-04-29.q53; 333NMLS.MLO.v2026-04-28.q82; 242NCARB.Project-Management.v2026-04-28.q27; 459EMC.D-AV-DY-23.v2026-04-27.q184; 1113ServiceNow.CSA.v2026-04-27.q483

Question 141

Question 142

Question 143

Question 144

Question 145

Download PDF File