PCNSE Exam Dumps | A web server is hosted in the DMZ and the server is configured to listen for incoming connections on

<< Prev Question Next Question >>

Question 118/319

A web server is hosted in the DMZ and the server is configured to listen for incoming connections on TCP port 443. A Security policies rules allowing access from the Trust zone to the DMZ zone needs to be configured to allow web-browsing access. The web server hosts its contents over HTTP(S). Traffic from Trust to DMZ is being decrypted with a Forward Proxy rule.
Which combination of service and application, and order of Security policy rules, needs to be configured to allow cleartext web-browsing traffic to this server on tcp/443?

A. Rule #1: application: web-browsing; service: application-default; action: allow Rule #2: application: ssl; service: application-default; action: allow

B. Rule #1: application: web-browsing; service: service-https; action: allow Rule #2: application: ssl; service: application-default; action: allow

C. Rule # 1: application: ssl; service: application-default; action: allow Rule #2: application: web-browsing; service: application-default; action: allow

D. Rule #1: application: web-browsing; service: service-http; action: allow Rule #2: application: ssl; service: application-default; action: allow

Recent Comments (The most recent comments are at the top.)

tof - Apr 28, 2025

HI, the good answer is B : Rule #1: application: web-browsing; service: service-https; action: allow Rule #2: application: ssl; service: application-default; action: allow

IF server host http and https on 443, web-browsing use service-https (443)

Question List (319q): Question 1: An Administrator is configuring Authentication Enforcement a...; Question 2: A network design calls for a "router on a stick" implementat...; Question 3: Which protection feature is available only in a Zone Protect...; Question 4: What are two valid deployment options for Decryption Broker?...; Question 5: View the GlobalProtect configuration screen capture. What is...; Question 6: An organization wants to begin decrypting guest and BYOD tra...; Question 7: An administrator is receiving complaints about application p...; Question 8: Which two features require another license on the NGFW? (Cho...; Question 9: An administrator needs to evaluate a recent policy change th...; Question 10: An administrator logs in to the Palo Alto Networks NGFW and ...; Question 11: Which three external services perform both authentication an...; Question 12: An engineer is tasked with enabling SSL decryption across th...; Question 13: Refer to exhibit. An organization has Palo Alto Networks NGF...; Question 14: What are two characteristic types that can be defined for a ...; Question 15: Which virtual router feature determines if a specific destin...; Question 16: Which of the following are valid Subscriptions for the Next ...; Question 17: A user at an external system with the IP address 65.124.57.5...; Question 18: Which method will dynamically register tags on the Palo Alto...; Question 19: Which two statements are correct for the out-of-box configur...; Question 20: An administrator is using Panorama and multiple Palo Alto Ne...; Question 21: An administrator needs to upgrade a Palo Alto Networks NGFW ...; Question 22: A network administrator wants to use a certificate for the S...; Question 23: What is the function of a service route?...; Question 24: Which feature prevents the submission of corporate login inf...; Question 25: Which URL Filtering Security Profile action logs the URL Fil...; Question 26: When planning to configure SSL Froward Proxy on a PA 5260, a...; Question 27: An engineer is pushing configuration from Panorama lo a mana...; Question 28: What will the user experience when browsing a Blocked hackin...; Question 29: A client is deploying a pair of PA-5000 series firewalls usi...; Question 30: An administrator needs to identify which NAT policy is being...; Question 31: How can an administrator use the Panorama device-deployment ...; Question 32: YouTube videos are consuming too much bandwidth on the netwo...; Question 33: Which feature of Panorama allows an administrator to create ...; Question 34: Site-A and Site-B need to use IKEv2 to establish a VPN conne...; Question 35: Given the following table. Which configuration change on the...; Question 36: How does an administrator schedule an Applications and Threa...; Question 37: After Migrating from an ASA firewall to a Palo Alto Networks...; Question 38: What can be used as an Action when creating a Policy-Based F...; Question 39: Which benefit do policy rule UUIDs provide?...; Question 40: Before you upgrade a Palo Alto Networks NGFW what must you d...; Question 41: The company's Panorama server (IP 10.10.10.5) is not able to...; Question 42: Which Panorama feature allows for logs generated by Panorama...; Question 43: When backing up and saving configuration files, what is achi...; Question 44: An administrator needs firewall access on a trusted interfac...; Question 45: Based on the screenshots above, and with no configuration in...; Question 46: Your company wants greater visibility into their traffic and...; Question 47: To support a new compliance requirement, your company requir...; Question 48: Based on the following image, what is the correct path of ro...; Question 49: A variable name must start with which symbol?...; Question 50: An engineer needs to collect User-ID mappings from the compa...; Question 51: An engineer is bootstrapping a VM-Series Firewall Other than...; Question 52: What happens when the traffic log shows an internal host att...; Question 53: An administrator would like to determine which action the fi...; Question 54: In an existing deployment, an administrator with numerous fi...; Question 55: The same route appears in the routing table three times usin...; Question 56: Which CLI command displays the physical media that are conne...; Question 57: Which three external authentication services can the firewal...; Question 58: Which two mechanisms help prevent a spilt brain scenario an ...; Question 59: The firewall is not downloading IP addresses from MineMeld. ...; Question 60: An administrator encountered problems with inbound decryptio...; Question 61: Which value in the Application column indicates UDP traffic ...; Question 62: Which device Group option is assigned by default in Panorama...; Question 63: An administrator needs to optimize traffic to prefer busines...; Question 64: If an administrator does not possess a website's certificate...; Question 65: An administrator is receiving complaints about application p...; Question 66: Which two events trigger the operation of automatic commit r...; Question 67: A Security policy rule is configured with a Vulnerability Pr...; Question 68: An administrator has users accessing network resources throu...; Question 69: Which three rule types are available when defining policies ...; Question 70: An administrator has configured a pair of firewalls using hi...; Question 71: When you configure an active/active high availability pair, ...; Question 72: An administrator has two pairs of firewalls within the same ...; Question 73: What is the purpose of the firewall decryption broker?...; Question 74: A customer has an application that is being identified as un...; Question 75: Which Palo Alto Networks VM-Series firewall is supported for...; Question 76: An administrator receives the following error message: "IKE ...; Question 77: An existing NGFW customer requires direct internet access of...; Question 78: Refer to the diagram. An administrator needs to create an ad...; Question 79: Which CLI command can be used to export the tcpdump capture?...; Question 80: Refer to the exhibit. (Exhibit) An administrator cannot see ...; Question 81: Which event will happen if an administrator uses an Applicat...; Question 82: An administrator troubleshoots an issue that causes packet d...; Question 83: Your company has to Active Directory domain controllers spre...; Question 84: Starting with PAN-OS version 9.1, GlobalProtect logging info...; Question 85: At which stage of the cyber-attack lifecycle would the attac...; Question 86: Refer to the screenshots. Without the ability to use Context...; Question 87: During the packet flow process, which two processes are perf...; Question 88: What does SSL decryption require to establish a firewall as ...; Question 89: A firewall engineer creates a new App-ID report under Monito...; Question 90: The manager of the network security team has asked you to he...; Question 91: What steps should a user take to increase the NAT oversubscr...; Question 92: Which setting allow a DOS protection profile to limit the ma...; Question 93: An engineer notices that the tunnel monitoring has been fail...; Question 94: Which three are valid configuration options in a WildFire An...; Question 95: In a security-first network, what is the recommended thresho...; Question 96: A firewall administrator is troubleshooting problems with tr...; Question 97: A company is deploying User-ID in their network. The firewal...; Question 98: An organization conducts research on the benefits of leverag...; Question 99: What is exchanged through the HA2 link?...; Question 100: An administrator has been tasked with deploying SSL Forward ...; Question 101: Refer to Exhibit. A firewall has three PBF rules and a defau...; Question 102: A network administrator configured a site-to-site VPN tunnel...; Question 103: Which statement is true regarding a Best Practice Assessment...; Question 104: While analyzing the Traffic log, you see that some entries s...; Question 105: Which two statements accurately describe how DoS Protection ...; Question 106: A speed/duplex negotiation mismatch is between the Palo Alto...; Question 107: An engineer discovers the management interface is not routab...; Question 108: The decision to upgrade to PAN-OS 10.2 has been approved. Th...; Question 109: True or False: One of the advantages of Single Pass Parallel...; Question 110: An administrator needs to assign a specific DNS server to on...; Question 111: Which processing order will be enabled when a Panorama admin...; Question 112: Decrypted packets from the website https://www.microsoft.com...; Question 113: What are two best practices for incorporating new and modifi...; Question 114: When setting up a security profile, which three items can yo...; Question 115: A client wants to detect the use of weak and manufacturer-de...; Question 116: A web server is hosted in the DMZ, and the server is configu...; Question 117: Which two actions would be part of an automatic solution tha...; 1 commentQuestion 118: A web server is hosted in the DMZ and the server is configur...; Question 119: A firewall administrator has been tasked with ensuring that ...; Question 120: How can a candidate or running configuration be copied to a ...; Question 121: Which three firewall multi-factor authentication factors are...; Question 122: An administrator needs to determine why users on the trust z...; Question 123: A session in the Traffic log is reporting the application as...; Question 124: What type of address object would be useful for internal dev...; Question 125: People are having intermittent quality issues during a live ...; Question 126: An engineer must configure a new SSL decryption deployment. ...; Question 127: An administrator is seeing one of the firewalls in a HA acti...; Question 128: Which log type would provide information about traffic block...; Question 129: You need to allow users to access the office-suite applicati...; Question 130: In a firewall, which three decryption methods are valid? (Ch...; Question 131: The profile is configured to provide granular defense agains...; Question 132: Which hardware platform should I consider if the customer ne...; Question 133: An administrator allocates bandwidth to a Prisma Access Remo...; Question 134: Which three firewall states are valid? (Choose three.)...; Question 135: A firewall engineer creates a destination static NAT rule to...; Question 136: After configuring HA in Active/Passive mode on a pair of fir...; Question 137: An administrator has configured a QoS policy rule and a QoS ...; Question 138: An engineer must configure the Decryption Broker feature. To...; Question 139: A network engineer is troubleshooting a VPN and wants to ver...; Question 140: In order to fulfill the corporate requirement to back up the...; Question 141: An administrator is troubleshooting why video traffic is not...; Question 142: What are the differences between using a service versus usin...; Question 143: A VPN connection is set up between Site-A and Site-B, but no...; Question 144: What are two prerequisites for configuring a pair of Palo Al...; Question 145: Which CLI command displays the current management plane memo...; Question 146: An engineer needs to configure a standardized template for a...; Question 147: What is considered the best practice with regards to zone pr...; Question 148: Which field is optional when creating a new Security Police ...; Question 149: An administrator wants to enable Palo Alto Networks cloud se...; Question 150: An administrator has been asked to configure active/passive ...; Question 151: Which Panorama administrator types require the configuration...; Question 152: Which DoS protection mechanism detects and prevents session ...; Question 153: An engineer is tasked with configuring SSL forward proxy for...; Question 154: How are IPV6 DNS queries configured to user interface ethern...; Question 155: An administrator wants to use LDAP, TACACS+, and Kerberos as...; Question 156: In the New App Viewer under Policy Optimizer, what does the ...; Question 157: When an in-band data port is set up to provide access to req...; Question 158: An Administrator is configuring an IPSec VPN toa Cisco ASA a...; Question 159: An enterprise has a large Palo Alto Networks footprint that ...; Question 160: A remote administrator needs access to the firewall on an un...; Question 161: An auditor has requested that roles and responsibilities be ...; Question 162: A network security engineer must implement Quality of Servic...; Question 163: An internal system is not functioning. The firewall administ...; Question 164: On the NGFW, how can you generate and block a private key fr...; Question 165: TRUE or FALSE: Many customers purchase Palo Alto Networks NG...; Question 166: An administrator has a requirement to export decrypted traff...; Question 167: On March 10, 2016, between 11:00 am and 11:30 am, users repo...; Question 168: What are three valid actions in a File Blocking Profile? (Ch...; Question 169: Which three file types can be forwarded to WildFire for anal...; Question 170: An administrator wants to enable zone protection. Before doi...; Question 171: An administrator is attempting to create policies tor deploy...; Question 172: In a Panorama template, which three types of objects are con...; Question 173: Which CLI command is used to determine how much disk space i...; Question 174: A network administrator notices there is a false-positive si...; Question 175: An auditor is evaluating the configuration of Panorama and n...; Question 176: Which states will a pair of firewalls be in if their HA Grou...; Question 177: What is the maximum number of samples that can be submitted ...; Question 178: An engineer is configuring Packet Buffer Protection on ingre...; Question 179: Which PAN-OS® policy must you configure to force a user to p...; Question 180: A standalone firewall with local objects and policies needs ...; Question 181: Which source is the most reliable for collecting User-ID use...; Question 182: After switching to a different WAN connection, users have re...; Question 183: True or False: PAN-DB is a service that aligns URLs with cat...; Question 184: Given the following snippet of a WildFire submission log, di...; Question 185: Which of the following commands would you use to check the t...; Question 186: Which Palo Alto Networks VM-Series firewall is valid?...; Question 187: An administrator wants multiple web servers in the DMZ to re...; Question 188: Updates to dynamic user group membership are automatic there...; Question 189: When deploying PAN-OS SD-WAN, which routing protocol can you...; Question 190: In order to route traffic between layer 3 interfaces on the ...; Question 191: A company has a pair of Palo Alto Networks firewalls configu...; Question 192: Which two are valid ACC GlobalProtect Activity tab widgets? ...; Question 193: Which three multi-factor authentication methods can be used ...; Question 194: An administrator has 750 firewalls. The administrator's cent...; Question 195: A network security engineer is attempting to peer a virtual ...; Question 196: Which two statements are true about DoS Protection and Zone ...; Question 197: Which two policy components are required to block traffic in...; Question 198: PAN-OS 7.0 introduced an automated correlation engine that a...; Question 199: An administrator analyzes the following portion of a VPN sys...; Question 200: An administrator creates an application-based security polic...; Question 201: The IT department has received complaints abou VoIP call jit...; Question 202: Drag and Drop Question Based on PANW Best Practices for Plan...; Question 203: A firewall engineer reviews the PAN-OS GlobalProtect applica...; Question 204: In URL filtering, which component matches URL patterns?...; Question 205: Company.com has an in-house application that the Palo Alto N...; Question 206: An engineer needs to permit XML API access to a firewall for...; Question 207: An engineer must configure the Decryption Broker feature. Wh...; Question 208: How does Panorama handle incoming logs when it reaches the m...; Question 209: An administrator wants to upgrade an NGFW from PAN-OS® 7.1.2...; Question 210: A network Administrator needs to view the default action for...; Question 211: Users within an enterprise have been given laptops that are ...; Question 212: What are three valid qualifiers for a Decryption Policy Rule...; Question 213: When configuring the firewall for packet capture, what are t...; Question 214: What can you use with Global Protect to assign user-specific...; Question 215: To ensure that a Security policy has the highest priority, h...; Question 216: Which GlobalProtect gateway setting is required to enable sp...; Question 217: Which type of policy in Palo Alto Networks firewalls can use...; Question 218: An engineer wants to forward all decrypted traffic on a PA-8...; Question 219: An engineer is creating a security policy based on Dynamic U...; Question 220: Refer to the exhibit. Using the above screenshot of the ACC,...; Question 221: Which hardware firewall platforms include both built-in fron...; Question 222: A firewall has Security policies from three sources: 1. loca...; Question 223: Which three items are important considerations during SD-WAN...; Question 224: Drag and Drop Question Please match the terms to their corre...; Question 225: Wildfire may be used for identifying which of the following ...; Question 226: During the implementation of SSL Forward Proxy decryption, a...; Question 227: Which benefit do policy rule UUlDs provide?...; Question 228: A network security engineer is asked to provide a report on ...; Question 229: Which feature can be configured on VM-Series firewalls?...; Question 230: Which firewall feature do you need to configure to query Pal...; Question 231: Several offices are connected with VPNs using static IPv4 ro...; Question 232: Which log file can be used to identify SSL decryption failur...; Question 233: Which option would an administrator choose to define the cer...; Question 234: What will be the egress interface if the traffic's ingress i...; Question 235: Which statement accurately describes service routes and virt...; Question 236: A network security engineer needs to enable Zone Protection ...; Question 237: An administrator is using Panorama and multiple Palo Alto Ne...; Question 238: What are three tasks that cannot be configured from Panorama...; Question 239: An administrator has configured the Palo Alto Networks NGFW'...; Question 240: How can packet buffer protection be configured?...; Question 241: An enterprise Information Security team has deployed policie...; Question 242: Given the screenshot, how did the firewall handle the traffi...; Question 243: What are the main benefits of WildFire? (Select the three co...; Question 244: How should an administrator enable the Advance Routing Engin...; Question 245: The web server is configured to listen for HTTP traffic on p...; Question 246: The Aggregate Ethernet interface is showing down on a passiv...; Question 247: Which three items are import considerations during SD-WAN co...; Question 248: Before an administrator of a VM-500 can enable DoS and zone ...; Question 249: The firewall identifies a popular application as an unknown-...; Question 250: An administrator configures a site-to-site IPsec VPN tunnel ...; Question 251: What is the URL for the full list of applications recognized...; Question 252: Which protocol is supported by GlobalProtect Clientless VPN?...; Question 253: An administrator has been asked to configure active/active H...; Question 254: A prospect is eager to conduct a Security Lifecycle Review (...; Question 255: An engineer troubleshoots an issue that causes packet drops....; Question 256: When a malware-infected host attempts to resolve a known com...; Question 257: What is the dependency for users to access services that req...; Question 258: A critical US-CERT notification is published regarding a new...; Question 259: With the default TCP and UDP settings on the firewall, what ...; Question 260: Ethernet1/1 has been configured with the following subinterf...; Question 261: When configuring forward error correction (FEC) for PAN-OS S...; Question 262: Which new PAN-OS 11.0 feature supports IPv6 traffic?...; Question 263: An administrator deploys PA-500 NGFWs as an active/passive h...; Question 264: A firewall administrator wants to avoid overflowing the comp...; Question 265: Only two Trust to Untrust allow rules have been created in t...; Question 266: Which three authentication factors does PAN-OS@software supp...; Question 267: The firewall determines if a packet is the first packet of a...; Question 268: You are auditing the work of a co-worker and need to verify ...; Question 269: Which statement about High Availability timer settings is tr...; Question 270: A Network Administrator wants to deploy a Large Scale VPN so...; Question 271: An engineer is configuring SSL Inbound Inspection for public...; Question 272: Four configuration choices are listed, and each could be use...; Question 273: Which command can be used to validate a Captive Portal polic...; Question 274: A network security engineer has a requirement to allow an ex...; Question 275: An engineer is monitoring an active/active high availability...; Question 276: An administrator just enabled HA Heartbeat Backup on two dev...; Question 277: Which of the following are critical features of a Next Gener...; Question 278: A network security engineer for a large company has just ins...; Question 279: A company has configured a URL Filtering profile with overri...; Question 280: A company wants to use their Active Directory groups to simp...; Question 281: During SSL decryption which three factors affect resource co...; Question 282: A security engineer wants to upgrade the company's deployed ...; Question 283: An administrator connected a new fiber cable and transceiver...; Question 284: A Palo Alto Networks firewall is being targeted by an NTP Am...; Question 285: Site-A and Site-B have a site-to-site VPN set up between the...; Question 286: An administrator notices interface ethernet1/2 failed on the...; Question 287: An administrator needs to build Security rules in a Device G...; Question 288: An administrator has configured a pair of firewalls using hi...; Question 289: How can a Palo Alto Networks firewall be configured to send ...; Question 290: As a best practice, logging at session start should be used ...; Question 291: A firewall administrator is investigating high packet buffer...; Question 292: An administrator has configured PAN-OS SD-WAN and has receiv...; Question 293: An administrator needs to gather information about the CPU u...; Question 294: Which two statements correctly identify the number of Decryp...; Question 295: How quickly are Wildfire updates about previously unknown fi...; Question 296: A firewall has been assigned to a new template stack that co...; Question 297: Which feature must you configure to prevent users from accid...; Question 298: A user's traffic traversing a Palo Alto Networks NGFW someti...; Question 299: Which statement is true regarding a heatmap in a BPA report?...; Question 300: Phase two of a VPN will not establish a connection. The peer...; Question 301: An engineer is configuring secure web access (HTTPS) to a Pa...; Question 302: An administrator needs to troubleshoot a User-ID deployment....; Question 303: Which Captive Portal mode must be configured to support MFA ...; Question 304: An engineer needs to see how many existing SSL decryption se...; Question 305: An engineer is configuring a firewall with three interfaces:...; Question 306: What are the three key components of a successful Three Tab ...; Question 307: The GlobalProtect Portal interface and IP address have been ...; Question 308: An engineer is configuring a template in Panorama which will...; Question 309: A customer wants to set up a site-to-site VPN using tunnel i...; Question 310: Which is not a valid reason for receiving a decrypt-cert-val...; Question 311: A traffic log might list an application as "not-applicable" ...; Question 312: A security engineer received multiple reports of an IPSec VP...; Question 313: Which option is part of the content inspection process?...; Question 314: An administrator has enabled OSPF on a virtual router on the...; Question 315: Click the Exhibit button. An administrator has noticed a lar...; Question 316: In an enterprise deployment, a network security engineer wan...; Question 317: Which Panorama mode should be used so that all logs are sent...; Question 318: Which three file types can be forwarded to WildFire for anal...; Question 319: An administrator sees several inbound sessions identified as...

Question 118/319

Recent Comments (The most recent comments are at the top.)

LEAVE A REPLY

Download PDF File