PCNSC Training & Certification Get Latest Paloalto Certifications and Accreditations Updated on Sep 01, 2021 [Q25-Q50]

Share

PCNSC Training & Certification Get Latest Paloalto Certifications and Accreditations Updated on Sep 01, 2021

Certification Training for PCNSC Exam Dumps Test Engine

NEW QUESTION 25
If the firewall is configured for credential phishing prevention using the "Domain Credential Filter" method, which login will be detected as credential theft?

  • A. Matching any valid corporate username.
  • B. Mapping to the IP address of the logged-in user.
  • C. Using the name user's corporate username and password.
  • D. First four letters of the username matching any valid corporate username.

Answer: B

 

NEW QUESTION 26
Which two action would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL forward proxy? (Choose two.)

  • A. Create a Security Policy rule with vulnerability Security Profile attached.
  • B. Create a no-decrypt Decryption Policy rule.
  • C. Enable the "Block seasons with untrusted Issuers- setting.
  • D. Configure an EDL to pull IP Addresses of known sites resolved from a CRL.
  • E. Configure a Dynamic Address Group for untrusted sites.

Answer: A,C

 

NEW QUESTION 27
The firewall identified a popular application as a unknown-tcp. Which options are available to identify the application? (Choose two.)

  • A. Create a customer object for the customer application server to identify the custom application.
  • B. Create a custom application.
  • C. Submit an App-ID request to Palo Alto Networks.
  • D. Create a Security policy to identify the customer application.

Answer: A,B

 

NEW QUESTION 28
Which User-ID method should b configured to map addresses to usernames for users connected through a terminal server?

  • A. port mapping
  • B. server monitoring
  • C. XFF header
  • D. Client probing

Answer: A

 

NEW QUESTION 29
Which three file types can be forward to WildMFire for analysis a part of the basic WildMFire service?

  • A. .dil
  • B. .apk
  • C. .exe
  • D. .jar
  • E. .pdf
  • F. .fon

Answer: B,D,E

 

NEW QUESTION 30
An administrator has been asked to configure active/active HA for a pair of Palo Alto Networks NGFWs. The firewalls use layer 3 interface to send traffic to a single gateway IP for the pair.
Which configuration will enable this HA scenario?

  • A. Each firewall will have a separate floating IP. and priority will determine which firewall has the primary IP.
  • B. The firewalls will share the same interface IP address, and device 1 will use the floating IP if device 0 fails.
  • C. The firewall do not use floating IPs in active/active HA.
  • D. The two firewalls will share a single floating IP and will use gratuitous ARP to share the floating IP.

Answer: A

 

NEW QUESTION 31
Which event will happen administrator uses an Application Override Policy?

  • A. The Palo Alto Networks NGFW Steps App-ID processing at Layer 4.
  • B. App-ID processing time is increased.
  • C. The application name assigned to the traffic by the security rule is written to the traffic log.
  • D. Threat-ID processing time is decreased.

Answer: A

 

NEW QUESTION 32
Which version of Global Protect supports split tunneling based on destination domain, client process, and HTTP/HTTPs video streaming application?

  • A. Glovbalprotect version 4.1 with PAn-OS 8.1
  • B. Glovbalprotect version 4.0 with PAn-OS 8.1
  • C. Glovbalprotect version 4.1 with PAn-OS 8.0
  • D. Glovbalprotect version 4.0 with PAn-OS 8.0

Answer: B

 

NEW QUESTION 33
Which feature prevents the submission of login information into website froms?

  • A. file blocking
  • B. User-ID
  • C. data filtering
  • D. credential phishing prevention

Answer: D

 

NEW QUESTION 34
An administrator deploys PA-500 NGFWs as an active/passive high availability pair . The devices are not participating in dynamic router and preemption is disabled.
What must be verified to upgrade the firewalls to the most recent version of PAN OS software?

  • A. Wildfire update package
  • B. Applications and Threats update package
  • C. User-ID agent
  • D. Antivirus update package

Answer: B

 

NEW QUESTION 35
An administrator creates a custom application containing Layer 7 signatures. The latest application and threat dynamic update is downloaded to the same NGFW. THE update contains application that matches the same traffic signatures as the customer application.
Which application should be used to identify traffic traversing the NGFW?

  • A. System longs show an application errors and signature is used.
  • B. custom application
  • C. downloaded application
  • D. Custom and downloaded application signature files are merged and are used

Answer: B

 

NEW QUESTION 36
What is exchanged through the HA2 link?

  • A. hello heartbeats
  • B. User-ID in information
  • C. session synchronization
  • D. HA state information

Answer: C

 

NEW QUESTION 37
An administrator has users accessing network resources through Citrix XenApp 7 .x. Which User-ID mapping solution will map multiple mat who using Citrix to connect to the network and access resources?

  • A. Syslog Monitoring
  • B. Globa1Protect
  • C. Terminal Services agent
  • D. Client Probing

Answer: C

 

NEW QUESTION 38
A speed/duplex negotiation mismatch is between the Palo Alto Networks management port and the switch it connect.
How would an administrator configure the interface to IGbps?

  • A. set deviceconfig interface speed-duplex 1Gbs--full-duplex
  • B. set deviceconfig interface speed-duplex 1Gbs--half-duplex
  • C. set deviceconfig system speed-duplex 10Gbps-full-duplex
  • D. set deviceconfig system speed-duplex 1Gbs--half-duplex.

Answer: D

 

NEW QUESTION 39
How would an administrator monitor/capture traffic on the management interface of the Palo Alto Networks NGFW?

  • A. Enable all four stage of traffic capture (TX, RX, DROP, Firewall)
  • B. Use the tcpdump command
  • C. USe the debug dataplane packet-dia set capture stage firewall file command
  • D. Use the debug dataplane packet-diag set capture stage management file command

Answer: B

 

NEW QUESTION 40
Refer to the exhibit.

A web server in the DMZ is being mapped to a public address through DNAT.
Which Security policy rule will allow traffic to flow to the web server?

  • A. Untrust (any) to DMZ (10. 1. 1. 100), web browsing - Allow
  • B. Untrust (any) to Untrust (10. 1.1. 100), web browsing - Allow
  • C. Untrust (any) to Untrust (1. 1. 1. 100), web browsing - Allow
  • D. Untrust (any) to DMZ (1. 1. 1. 100), web browsing - Allow

Answer: C

 

NEW QUESTION 41
Which prerequisite must be satisfied before creating an SSH proxy Decryption policy?

  • A. No prerequisites are required
  • B. Both SSH keys and SSL certificates must be generated
  • C. SSL certificates must be generated
  • D. SSH keys must be manually generated

Answer: A

 

NEW QUESTION 42
Which two methods can be configured to validate the revocation status of a certificate? (Choose two)

  • A. CRL
  • B. SSL /TLS Service Profile
  • C. CRT
  • D. Cert-Validation-Profile
  • E. OCSP

Answer: C,D

 

NEW QUESTION 43
An administrator has enabled OSPF on a virtual router on the NGFW OSPF is not adding new routes to the virtual router.
Which two options enable the administrator top troubleshoot this issue? (Choose two.)

  • A. View Runtime Status virtual router.
  • B. View System logs.
  • C. Add a redistribution profile to forward as BGP updates.
  • D. Perform a traffic pcap at the routing stage.

Answer: A,B

 

NEW QUESTION 44
A user's traffic traversing a Palo Alto Networks NGFW sometime can reach http//www company com At the session times out.
The NGFW has been configured with a PBF rule that the user's traffic matches when it goes to http //www company com.
How con the firewall be configured to automatically disable the PBF rule if the next hop goes down?

  • A. Create and add a Monitor Profile with an action of Wait Recover in the PBF rule in question.
  • B. Create and add a Monitor Profile with an action of Fail Over in the PBF rule in question.
  • C. Enable and configure a Link Monitoring Profile for the external interface of the firewall.
  • D. Configure path monitoring for tine next hop gateway on the default route in tin- virtual router.

Answer: B

 

NEW QUESTION 45
A global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck near the User-ID agent server. Which solution in PAN -OS software would help in this case?

  • A. Virtual Wire mode
  • B. application override
  • C. content inspection
  • D. redistribution of user mappings

Answer: D

 

NEW QUESTION 46
The administrator has enabled BGP on a virtual router on the Palo Alto Networks NGFW, but new routes do not seem to be populating the virtual router.
Which two options would help the administrator Troubleshoot this issue? (Choose two.)

  • A. View the ACC lab to isolate routing issues.
  • B. View the Runtime Stats and look for problems with BGP configuration
  • C. View the System logs and look for error messages about BGP
  • D. Perform a traffic pcap on the NGFW lo see any BGP problems

Answer: A,B

 

NEW QUESTION 47
Which virtual router feature determines if a specific destination IP address is reachable'?

  • A. Path Monitoring
  • B. Ping-Path
  • C. Heartbeat Monitoring
  • D. Failover

Answer: A

 

NEW QUESTION 48
Which feature can be configured on VM-Series firewalls'?

  • A. aggregate interlaces
  • B. machine learning
  • C. multiple virtual systems
  • D. Globallprotect

Answer: D

 

NEW QUESTION 49
An administrator has created an SSL Decryption policy rule that decrypts SSL sessions on any port. Which log entry can the administrator use to verify that sessions are being decrypted?

  • A. Data filtering log
  • B. Decryption tag
  • C. In the details of the Traffic log entries
  • D. In the details of the Threat log entries

Answer: C

 

NEW QUESTION 50
......

Step by Step Guide to Prepare for PCNSC Exam: https://www.examprepaway.com/Palo-Alto-Networks/braindumps.PCNSC.ete.file.html

Paloalto Certifications and Accreditations PCNSC Real Exam Questions and Answers FREE Updated: https://drive.google.com/open?id=13uM4X-_3org25nARO5UaqxvBKyX4iIQ0