• Home
  • Articles
  • Latest [Feb 04, 2022] PCNSC Exam with Accurate Palo Alto Networks Certified Network Security Consultant PDF Questions [Q23-Q44]

Latest [Feb 04, 2022] PCNSC Exam with Accurate Palo Alto Networks Certified Network Security Consultant PDF Questions [Q23-Q44]

Share

Latest [Feb 04, 2022] PCNSC Exam with Accurate Palo Alto Networks Certified Network Security Consultant PDF Questions

Take a Leap Forward in Your Career by Earning Palo Alto Networks 74 Questions


How to book the Palo Alto PCNSC Exam

Test arrangements might be made ahead of time or on the day you wish to test, subject to accessibility. The test/arrangement testing time limit noted on Pearson VUE website pages mirrors the absolute arrangement time, including a NDA, test time, and review.

 

NEW QUESTION 23
Which two options prevents the firewall from capturing traffic passing through it? (Choose two.)

  • A. The firewall is in milti-vsys mode.
  • B. The traffic does not match the packet capture filter
  • C. The traffic is offloaded.
  • D. The firewall's DP CPU is higher than 50%

Answer: B,C

 

NEW QUESTION 24
An administrator is using Panorama and multiple Palo Alto Networks NGFWs. After upgrading all devices to the latest PAN-OS software, the administrator enables logs forwarding from the firewalls to panorama Pre-existing logs from the firewall are not appearing in Panorama.
Which action would enables the firewalls to send their preexisting logs to Panorama?

  • A. A CLI command will forward the pre-existing logs to Panorama.
  • B. The- log database will need to be exported from the firewall and manually imported into Panorama.
  • C. Use the import option to pull logs panorama.
  • D. Use the ACC to consolidate pre-existing logs.

Answer: A

 

NEW QUESTION 25
An administrator wants multiple web servers in the DMZ to receive connections from the internet. Traffic destined for 206.15.22.9 port 80/TCP needs to be forwarded to the server at 10 1.22 Based on the information shown in the age, which NAT rule will forward web-browsing traffic correctly?

A)

B)

C)

D)

  • A. Option A
  • B. Option B
  • C. Option D
  • D. Option C

Answer: A

 

NEW QUESTION 26
A Palo Alto Networks NGFW just submitted a file lo WildFire tor analysis Assume a 5-minute window for analysis. The firewall is configured to check for verdicts every 5 minutes.
How quickly will the firewall receive back a verdict?

  • A. 10 to 15 minutes
  • B. More than 15 minutes
  • C. 5 to 10 minutes
  • D. 5 minutes

Answer: C

 

NEW QUESTION 27
Which two action would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL forward proxy? (Choose two.)

  • A. Configure an EDL to pull IP Addresses of known sites resolved from a CRL.
  • B. Configure a Dynamic Address Group for untrusted sites.
  • C. Create a Security Policy rule with vulnerability Security Profile attached.
  • D. Enable the "Block seasons with untrusted Issuers- setting.
  • E. Create a no-decrypt Decryption Policy rule.

Answer: C,D

 

NEW QUESTION 28
Which PAN-OS policy must you configure to force a user to provide additional credential before he is allowed to access an internal application that contains highly sensitive business data?

  • A. Authentication policy
  • B. Decryption policy
  • C. Application Override policy
  • D. Security policy

Answer: A

 

NEW QUESTION 29
What should an administrator consider when planning to revert Panorama to a pre-PAN-OS 8.1 version?

  • A. An administrator must use the Expedition tool to adapt the configuration to the pre-pan-OS 8.1 state.
  • B. Administrators need to manually update variable characters to those to used in pre-PAN-OS 8.1.
  • C. When Panorama is reverted to an earlier PAN-OS release, variable used in template stacks will be removed authentically.
  • D. Panorama cannot be reverted to an earlier PAN-OS release if variables are used in templates or stacks.

Answer: D

 

NEW QUESTION 30
An administrator has enabled OSPF on a virtual router on the NGFW OSPF is not adding new routes to the virtual router.
Which two options enable the administrator top troubleshoot this issue? (Choose two.)

  • A. View Runtime Status virtual router.
  • B. View System logs.
  • C. Perform a traffic pcap at the routing stage.
  • D. Add a redistribution profile to forward as BGP updates.

Answer: A,B

 

NEW QUESTION 31
Which virtual router feature determines if a specific destination IP address is reachable'?

  • A. Path Monitoring
  • B. Failover
  • C. Heartbeat Monitoring
  • D. Ping-Path

Answer: A

 

NEW QUESTION 32
VPN traffic intended for an administrator's Palo Alto Networks NGfW is being maliciously intercepted and retransmitted by the interceptor. When Creating a VPN tunnel, which protection profile cm be enabled to prevent this malicious behavior?

  • A. Web Application
  • B. Replay
  • C. zone Protection
  • D. DoS Protection

Answer: C

 

NEW QUESTION 33
An organization has Palo Alto Networks MGfWs that send logs to remote monitoring and security management platforms. The network team has report has excessive traffic on the corporate WAN. How could the Palo Alto Networks NOFW administrator reduce WAN traffic while maintaining support for all the existing monitoring/security platforms?

  • A. Any configuration on an M-500 would address the insufficient bandwidth concerns.
  • B. Configure log compression and optimization features on all remote firewalls.
  • C. Forward logs from external sources to Panorama for correlation, arid from Panorama send to the NGFW
  • D. forward logs from firewalls only to Panorama, and have Panorama forward log* lo other external service.

Answer: D

 

NEW QUESTION 34
Which two subscriptions are available when configuring panorama to push dynamic updates to connected devices? (Choose two.)

  • A. Antivirus
  • B. Application and Threats
  • C. Content-ID
  • D. User-ID

Answer: A,B

 

NEW QUESTION 35
An administrator sees several inbound sessions identified as unknown tcp in the Traffic logs. The administrator determines that these sessions are from external users accessing the company's propriety accounting application. The administrator wants to reliability identity this as their accounting application and to scan this traffic for threats.
Which option would achieve this result?

  • A. Create an Application Override policy and a custom threat signature for the application.
  • B. Create a custom App-ID and enable scanning on the advanced tab.
  • C. Create a custom App-ID and use the "ordered condition cheek box.
  • D. Create an Application Override policy

Answer: A

 

NEW QUESTION 36
Which method will dynamically register tags on the Palo Alto Networks NGFW?

  • A. XML API or the VMware API on the firewall on the User-ID agent or the CLI
  • B. Restful API or the VMware API on the firewall or on the User.-D agent or the ready -only domain controller
  • C. Restful API or the VMware API on the firewall or on the User-ID Agent
  • D. XML- API or lite VM Monitoring agent on the NGFW or on the User- ID agent

Answer: D

 

NEW QUESTION 37
An administrator pushes a new configuration from panorama to a pair of firewalls that are configured as active/passive HA pair.
Which NGFW receives the configuration from panorama?

  • A. both the active and passive firewalls independently, with no synchronization afterward
  • B. the passive firewall, which then synchronizes to the active firewall
  • C. the active firewall, which then synchronizes to the passive firewall
  • D. both the active and passive firewalls, which then synchronizes with each other

Answer: D

 

NEW QUESTION 38
Which option would an administration choose to define the certificate and protect that Panorama and its managed devices uses for SSL/ITS services?

  • A. Set up Security policy rule to allow SSL communication.
  • B. Configure on SSL/TLS Profile.
  • C. Set Up SSL/TLS under Policies > Service/URL Category > Service.
  • D. Configure a Decryption Profile and select SSL/TLS services.

Answer: B

 

NEW QUESTION 39
A speed/duplex negotiation mismatch is between the Palo Alto Networks management port and the switch it connect.
How would an administrator configure the interface to IGbps?

  • A. set deviceconfig system speed-duplex 10Gbps-full-duplex
  • B. set deviceconfig interface speed-duplex 1Gbs--full-duplex
  • C. set deviceconfig interface speed-duplex 1Gbs--half-duplex
  • D. set deviceconfig system speed-duplex 1Gbs--half-duplex.

Answer: D

 

NEW QUESTION 40
A web server is hosted in the DMZ and the server re configured to listen for income connections on TCP port
443. A Security policies rules allowing access from the Trust zone to the DMZ zone needs to be configured to allow web-browsing access. The web server host its contents over Traffic from Trust to DMZ is being decrypted with a Forward Proxy rule.
Which combination of service and application, and order of Security policy rules needs to be configured to allow cleaned web-browsing traffic to the server on tcp/443?

  • A. Rule#1application: web-biows.no; service service-https action allow
    Rule#2 application ssl. Service application-default, action allow
  • B. Rule #1application web-browsing, service service imp action allow
    Rule #2 application ssl. service application -default, action allow
  • C. Rule#1 application web-brows.no service application-default, action allow Rule #2 application ssl. Service application-default, action allow
  • D. Rule# 1 application: ssl; service application-default: action allow
    Role # 2 application web browsing, service application default, action allow

Answer: C

 

NEW QUESTION 41
How does Panorama prompt VMware NSX to quarantine an in6erface VM??

  • A. SNMP Server Profile
  • B. Syslog Server Profile
  • C. HTTP Server Profile
  • D. Email Server Profile

Answer: B

 

NEW QUESTION 42
An administrator logs in to the Palo Alto Networks NGFW and reports and reports that the WebUI is missing the policies tab. Which profile is the cause of the missing policies tab?

  • A. Admin Role
  • B. WebUI
  • C. Authentication
  • D. Authorization

Answer: A

 

NEW QUESTION 43
An administrator needs to optimize traffic to prefer business-critical applications over non-critical applications.
QoS natively integrates with which feature to provide service quality?

  • A. App-ID
  • B. Content-ID
  • C. port inspection
  • D. certification revocation

Answer: A

 

NEW QUESTION 44
......


For more info read reference:

Palo Alto Official Certification Site

 

Authentic Best resources for PCNSC Online Practice Exam: https://www.trainingdump.com/Palo-Alto-Networks/PCNSC-practice-exam-dumps.html

Practice To PCNSC - TrainingDump Remarkable Practice On your Palo Alto Networks Certified Network Security Consultant Exam: https://drive.google.com/open?id=1Y2Z6UL0aWPMDWeZstJ1XdihNRZk_PMbY

Related Articles

more
Go To PCNSC Questions
0
0
0
0