100% Pass Top-selling PCNSC Exams - New 2021 Palo Alto Networks Pratice Exam [Q17-Q37]

Share

100% Pass Top-selling PCNSC Exams - New 2021 Palo Alto Networks  Pratice Exam

Paloalto Certifications and Accreditations Dumps PCNSC Exam for Full Questions - Exam Study Guide

NEW QUESTION 17
Refer to the exhibit.

An administrator cannot see any of the Traffic logs from the Palo Alto Networks NGFW on Panorama. The configuration problem seems to be on the firewall side. Where is the best place on the Palo Alto Networks NGFW to check whether the configuration is correct?
A)

B)

C)

D)

  • A. Option A
  • B. Option D
  • C. Option B
  • D. Option C

Answer: B

 

NEW QUESTION 18
An administrator using an enterprise PKI needs to establish a unique chain of trust to ensure mutual authentication between panorama and the managed firewall and Log Collectors. How would the administrator establish the chain of trust?

  • A. Set up multiple-factor authentication.
  • B. Configure strong password
  • C. Enable LDAP or RADIUS integration.
  • D. Use custom certificates.

Answer: D

 

NEW QUESTION 19
An administrator needs to optimize traffic to prefer business-critical applications over non-critical applications.
QoS natively integrates with which feature to provide service quality?

  • A. Content-ID
  • B. certification revocation
  • C. App-ID
  • D. port inspection

Answer: C

 

NEW QUESTION 20
An administrator is using Panorama and multiple Palo Alto Networks NGFWs. After upgrading all devices to the latest PAN-OS software, the administrator enables logs forwarding from the firewalls to panorama Pre-existing logs from the firewall are not appearing in Panorama.
Which action would enables the firewalls to send their preexisting logs to Panorama?

  • A. A CLI command will forward the pre-existing logs to Panorama.
  • B. Use the import option to pull logs panorama.
  • C. The- log database will need to be exported from the firewall and manually imported into Panorama.
  • D. Use the ACC to consolidate pre-existing logs.

Answer: A

 

NEW QUESTION 21
Which two action would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL forward proxy? (Choose two.)

  • A. Create a Security Policy rule with vulnerability Security Profile attached.
  • B. Create a no-decrypt Decryption Policy rule.
  • C. Enable the "Block seasons with untrusted Issuers- setting.
  • D. Configure an EDL to pull IP Addresses of known sites resolved from a CRL.
  • E. Configure a Dynamic Address Group for untrusted sites.

Answer: A,C

 

NEW QUESTION 22
When is the content inspection performed in the packet flow process?

  • A. after the application has been identified
  • B. before session lookup
  • C. after the SSL Proxy re-encrypts the packet
  • D. before the packet forwarding process

Answer: A

 

NEW QUESTION 23
What should an administrator consider when planning to revert Panorama to a pre-PAN-OS 8.1 version?

  • A. When Panorama is reverted to an earlier PAN-OS release, variable used in template stacks will be removed authentically.
  • B. An administrator must use the Expedition tool to adapt the configuration to the pre-pan-OS 8.1 state.
  • C. Panorama cannot be reverted to an earlier PAN-OS release if variables are used in templates or stacks.
  • D. Administrators need to manually update variable characters to those to used in pre-PAN-OS 8.1.

Answer: C

 

NEW QUESTION 24
How does Panorama prompt VMware NSX to quarantine an in6erface VM??

  • A. Syslog Server Profile
  • B. SNMP Server Profile
  • C. HTTP Server Profile
  • D. Email Server Profile

Answer: A

 

NEW QUESTION 25
Which User-ID method should b configured to map addresses to usernames for users connected through a terminal server?

  • A. port mapping
  • B. server monitoring
  • C. XFF header
  • D. Client probing

Answer: A

 

NEW QUESTION 26
An administrator has been asked to configure active/passive HA for a pair of Palo Alto Networks NGFWs.
The administrator assigns priority 100 to the active firewall.
Which priority is collect tot the passive firewall?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: C

 

NEW QUESTION 27
A web server is hosted in the DMZ and the server re configured to listen for income connections on TCP port
443. A Security policies rules allowing access from the Trust zone to the DMZ zone needs to be configured to allow web-browsing access. The web server host its contents over Traffic from Trust to DMZ is being decrypted with a Forward Proxy rule.
Which combination of service and application, and order of Security policy rules needs to be configured to allow cleaned web-browsing traffic to the server on tcp/443?

  • A. Rule#1 application web-brows.no service application-default, action allow Rule #2 application ssl. Service application-default, action allow
  • B. Rule# 1 application: ssl; service application-default: action allow
    Role # 2 application web browsing, service application default, action allow
  • C. Rule #1application web-browsing, service service imp action allow
    Rule #2 application ssl. service application -default, action allow
  • D. Rule#1application: web-biows.no; service service-https action allow
    Rule#2 application ssl. Service application-default, action allow

Answer: A

 

NEW QUESTION 28
A Company needs to preconfigured firewalls to be sent to remote sites with the least amount of preconfiguration. Once deployed, each firewall must establish secure tunnels back to multiple regional data centers to include the future regional data centers.
Which VPN configuration would adapt to changes when deployed to Hie future site?

  • A. preconfigured GlobalProtcet client
  • B. preconfigured GlobalProtcet satellite
  • C. preconfigured iPsec tunnels
  • D. preconfigured PPTP Tunnels

Answer: B

 

NEW QUESTION 29
During the packet flow process, which two processes are performed in application identification? (Choose two.)

  • A. Application changed from content inspection
  • B. pattern based application identification
  • C. application override policy match
  • D. session application identified

Answer: C,D

 

NEW QUESTION 30
Which three authentication faction factors does PAN-OS software support for MFA? (Choose three.)

  • A. Voice
  • B. Okta Adaptive
  • C. Push
  • D. SMS
  • E. Pull

Answer: A,C,E

 

NEW QUESTION 31
An administrator pushes a new configuration from panorama to a pair of firewalls that are configured as active/passive HA pair.
Which NGFW receives the configuration from panorama?

  • A. the active firewall, which then synchronizes to the passive firewall
  • B. both the active and passive firewalls independently, with no synchronization afterward
  • C. both the active and passive firewalls, which then synchronizes with each other
  • D. the passive firewall, which then synchronizes to the active firewall

Answer: C

 

NEW QUESTION 32
A speed/duplex negotiation mismatch is between the Palo Alto Networks management port and the switch it connect.
How would an administrator configure the interface to IGbps?

  • A. set deviceconfig interface speed-duplex 1Gbs--full-duplex
  • B. set deviceconfig interface speed-duplex 1Gbs--half-duplex
  • C. set deviceconfig system speed-duplex 10Gbps-full-duplex
  • D. set deviceconfig system speed-duplex 1Gbs--half-duplex.

Answer: D

 

NEW QUESTION 33
If an administrator wants to decrypt SMTP traffic and possesses the saver's certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to inspect traffic to the server?

  • A. SSL Inbound Inspection
  • B. SSH Forward now proxy
  • C. SMTP inbound Decryption
  • D. TLS Bidirectional Inspection

Answer: B

 

NEW QUESTION 34
View the GlobalProtect configuration screen capture.
What is the purpose of this configuration?

  • A. It forces the firewall to perform a dynamic DNS update, Which adds the internal gateway's hostname and IP address to the DNS server.
  • B. It configures the tunnel address of all internal clients lo an IP address range starting at 192 168 10 1.
  • C. It enables a Client to perform a reverse DNS lookup on 192 .168. 10 .1. to delect it is an internal client.
  • D. It forces an internal client to connect to an internal gateway at IP address 192 168 10 I.

Answer: C

 

NEW QUESTION 35
An administrator sees several inbound sessions identified as unknown tcp in the Traffic logs. The administrator determines that these sessions are from external users accessing the company's propriety accounting application. The administrator wants to reliability identity this as their accounting application and to scan this traffic for threats.
Which option would achieve this result?

  • A. Create an Application Override policy and a custom threat signature for the application.
  • B. Create an Application Override policy
  • C. Create a custom App-ID and enable scanning on the advanced tab.
  • D. Create a custom App-ID and use the "ordered condition cheek box.

Answer: A

 

NEW QUESTION 36
Which feature prevents the submission of login information into website froms?

  • A. file blocking
  • B. User-ID
  • C. data filtering
  • D. credential phishing prevention

Answer: D

 

NEW QUESTION 37
......

Authentic Best resources for PCNSC Online Practice Exam: https://www.fast2test.com/PCNSC-premium-file.html

PCNSC Test Engine Practice Exam: https://drive.google.com/open?id=138ZXRwRgCVHgF_9RDFeD6eUE5efMN3G2

Contact Us

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday

Support: Contact now 

日本語 Deutsch 繁体中文 한국어