Black Friday Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

How to Easily Pass the Paloalto Networks PCNSC Exam: Expert Advice

Questions 11

Which event will happen administrator uses an Application Override Policy?

Options:

A.

Theapplication name assigned to the traffic by the security rule is written to the traffic log. B. The Palo Alto Networks NGFW Steps App-ID processing at Layer 4.

B.

Threat-ID processing time is decreased.

C.

App-ID processing time is increased.

Buy Now
Questions 12

An administrator creates a custom application containing Layer 7 signatures. The latest application and threat dynamic update is downloaded to the same NGFW. THE update contains application that matches the same traffic signatures as the customer application.

Which application should be used to identify traffic traversing the NGFW?

Options:

A.

custom application

B.

Custom and downloaded application signature files are merged and are used

C.

System longs show an application errors and signature is used.

D.

downloaded application

Buy Now
Questions 13

An administrator pushes a new configuration from panorama to a pair of firewalls that are configured as active/passive HA pair.

Which NGFW receives the configuration from panorama?

Options:

A.

the active firewall, which then synchronizes to the passive firewall

B.

the passive firewall, which then synchronizes to the active firewall

C.

both the active and passive firewalls independently, with no synchronization afterward

D.

both the active and passive firewalls, which then synchronizes with each other

Buy Now
Questions 14

Which prerequisite must be satisfied before creating an SSH proxy Decryption policy?

Options:

A.

No prerequisites are required

B.

SSH keys must be manually generated

C.

Both SSH keys and SSL certificates must be generated

D.

SSL certificates must be generated

Buy Now
Questions 15

Which two benefits comefrom assigning a Decrypting Profile to a Decryption rule with a” NO Decrypt” action? (Choose two.)

Options:

A.

Block sessions with unsuspected cipher suites

B.

Block sessions with untrusted issuers

C.

Block credential phishing.

D.

Block sessions with clientauthentication

E.

Block sessions with expired certificates

Buy Now
Questions 16

Refer to the exhibit.

PCNSC Question 16

A web server in the DMZ is being mapped to a public address through DNAT.

Which Security policy rule will allow traffic to flow to the web server?

Options:

A.

Untrust (any) to Untrust (10. 1.1. 100), web browsing – Allow

B.

Untrust (any) to Untrust (1. 1. 1. 100), web browsing – Allow

C.

Untrust (any) to DMZ (1. 1. 1. 100), web browsing – Allow

D.

Untrust (any) to DMZ (10. 1. 1. 100), web browsing – Allow

Buy Now
Questions 17

A session in the Traffic log is reporting the application as "incomplete”

What does "incomplete" mean?

Options:

A.

The three-way TCP handshake did notcomplete.

B.

Data was received but wan instantly discarded because of a Deny policy was applied before App ID could be applied.

C.

The three-way TCP handshake was observed, but the application could not be identified.

D.

The traffic is coming across UDP, and the application could not be identified.

Buy Now
Questions 18

An administrator has been asked to configure active/active HA for a pair of Palo Alto Networks NGFWs. The firewalls use layer 3 interface to send traffic to a single gateway IP for the pair.

Which configuration will enable this HA scenario?

Options:

A.

The firewall do not use floating IPs in active/active HA.

B.

The two firewalls will share a single floating IP and will use gratuitous ARP to share the floating IP.

C.

The firewalls will share the sameinterface IP address, and device 1 will use the floating IP if device 0 fails.

D.

Each firewall will have a separate floating IP. and priority will determine which firewall has the primary IP.

Buy Now
Questions 19

An administrator accidentally closed the commit window/screen before the commit was finished. Which two options could the administrator use to verify the progress or success of that commit task? (Choose two.)

A)

PCNSC Question 19

B)

PCNSC Question 19

C)

PCNSC Question 19

D)

PCNSC Question 19

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 20

An administrator encountered problems with inbound decryption. Which option should the administrator investigate as part of triage?

Options:

A.

firewall connectivity to a CRL

B.

Root certificate imported into the firewall with "Trust" enabled

C.

importation of a certificate from an HSM

D.

Security policy rule allowingSSL to the target server

Buy Now
Exam Code: PCNSC
Exam Name: Palo Alto Networks Certified Network Security Consultant
Last Update: Dec 12, 2024
Questions: 60

PDF + Testing Engine

$164.99
$66

Testing Engine

$124.99
$50

PDF (Q&A)

$104.99
$42