28% OFF Automatically For You
Paloalto Networks Palo Alto Networks Certified
Network Security Engineer Exam
1.How can a candidate or running configuration be copied to a host external from
A. Commit a running configuration.
B. Save a configuration snapshot.
C. Save a candidate configuration.
D. Export a named configuration snapshot.
2.Which log file can be used to identify SSL decryption failures?
3.A customer wants to set up a site-to-site VPN using tunnel interfaces?
Which two formats are correct for naming tunnel interfaces? (Choose two.)
C. tunnel 1025
D. tunnel. 1
4.If an administrator wants to decrypt SMTP traffic and possesses the server’s
certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to
inspect traffic to the server?
A. TLS Bidirectional Inspection
B. SSL Inbound Inspection
C. SSH Forward Proxy
D. SMTP Inbound Decryption
5.A customer has an application that is being identified as unknown-top for one of
their custom PostgreSQL database connections.
Which two configuration options can be used to correctly categorize their custom
database application? (Choose two.)
A. Application Override policy.
B. Security policy to identify the custom application.
C. Custom application.
D. Custom Service object.
Unlike the App-ID engine, which inspects application packet contents for unique
signature elements, the Application Override policy’s matching conditions are limited