• Home
  • Articles
  • PCNSC Free Certification Exam Material from Exams4sures with 74 Questions [Q29-Q52]

PCNSC Free Certification Exam Material from Exams4sures with 74 Questions [Q29-Q52]

Share

PCNSC Free Certification Exam Material from Exams4sures with 74 Questions

Use Real PCNSC - 100% Cover Real Exam Questions 

NEW QUESTION 29
Which two options prevents the firewall from capturing traffic passing through it? (Choose two.)

  • A. The firewall's DP CPU is higher than 50%
  • B. The traffic does not match the packet capture filter
  • C. The traffic is offloaded.
  • D. The firewall is in milti-vsys mode.

Answer: B,C

 

NEW QUESTION 30
How does Panorama prompt VMware NSX to quarantine an in6erface VM??

  • A. Syslog Server Profile
  • B. SNMP Server Profile
  • C. HTTP Server Profile
  • D. Email Server Profile

Answer: A

 

NEW QUESTION 31
Which three options are supposed in HA Lite? (Choose three.)

  • A. Configuration synchronization
  • B. session synchronization
  • C. synchronization of IPsec security associations
  • D. Virtual link
  • E. active/passive deployment

Answer: A,C,E

 

NEW QUESTION 32
If the firewall is configured for credential phishing prevention using the "Domain Credential Filter" method, which login will be detected as credential theft?

  • A. Matching any valid corporate username.
  • B. Mapping to the IP address of the logged-in user.
  • C. Using the name user's corporate username and password.
  • D. First four letters of the username matching any valid corporate username.

Answer: B

 

NEW QUESTION 33
An administrator logs in to the Palo Alto Networks NGFW and reports and reports that the WebUI is missing the policies tab. Which profile is the cause of the missing policies tab?

  • A. Admin Role
  • B. Authorization
  • C. Authentication
  • D. WebUI

Answer: A

 

NEW QUESTION 34
An administrator has users accessing network resources through Citrix XenApp 7 .x. Which User-ID mapping solution will map multiple mat who using Citrix to connect to the network and access resources?

  • A. Syslog Monitoring
  • B. Globa1Protect
  • C. Terminal Services agent
  • D. Client Probing

Answer: C

 

NEW QUESTION 35
Which two methods can be configured to validate the revocation status of a certificate? (Choose two)

  • A. CRL
  • B. SSL /TLS Service Profile
  • C. CRT
  • D. Cert-Validation-Profile
  • E. OCSP

Answer: C,D

 

NEW QUESTION 36
An administrator has created an SSL Decryption policy rule that decrypts SSL sessions on any port. Which log entry can the administrator use to verify that sessions are being decrypted?

  • A. Data filtering log
  • B. Decryption tag
  • C. In the details of the Traffic log entries
  • D. In the details of the Threat log entries

Answer: C

 

NEW QUESTION 37
Which two benefits come from assigning a Decrypting Profile to a Decryption rule with a" NO Decrypt" action? (Choose two.)

  • A. Block sessions with expired certificates
  • B. Block sessions with untrusted issuers
  • C. Block sessions with client authentication
  • D. Block sessions with unsuspected cipher suites
  • E. Block credential phishing.

Answer: A,B

 

NEW QUESTION 38
Which three user authentication services can be modified in to provide the Palo Alto Networks NGFW with both username and role names? (Choose three.)

  • A. TACACS+
  • B. LDAP
  • C. Kerberos
  • D. RADIUS
  • E. SAML
  • F. PAP

Answer: A,B,D

 

NEW QUESTION 39
Which two action would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL forward proxy? (Choose two.)

  • A. Create a Security Policy rule with vulnerability Security Profile attached.
  • B. Create a no-decrypt Decryption Policy rule.
  • C. Enable the "Block seasons with untrusted Issuers- setting.
  • D. Configure an EDL to pull IP Addresses of known sites resolved from a CRL.
  • E. Configure a Dynamic Address Group for untrusted sites.

Answer: A,C

 

NEW QUESTION 40
A Palo Alto Networks NGFW just submitted a file lo WildFire tor analysis Assume a 5-minute window for analysis. The firewall is configured to check for verdicts every 5 minutes.
How quickly will the firewall receive back a verdict?

  • A. 5 to 10 minutes
  • B. 10 to 15 minutes
  • C. 5 minutes
  • D. More than 15 minutes

Answer: A

 

NEW QUESTION 41
How would an administrator monitor/capture traffic on the management interface of the Palo Alto Networks NGFW?

  • A. Enable all four stage of traffic capture (TX, RX, DROP, Firewall)
  • B. Use the tcpdump command
  • C. USe the debug dataplane packet-dia set capture stage firewall file command
  • D. Use the debug dataplane packet-diag set capture stage management file command

Answer: B

 

NEW QUESTION 42
An organization has Palo Alto Networks MGfWs that send logs to remote monitoring and security management platforms. The network team has report has excessive traffic on the corporate WAN. How could the Palo Alto Networks NOFW administrator reduce WAN traffic while maintaining support for all the existing monitoring/security platforms?

  • A. Any configuration on an M-500 would address the insufficient bandwidth concerns.
  • B. Configure log compression and optimization features on all remote firewalls.
  • C. forward logs from firewalls only to Panorama, and have Panorama forward log* lo other external service.
  • D. Forward logs from external sources to Panorama for correlation, arid from Panorama send to the NGFW

Answer: C

 

NEW QUESTION 43
Which Captive Portal mode must be contoured to support MFA authentication?

  • A. Redirect
  • B. NTLM
  • C. Transparent
  • D. Single Sign-On

Answer: A

 

NEW QUESTION 44
A speed/duplex negotiation mismatch is between the Palo Alto Networks management port and the switch it connect.
How would an administrator configure the interface to IGbps?

  • A. set deviceconfig interface speed-duplex 1Gbs--full-duplex
  • B. set deviceconfig interface speed-duplex 1Gbs--half-duplex
  • C. set deviceconfig system speed-duplex 10Gbps-full-duplex
  • D. set deviceconfig system speed-duplex 1Gbs--half-duplex.

Answer: D

 

NEW QUESTION 45
An administrator deploys PA-500 NGFWs as an active/passive high availability pair . The devices are not participating in dynamic router and preemption is disabled.
What must be verified to upgrade the firewalls to the most recent version of PAN OS software?

  • A. Wildfire update package
  • B. Applications and Threats update package
  • C. User-ID agent
  • D. Antivirus update package

Answer: B

 

NEW QUESTION 46
A global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck near the User-ID agent server. Which solution in PAN -OS software would help in this case?

  • A. Virtual Wire mode
  • B. application override
  • C. content inspection
  • D. redistribution of user mappings

Answer: D

 

NEW QUESTION 47
An administrator pushes a new configuration from panorama to a pair of firewalls that are configured as active/passive HA pair.
Which NGFW receives the configuration from panorama?

  • A. the active firewall, which then synchronizes to the passive firewall
  • B. both the active and passive firewalls independently, with no synchronization afterward
  • C. both the active and passive firewalls, which then synchronizes with each other
  • D. the passive firewall, which then synchronizes to the active firewall

Answer: C

 

NEW QUESTION 48
Which two methods can be used to verify firewall connectivity to Autofocus? (Choose two. )

  • A. Check the WebUl Dashboard Autofocus widget
  • B. Check for WildFire forwarding logs.
  • C. Verify AutoFocus is enabled below Device Management tab
  • D. Check the license
  • E. Verify AutoFocus status using the CLI "test"command.

Answer: A,D

 

NEW QUESTION 49
Which option would an administration choose to define the certificate and protect that Panorama and its managed devices uses for SSL/ITS services?

  • A. Configure on SSL/TLS Profile.
  • B. Configure a Decryption Profile and select SSL/TLS services.
  • C. Set up Security policy rule to allow SSL communication.
  • D. Set Up SSL/TLS under Policies > Service/URL Category > Service.

Answer: A

 

NEW QUESTION 50
A Company needs to preconfigured firewalls to be sent to remote sites with the least amount of preconfiguration. Once deployed, each firewall must establish secure tunnels back to multiple regional data centers to include the future regional data centers.
Which VPN configuration would adapt to changes when deployed to Hie future site?

  • A. preconfigured GlobalProtcet client
  • B. preconfigured GlobalProtcet satellite
  • C. preconfigured iPsec tunnels
  • D. preconfigured PPTP Tunnels

Answer: B

 

NEW QUESTION 51
Which CLI command enables an administrator to view detail about the firewall including uptime. PAN -OS version, and serial number?

  • A. Show system detail
  • B. debug system details
  • C. Show session info
  • D. Show system info

Answer: D

 

NEW QUESTION 52
......

Dumps Brief Outline Of The PCNSC Exam: https://www.exams4sures.com/Palo-Alto-Networks/PCNSC-practice-exam-dumps.html

Related Articles

more
Palo Alto Networks PCNSC Certification Practice Exam