Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Manage, Monitor and Operate practice sets

PCNSE Manage, Monitor and Operate • Complete Question Bank

PCNSE Manage, Monitor and Operate — All Questions With Answers

Complete PCNSE Manage, Monitor and Operate question bank — all 0 questions with answers and detailed explanations.

81
Questions
Free
No signup
Certifications/PCNSE/Practice Test/Manage, Monitor and Operate/All Questions
Question 1easymultiple choice
Read the full Manage, Monitor and Operate explanation →

A security administrator notices that a specific user is generating excessive logs due to repeated authentication failures. The administrator wants to see only failed authentication events for that user in the monitor tab. Which filter string should be used in the log viewer?

Question 2easymultiple choice
Read the full Manage, Monitor and Operate explanation →

An administrator wants to generate a report that shows the top applications by bandwidth usage over the last week. Which report type should be used to accomplish this?

Question 3easymultiple choice
Review the full subnetting walkthrough →

A firewall administrator needs to troubleshoot a connectivity issue where users in the 10.0.1.0/24 subnet cannot reach the internet. The administrator suspects a missing policy. Which tool within the firewall's web interface can be used to test which security policy will be matched for a given traffic flow?

Question 4mediummultiple choice
Read the full Manage, Monitor and Operate explanation →

A company has a firewall with multiple virtual systems (vsys). The administrator wants to delegate management of one vsys to a junior administrator, allowing them to configure security policies but not access system settings or other vsys. Which administrative role should be assigned?

Question 5mediummultiple choice
Read the full Manage, Monitor and Operate explanation →

An administrator is troubleshooting high CPU usage on a PA-5250 firewall. The CPU usage spikes every 5 minutes. Which CLI command should be used to identify the process causing the spike?

Question 6mediummultiple choice
Read the full Manage, Monitor and Operate explanation →

A firewall is configured with two ISPs for redundancy. The administrator wants to ensure that traffic from internal users is load-balanced across both links based on source IP. Which configuration method should be used?

Question 7mediummultiple choice
Read the full Manage, Monitor and Operate explanation →

An administrator receives an alert that a firewall's disk usage is at 85%. The administrator wants to reduce disk usage by automatically deleting older log files. Which action should be taken?

Question 8hardmultiple choice
Read the full Manage, Monitor and Operate explanation →

A firewall is deployed in an Active/Passive HA pair. The administrator notices that the passive firewall is not synchronizing configuration changes. The 'show high-availability state' command shows the passive firewall in a 'non-functional' state. What is the most likely cause?

Question 9hardmultiple choice
Read the full Manage, Monitor and Operate explanation →

A security team needs to capture traffic for forensic analysis of a specific application that uses non-standard ports. The administrator wants to capture packets on the firewall for that application only, without affecting performance. Which method should be used?

Question 10easymulti select
Read the full Manage, Monitor and Operate explanation →

Which TWO of the following are valid methods to upgrade the PAN-OS software on a firewall? (Choose two.)

Question 11mediummulti select
Read the full Manage, Monitor and Operate explanation →

Which THREE of the following are valid actions that can be taken on a dynamic block list entry? (Choose three.)

Question 12hardmulti select
Read the full Manage, Monitor and Operate explanation →

Which TWO of the following are valid considerations when configuring Log Forwarding for Panorama? (Choose two.)

Question 13easymultiple choice
Read the full Manage, Monitor and Operate explanation →

Refer to the exhibit. The firewall's disk usage is at 85% overall, and the /opt/panlogs partition is at 92%. The administrator wants to free up space without losing important log data. Which action should be taken first?

Exhibit

Refer to the exhibit.

admin@PA-5000> show system resources
CPU: 15% used
Memory: 45% used
Disk: /dev/sda1 85% used

admin@PA-5000> show logging-status
Disk space usage:
  /opt/pancfg: 70% used
  /opt/panlogs: 92% used
Question 14mediummultiple choice
Read the full Manage, Monitor and Operate explanation →

Refer to the exhibit. The firewall is experiencing high dataplane CPU usage (85%) with 45,000 active sessions out of a maximum of 100,000. Which of the following is the most likely cause of the high CPU?

Exhibit

Refer to the exhibit.

admin@PA-3020> show session info
Total active sessions: 45000
TCP sessions: 40000
UDP sessions: 5000

admin@PA-3020> show session stats
Max sessions: 100000
Current sessions: 45000

admin@PA-3020> show running resource-monitor
Dataplane CPU: 85%
Question 15hardmultiple choice
Read the full Manage, Monitor and Operate explanation →

Refer to the exhibit. The firewall is active in an HA pair, but the peer is non-functional. The HA2 link is down. What is the most likely cause of the peer being non-functional?

Exhibit

Refer to the exhibit.

admin@PA-5250> show high-availability state

HA State: active
HA Link Status:
  HA1: up
  HA2: down
  HA3: down

Peer State: non-functional
Question 16hardmultiple choice
Review the full routing breakdown →

A medium-sized enterprise has a PA-3220 firewall deployed in a data center with two ISPs (ISP-A and ISP-B) for redundancy. The firewall is configured with two virtual routers: VR-Trust for internal networks and VR-Untrust for external connections. Each ISP is connected to a separate physical interface (ethernet1/1 for ISP-A, ethernet1/2 for ISP-B) and both are placed in VR-Untrust with static default routes. The internal network uses 10.0.0.0/16. The firewall has a security policy that allows all outbound traffic from internal to external. Recently, users have reported that internet access is slow during peak hours. The administrator checks the dataplane CPU and sees it averaging 80-90%. The session count is 200,000 out of a maximum of 500,000. The administrator also notices that the firewall is using only ISP-A for all outbound traffic, even though both ISPs have equal bandwidth. The administrator wants to reduce CPU usage and utilize both ISP links. Which action should the administrator take?

Question 17hardmultiple choice
Read the full NAT/PAT explanation →

A large organization has a PA-5250 firewall pair in active/passive HA mode. The firewalls are managed by Panorama. The security team recently created a new security policy rule to block a specific application (app-block-rule) and pushed the configuration from Panorama. After the push, the active firewall shows the new rule in the security policy list, but traffic matching the rule is not being blocked. The administrator checks the traffic logs and sees that the traffic is being allowed by a different rule with a higher priority. The administrator also notices that the 'app-block-rule' has an 'any' source and destination zone, but the allowed rule has specific zones. The administrator runs 'show session info' and sees that the sessions are being created before the policy push. The administrator wants to ensure that existing sessions are subject to the new policy. Which action should the administrator take?

Question 18mediumdrag order
Read the full Manage, Monitor and Operate explanation →

Arrange the steps to configure a new zone on a Palo Alto Networks firewall in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 19mediumdrag order
Read the full Manage, Monitor and Operate explanation →

Arrange the steps to configure a new administrator account with role-based access.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 20mediummatching
Read the full Manage, Monitor and Operate explanation →

Match each Palo Alto Networks feature to its primary function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Application identification and control

User and group mapping for policies

Threat prevention including IPS and antivirus

Cloud-based malware analysis

Remote access VPN and mobile security

Question 21mediummatching
Read the full Manage, Monitor and Operate explanation →

Match each Palo Alto Networks product to its primary use case.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Next-generation firewall for enterprise

Virtual firewall for cloud environments

Container firewall for Kubernetes

Cloud-delivered security for remote users

Extended detection and response for endpoints

Question 22easymultiple choice
Read the full network assurance explanation →

A network administrator notices that traffic logs are not being sent to the external Syslog server. The log forwarding profile is configured correctly. Which CLI command should be used to verify the Syslog server connectivity from the firewall?

Question 23mediummultiple choice
Read the full Manage, Monitor and Operate explanation →

A security team is implementing SSL Decryption. They want to ensure that traffic to health-related websites is not decrypted due to privacy concerns. Which method should they use to exclude this traffic?

Question 24hardmultiple choice
Read the full Manage, Monitor and Operate explanation →

Two firewalls in an active/passive HA configuration are not synchronizing sessions. The 'show high-availability state' command shows both peers as 'active' and 'passive' correctly, but session synchronization is not working. What is the most likely cause?

Question 25easymultiple choice
Read the full network assurance explanation →

An administrator wants to receive SNMP traps from the firewall for critical events such as failed login attempts and high CPU usage. Which configuration step is required?

Question 26mediummultiple choice
Read the full Manage, Monitor and Operate explanation →

A team uses the Panorama API to generate custom reports. They need to retrieve a list of all rules that have logging at session end enabled. Which API endpoint should be used?

Question 27hardmultiple choice
Read the full Manage, Monitor and Operate explanation →

During a Panorama upgrade from version 9.0 to 9.1, the administrator notices that the commit fails on one of the managed firewalls with the error: 'Mismatched content version'. What is the most likely cause?

Question 28easymultiple choice
Read the full Manage, Monitor and Operate explanation →

An administrator needs to generate a tech support file for TAC. Which CLI command accomplishes this?

Question 29mediummultiple choice
Read the full Manage, Monitor and Operate explanation →

A company wants to forward logs from a firewall to a SIEM system with high reliability. Which log forwarding method ensures that logs are not lost if the SIEM is temporarily unreachable?

Question 30hardmultiple choice
Read the full Manage, Monitor and Operate explanation →

A firewall is experiencing slow performance. The administrator runs 'show counter global' and sees that the 'flow_aged_error_tcp_mss' counter is incrementing rapidly. What does this indicate?

Question 31easymulti select
Read the full Manage, Monitor and Operate explanation →

Which TWO methods can be used to monitor traffic passing through a Palo Alto Networks firewall?

Question 32mediummulti select
Read the full Manage, Monitor and Operate explanation →

Which THREE steps should be performed when upgrading an active/passive HA pair to a new PAN-OS version?

Question 33hardmulti select
Read the full Manage, Monitor and Operate explanation →

Which TWO configurations are required for User-ID to work using the Windows User-ID Agent (WUA) in a distributed environment?

Question 34easymultiple choice
Read the full Manage, Monitor and Operate explanation →

Refer to the exhibit. What does the uptime indicate?

Exhibit

> show system info
System info:
  Hostname: FW01
  IP address: 192.168.1.1
  Netmask: 255.255.255.0
  Gateway: 192.168.1.254
  Uptime: 0 days, 3 hours, 12 minutes
Question 35mediummultiple choice
Read the full Manage, Monitor and Operate explanation →

Refer to the exhibit. Which SSL protocol version is blocked as per this decryption profile?

Exhibit

decryption profile:
  name: 'Decrypt-All'
  ssl-decryption:
    minimum-protocol-version: tls1-0
    maximum-protocol-version: tls1-2
    allow-block tls1-0
    block tls1-1
    allow tls1-2
Question 36hardmultiple choice
Read the full Manage, Monitor and Operate explanation →

Refer to the exhibit. Based on the log entry, what action was taken on this traffic?

Exhibit

Log entry:
  time: 2024/09/15 10:23:45
  serial_number: 007200000001
  type: TRAFFIC
  subtype: start
  from zone: untrust
  to zone: trust
  source: 10.10.10.10
  destination: 192.168.1.100
  user: unknown
  application: web-browsing
  action: drop
Question 37mediummultiple choice
Read the full Manage, Monitor and Operate explanation →

A firewall is dropping traffic that should be allowed. The security policy appears correct. An administrator checks the session table and notices the session state is 'CLOSE'. What is the most likely cause of the traffic being dropped?

Question 38hardmultiple choice
Read the full network assurance explanation →

A network engineer needs to configure SNMP traps on a PA-5250 running PAN-OS 10.2 to alert when CPU usage exceeds 80% for more than 10 minutes. Which CLI command should be used to set this threshold?

Question 39easymultiple choice
Read the full Manage, Monitor and Operate explanation →

An administrator wants to see only the candidate configuration changes that have not yet been committed. Which CLI command should be used?

Question 40mediummultiple choice
Read the full Manage, Monitor and Operate explanation →

An engineer notices a decrease in network performance and wants to verify if a specific security policy is being triggered frequently. Which CLI command will show the hit count for a specific policy?

Question 41hardmultiple choice
Read the full Manage, Monitor and Operate explanation →

A company uses Panorama to manage multiple firewalls. An administrator pushes a template that includes a new Security Profiles group, but the firewalls do not receive the profile group. What is the most likely cause?

Question 42easymultiple choice
Read the full Manage, Monitor and Operate explanation →

A firewall is experiencing performance issues. The administrator wants to collect diagnostic data for TAC analysis. Which command generates a comprehensive support file?

Question 43mediummultiple choice
Read the full NAT/PAT explanation →

An administrator reviews a traffic log entry: 'Source: 10.0.0.10, Destination: 8.8.8.8, Application: web-browsing, Action: allow, Bytes Sent: 500, Bytes Received: 1200'. What does this log entry indicate about the traffic?

Question 44hardmultiple choice
Read the full Manage, Monitor and Operate explanation →

Two firewalls in an active/passive HA pair are not synchronizing. The administrator checks 'show high-availability state' and sees 'active' on both firewalls. What is the most likely cause?

Question 45easymultiple choice
Read the full Manage, Monitor and Operate explanation →

An administrator wants to view real-time CPU and memory usage on the firewall. Which CLI command should be used?

Question 46easymulti select
Read the full network assurance explanation →

Which TWO are required for SNMP monitoring of a Palo Alto Networks firewall? (Choose two.)

Question 47mediummulti select
Read the full Manage, Monitor and Operate explanation →

Which THREE are valid methods to collect logs from a firewall to Panorama? (Choose three.)

Question 48hardmulti select
Read the full Manage, Monitor and Operate explanation →

Which THREE are common causes of high CPU utilization on a Palo Alto Networks firewall? (Choose three.)

Question 49mediummultiple choice
Read the full Manage, Monitor and Operate explanation →

What does the session state 'SYN_SENT' indicate about this traffic flow?

Exhibit

Refer to the exhibit.

admin@PA-5250> show session all

Total sessions shown: 1

Session 1:
  Source IP: 10.0.0.100
  Destination IP: 203.0.113.50
  Source port: 49152
  Destination port: 443
  Protocol: TCP
  State: SYN_SENT
  Application: incomplete
  Bytes: 0
Question 50hardmultiple choice
Read the full Manage, Monitor and Operate explanation →

An administrator has applied the above configuration on a firewall. What will happen to traffic destined to TCP port 2525?

Exhibit

Refer to the exhibit.

config
{
    "deviceconfig": {
        "system": {
            "application-override": [
                {
                    "@name": "override-smtp",
                    "port": 2525,
                    "application": "smtp",
                    "protocol": "tcp"
                }
            ]
        }
    }
}
Question 51easymultiple choice
Read the full Manage, Monitor and Operate explanation →

The traffic log shows a threat severity 'medium' and the threat log shows action 'allow' for the same session. What is the most likely reason that the threat was allowed?

Exhibit

Refer to the exhibit.

Traffic Log:
Time: 2024-07-15 10:00:00
Source: 10.1.1.10
Destination: 198.51.100.20
Application: web-browsing
Action: allow
Threat: High
Severity: medium

Threat Log:
Time: 2024-07-15 10:00:00
Source: 10.1.1.10
Destination: 198.51.100.20
Threat ID: 12345
Action: allow
Question 52easymultiple choice
Review the full subnetting walkthrough →

A network administrator notices that traffic from a specific internal subnet is not being logged to the firewall's system logs despite log forwarding being configured. The firewall is running PAN-OS 10.1. Which configuration is most likely causing the issue?

Question 53mediummultiple choice
Read the full VPN explanation →

After upgrading a PA-5250 from PAN-OS 9.1 to PAN-OS 10.1, the firewall fails to establish IPsec VPN tunnels with remote peers. The crypto profiles and IKE gateways appear unchanged. What is the most likely cause?

Question 54hardmultiple choice
Read the full VPN explanation →

An organization is experiencing intermittent connectivity issues with their GlobalProtect remote access VPN. Users report that they can connect but after a random period (20-40 minutes) the tunnel drops and reconnects. The firewall has sufficient licensing. Which setting should be reviewed first?

Question 55easymultiple choice
Read the full Manage, Monitor and Operate explanation →

A firewall administrator needs to ensure that traffic matching a specific security policy rule is always logged to Panorama even if the local firewall's management plane is temporarily unreachable. Which configuration should be used?

Question 56mediummultiple choice
Read the full NAT/PAT explanation →

An engineer is troubleshooting a security policy that is not matching traffic as expected. The traffic is from source IP 10.1.1.10 to destination 172.16.0.1 port 443. The policy has source zone 'Internal', destination zone 'DMZ', source address '10.1.1.0/24', destination address '172.16.0.0/24', application 'ssl'. The firewall shows the traffic hitting a different rule. What is the most likely cause?

Question 57hardmultiple choice
Review the full subnetting walkthrough →

A company has a PA-3260 firewall configured with multiple virtual routers for segmentation. A new subnet 192.168.30.0/24 is added behind a layer3 interface that is part of virtual router 'VR-A'. The administrator adds a static route on the firewall to reach the subnet via next-hop 10.0.0.1. However, hosts in another virtual router 'VR-B' cannot reach the new subnet. The route is present in VR-A's routing table. What should the administrator do to resolve the issue?

Question 58easymultiple choice
Read the full Manage, Monitor and Operate explanation →

A user complains that they cannot access internal resources via GlobalProtect. The firewall shows the user is connected with an IP address from the tunnel pool. Which log type should the administrator check first to determine if traffic is being allowed or denied?

Question 59mediummultiple choice
Read the full Manage, Monitor and Operate explanation →

An organization is migrating from a legacy firewall to a Palo Alto Networks firewall and needs to ensure that all existing application-based policies are accurately replicated. The engineer exports the configuration from the old firewall and imports it using the 'Config Audit' feature. After import, the engineer notices that many security policy rules have the application set to 'any' instead of the specific applications from the old firewall. What is the most likely reason?

Question 60hardmultiple choice
Read the full Manage, Monitor and Operate explanation →

A firewall is configured with User-ID using the 'Server Monitoring' method via LDAP. The administrator notices that user-to-IP mappings are only being updated every 60 minutes instead of the configured 15-minute polling interval. The LDAP server is reachable and responds quickly. What configuration parameter is most likely causing the delayed update?

Question 61mediummulti select
Read the full Manage, Monitor and Operate explanation →

A firewall administrator needs to configure a new security policy rule to block traffic from the 'Guest' zone to the 'Corporate' zone for all ports except HTTP and HTTPS. Which two configuration steps are required? (Choose two.)

Question 62hardmulti select
Read the full Manage, Monitor and Operate explanation →

A security engineer is investigating a potential data exfiltration incident. The firewall logs show that a host in the DMZ made outbound connections to multiple external IPs on port 443, but the traffic was allowed. The engineer wants to review detailed session information including the amount of data transferred and the application used. Which three log types or tools should the engineer use? (Choose three.)

Question 63easymulti select
Read the full Manage, Monitor and Operate explanation →

An administrator needs to configure a firewall to send email alerts when a specific security policy rule is triggered. Which two configuration elements are required? (Choose two.)

Question 64mediummultiple choice
Read the full Manage, Monitor and Operate explanation →

The security policy rule shown in the exhibit has log-start and log-end both set to 'no', but a log-forwarding profile is configured. Which statement best describes the logging behavior for sessions matching this rule?

Exhibit

Refer to the exhibit.
admin@PA-500> show running security-policy
rule 1: name "Allow-Outbound" from "Internal" to "External" source "10.0.0.0/8" destination "any" application "any" service "any" action "allow" log-start "no" log-end "no" log-forward "Log-to-Panorama"
Question 65hardmultiple choice
Read the full Manage, Monitor and Operate explanation →

A GlobalProtect gateway is configured as shown. Remote users report that they can connect to the gateway but cannot authenticate. The users are using the GlobalProtect client with certificate authentication. What is the most likely cause?

Exhibit

Refer to the exhibit.
set shared gateway "Corp-Gateway" authentication method "client-certificate"
set shared gateway "Corp-Gateway" client-config dns-server "8.8.8.8"
set shared gateway "Corp-Gateway" client-config ip-pool "10.250.0.1-10.250.0.254"
set shared gateway "Corp-Gateway" tunnel-config ipsec-crypto "AES256-SHA256-DH5"
Question 66easymultiple choice
Read the full VPN explanation →

The firewall log shows repeated IKE phase 1 negotiation failures. The remote peer is a third-party VPN device. Which of the following is the most likely cause?

Exhibit

Refer to the exhibit.
Apr 12 14:32:15 PA-500: IKE phase 1 negotiation failed for peer 203.0.113.10 [reason: No Proposal Chosen]
Apr 12 14:32:17 PA-500: IKE phase 1 negotiation failed for peer 203.0.113.10 [reason: No Proposal Chosen]
Question 67easymultiple choice
Read the full Manage, Monitor and Operate explanation →

A network administrator notices that traffic from a specific IP address is being blocked unexpectedly. The traffic is allowed in the security policy. What is the most likely cause?

Question 68mediummultiple choice
Read the full Manage, Monitor and Operate explanation →

A company has configured User-ID with Active Directory polling. Some users cannot access resources even though their security policy rules appear correct. The administrator verifies that the User-ID agent is connected and polling. What additional step should the administrator take?

Question 69hardmultiple choice
Review the full routing breakdown →

A firewall is configured with two virtual routers in an active/passive HA pair. The active firewall fails over, and after failover, traffic is not passing through the new active firewall. The interface IP addresses are configured as virtual IPs. What is the most likely cause?

Question 70easymultiple choice
Read the full Manage, Monitor and Operate explanation →

An administrator needs to generate a report showing all traffic denied by the firewall over the past week. Which type of report in the firewall web interface should be used?

Question 71mediummulti select
Read the full Manage, Monitor and Operate explanation →

A network engineer is troubleshooting high latency on the firewall. Which THREE commands from the CLI should be used to identify potential bottlenecks? (Choose three.)

Question 72hardmulti select
Read the full Manage, Monitor and Operate explanation →

A firewall is part of a Panorama-managed environment. The administrator needs to ensure that only specific administrators can commit changes to devices. Which TWO actions are required? (Choose two.)

Question 73easymultiple choice
Read the full Manage, Monitor and Operate explanation →

A small business uses a single PA-220 firewall with PAN-OS 10.2. The administrator notices that the firewall is no longer receiving automatic threat updates. The License page shows the Threat Prevention license is active with 200 days remaining. The administrator can manually download updates from the Palo Alto Networks update server. What is the most likely cause?

Question 74easymultiple choice
Read the full Manage, Monitor and Operate explanation →

An organization has a pair of PA-5250 firewalls in active/passive HA. During a maintenance window, the active firewall is rebooted. After the reboot, the firewall that was passive becomes active and passes traffic. However, the other firewall remains in a non-functional state and shows 'unknown' as HA state. The administrator checks the HA configuration and finds both firewalls have the same HA settings. What is the most likely issue?

Question 75mediummultiple choice
Read the full Manage, Monitor and Operate explanation →

A large enterprise uses Panorama to manage 100+ firewalls. The security team wants to deploy a new security policy rule to block a specific application across all firewalls. The rule must be placed before the existing rules. The administrator creates the rule in the appropriate rulebase in the device group and pushes. However, the rule appears at the end of the rulebase on the managed firewalls. What is the most likely cause?

Question 76mediummultiple choice
Read the full Manage, Monitor and Operate explanation →

A network administrator is troubleshooting an issue where HTTPS traffic to a particular website is being blocked. The security policy rule allows SSL traffic to that website. The firewall logs show the traffic is being blocked by the URL Filtering profile. The URL Filtering profile is set to allow the category 'Business-and-Economy'. The website belongs to the category 'Shopping'. What action should the administrator take?

Question 77hardmultiple choice
Read the full Manage, Monitor and Operate explanation →

A financial institution operates a pair of PA-5260 firewalls in active/active HA using Virtual Wire mode. They are experiencing intermittent asymmetric traffic flows causing session setup failures. The firewall logs show sessions being created with a one-sided flow. Which configuration change is most likely to resolve this issue?

Question 78hardmultiple choice
Read the full network assurance explanation →

A security operations center (SOC) uses Panorama to monitor all firewalls. They notice that some log entries show a severity of 'critical' but the alerting system does not fire. The log forwarding profile on Panorama is configured to send syslog alerts for severity 'critical'. The syslog server receives other logs from Panorama but not these critical logs. The administrator checks the Panorama configuration and finds that the log forwarding profile is applied to the correct log types. What is the most likely issue?

Question 79easymulti select
Read the full network assurance explanation →

A systems administrator needs to configure log forwarding to an external syslog server for Security policies. Which two actions are required to achieve this? (Choose two.)

Question 80mediummultiple choice
Read the full network assurance explanation →

Refer to the exhibit. A network engineer notices that logs for this rule are not being forwarded to the external syslog server. The syslog server profile is configured correctly. What is the most likely cause?

Exhibit

admin@PA-5050> show running security-policy
 rule 1 {
  name: "Allow Web";
  source: [192.168.1.0/24];
  destination: [any];
  application: [web-browsing];
  action: allow;
  log-start: no;
  log-end: yes;
  log-setting: "syslog-forwarding-profile";
 }
Question 81hardmultiple choice
Read the full Manage, Monitor and Operate explanation →

A large enterprise has deployed two Palo Alto Networks PA-5250 firewalls in active/passive HA mode with Panorama for centralized management. The network contains over 10,000 users across multiple sites. Recently, the security team deployed a new security policy rule to block a set of high-risk applications. After the commit, the firewall's CPU utilization spiked to 95% and sessions started to drop intermittently. The firewall logs show a high number of session setup failures and timeouts. The existing security policy contains over 5,000 rules. The new rule uses application-based filtering and is placed near the top of the rulebase. What is the most effective course of action to reduce CPU load while maintaining security?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

PCNSE Practice Test 1 — 10 Questions→PCNSE Practice Test 2 — 10 Questions→PCNSE Practice Test 3 — 10 Questions→PCNSE Practice Test 4 — 10 Questions→PCNSE Practice Test 5 — 10 Questions→PCNSE Practice Exam 1 — 20 Questions→PCNSE Practice Exam 2 — 20 Questions→PCNSE Practice Exam 3 — 20 Questions→PCNSE Practice Exam 4 — 20 Questions→Free PCNSE Practice Test 1 — 30 Questions→Free PCNSE Practice Test 2 — 30 Questions→Free PCNSE Practice Test 3 — 30 Questions→PCNSE Practice Questions 1 — 50 Questions→PCNSE Practice Questions 2 — 50 Questions→PCNSE Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Manage, Monitor and OperateSecuring Traffic and App-IDSecuring Users and Applications with AuthenticationDecryption and SSL InspectionManaging Troubleshooting and High AvailabilityDeploy and Configure FirewallsCore Concepts and ArchitectureSecure Access and VPNTroubleshoot

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Manage, Monitor and Operate setsAll Manage, Monitor and Operate questionsPCNSE Practice Hub