Certbus > Palo Alto Networks > Palo Alto Networks Certifications > PCNSC > PCNSC Online Practice Questions and Answers

PCNSC Online Practice Questions and Answers

Questions 4

Which PAN-OS policy must you configure to force a user to provide additional credential before he is allowed to access an internal application that contains highly sensitive business data?

A. Authentication policy

B. Decryption policy

C. Security policy

D. Application Override policy

Browse 141 Q&As
Questions 5

In High Availability, which information is transferred via the HA data link?

A. heartbeats

B. HA state information

C. session information

D. User-ID information

Browse 141 Q&As
Questions 6

An administrator using an enterprise PKI needs to establish a unique chain of trust to ensure mutual authentication between panorama and the managed firewall and Log Collectors. How would the administrator establish the chain of trust?

A. Configure strong password

B. Set up multiple-factor authentication.

C. Use custom certificates.

D. Enable LDAP or RADIUS integration.

Browse 141 Q&As
Questions 7

Refer to the exhibit.

A web server in the DMZ is being mapped to a public address through DNAT. Which Security policy rule will allow traffic to flow to the web server?

A. Untrust (any) to Untrust (10. 1.1. 100), web browsing -Allow

B. Untrust (any) to Untrust (1. 1. 1. 100), web browsing -Allow

C. Untrust (any) to DMZ (1. 1. 1. 100), web browsing -Allow

D. Untrust (any) to DMZ (10. 1. 1. 100), web browsing -Allow

Browse 141 Q&As
Questions 8

Which feature prevents the submission of login information into website froms?

A. credential phishing prevention

B. file blocking

C. User-ID

D. data filtering

Browse 141 Q&As
Questions 9

Which event will happen administrator uses an Application Override Policy?

A. The application name assigned to the traffic by the security rule is written to the traffic log.

B. The Palo Alto Networks NGFW Steps App-ID processing at Layer 4.

C. Threat-ID processing time is decreased.

D. App-ID processing time is increased.

Browse 141 Q&As
Questions 10

Which action would enables the firewalls to send their preexisting logs to Panorama?

A. A CLI command will forward the pre-existing logs to Panorama.

B. Use the import option to pull logs panorama.

C. Use the ACC to consolidate pre-existing logs.

D. The- log database will need to be exported from the firewall and manually imported into Panorama.

Browse 141 Q&As
Questions 11

An administrator wants multiple web servers in the DMZ to receive connections from the internet. Traffic destined for 206.15.22.9 port 80/TCP needs to be forwarded to the server at 10 1.22 Based on the information shown in the age, which NAT rule will forward web-browsing traffic correctly?

A. B. C. D.

Browse 141 Q&As
Questions 12

A Security policy rule is configured with a Vulnerability Protection Profile and an action of Deny".

Which action will this configuration cause on the matched traffic?

A. The configuration is invalid it will cause the firewall to Skip this Security policy rule A warning will be displayed during a command.

B. The configuration is valid It will cause the firewall to deny the matched sessions. Any configured Security Profiles have no effect if the Security policy rule action is set to "Deny".

C. The configuration will allow the matched session unless a vulnerability signature is detected. The "Deny" action will supersede the per. defined, severity defined actions defined in the associated Vulnerability Protection Profile.

D. The configuration is invalid. The Profile Settings section will be- grayed out when the action is set to "Deny".

Browse 141 Q&As
Questions 13

What are two benefits of nested device groups in panorama? (Choose two )

A. overwrites local firewall configuration

B. requires configuration both function and location for every device

C. all device groups inherit setting from the Shared group

D. reuse of the existing Security policy rules and objects

Browse 141 Q&As
Questions 14

Winch three steps will reduce the CPU utilization on the management plane? (Choose three. )

A. Disable predefined reports.

B. Reduce the traffic being decrypted by the firewall.

C. Disable SNMP on the management interface.

D. Application override of SSL application.

Browse 141 Q&As
Questions 15

Which three options are supposed in HA Lite? (Choose three.)

A. Configuration synchronization

B. Virtual link

C. active/passive deployment

D. session synchronization

E. synchronization of IPsec security associations

Browse 141 Q&As
Questions 16

During the packet flow process, which two processes are performed in application identification? (Choose two.)

A. Application changed from content inspection

B. session application identified

C. pattern based application identification

D. application override policy match

Browse 141 Q&As
Questions 17

Which DoS protection mechanism detects and prevents session exhaustion attacks?

A. TCP Port Scan Protection

B. Flood Protection

C. Resource Protection

D. Pocket Based Attack Protection

Browse 141 Q&As
Questions 18

A network security engineer is asked to provide a report on bandwidth usage. Which tab in the ACC provides the information needed to create the report?

A. Blocked Activity

B. Bandwidth Activity

C. Threat Activity

D. Network Activity

Browse 141 Q&As
Exam Code: PCNSC
Exam Name: Palo Alto Networks Certified Network Security Consultant (PCNSC)
Last Update: Mar 18, 2025
Questions: 141 Q&As

PDF

$49.99

VCE

$55.99

PDF + VCE

$65.99