Paloalto Networks Updated PCNSE Exam Questions and Answers by arham

A, C, and D are the correct answers because they are the parts of a template that an engineer can configure in Panorama. A template is a collection of device and network settings that can be pushed to multiple firewalls from Panorama1. A template can contain settings such as2:

A: NTP Server Address: This is the address of the Network Time Protocol server that synchronizes the time on the firewall.

C: Authentication Profile: This is the profile that defines how the firewall authenticates users and administrators.

D: Service Route Configuration: This is the configuration that specifies which interface and source IP address the firewall uses to access external services, such as DNS, email, syslog, etc.

To protect against DNS misconfigurations, Advanced DNS Security and Advanced URL Filtering licenses (Option C) enable DNS sinkholing and domain monitoring. In an Anti-Spyware profile (Option D), the DNS Policies section allows adding specific domains to detect and block misconfigured records pointing to third-party sources.

A syslog listener is the best choice for deploying User-ID to ensure maximum coverage in an environment with multiple forms of authentication. A syslog listener is a feature that enables the firewall or Panorama to receive syslog messages from other systems and parse them for IP address-to-username mappings. A syslog listener can collect user mapping information from a variety of sources, such as network access control systems, domain controllers, MDM solutions, VPN gateways, wireless controllers, proxies, and more2. A syslog listener can also support multiple platforms and operating systems, such as Windows, Linux, macOS, iOS, Android, etc3. Therefore, a syslog listener can provide a comprehensive and flexible solution for User-ID deployment in a large-scale network. References: Configure a Syslog Listener for User Mapping, User-ID Agent Deployment Guide, PCNSE Study Guide (page 48)