palo alto networks pcnsc practice test

Palo Alto Networks Certified Network Security Consultant

Last exam update: Feb 14 ,2024
Page 1 out of 6. Viewing questions 1-15 out of 77

Question 1

Which method will dynamically register tags on the Palo Alto Networks NGFW?

  • A. Restful API or the VMware API on the firewall or on the User.-D agent or the ready -only domain controller
  • B. XML API or the VMware API on the firewall on the User-ID agent or the CLI
  • C. Restful API or the VMware API on the firewall or on the User-ID Agent
  • D. XML- API or lite VM Monitoring agent on the NGFW or on the User- ID agent
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

View the GlobalProtect configuration screen capture.
What is the purpose of this configuration?

  • A. It forces an internal client to connect to an internal gateway at IP address 192 168 10 I.
  • B. It configures the tunnel address of all internal clients lo an IP address range starting at 192 168 10 1.
  • C. It forces the firewall to perform a dynamic DNS update, Which adds the internal gateway's hostname and IP address to the DNS server.
  • D. It enables a Client to perform a reverse DNS lookup on 192 .168. 10 .1. to delect it is an internal client.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

Which two options prevents the firewall from capturing traffic passing through it? (Choose two.)

  • A. The firewall is in milti-vsys mode.
  • B. The traffic does not match the packet capture filter
  • C. The traffic is offloaded.
  • D. The firewall's DP CPU is higher than 50%
Answer:

B C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

An administrator deploys PA-500 NGFWs as an active/passive high availability pair . The devices are not participating in
dynamic router and preemption is disabled.
What must be verified to upgrade the firewalls to the most recent version of PAN OS software?

  • A. Antivirus update package
  • B. Applications and Threats update package
  • C. Wildfire update package
  • D. User-ID agent
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

What will be the egress interface if the traffics ingress interface is Ethernet 1/6 sourcing form 192.168.11.3 and to the
destination 10.46.41.113.during the.

  • A. ethernet 1/6
  • B. ethernet 1/5
  • C. ethernet 1/3
  • D. ethernet 1/7
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

An administrator pushes a new configuration from panorama to a pair of firewalls that are configured as active/passive HA
pair.
Which NGFW receives the configuration from panorama?

  • A. the active firewall, which then synchronizes to the passive firewall
  • B. the passive firewall, which then synchronizes to the active firewall
  • C. both the active and passive firewalls independently, with no synchronization afterward
  • D. both the active and passive firewalls, which then synchronizes with each other
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

A user's traffic traversing a Palo Alto Networks NGFW sometime can reach http//www company com At the session times
out. The NGFW has been configured with a PBF rule that the user's traffic matches when it goes to http //www company
com.
How con the firewall be configured to automatically disable the PBF rule if the next hop goes down?

  • A. Configure path monitoring for tine next hop gateway on the default route in tin- virtual router.
  • B. Enable and configure a Link Monitoring Profile for the external interface of the firewall.
  • C. Create and add a Monitor Profile with an action of Wait Recover in the PBF rule in question.
  • D. Create and add a Monitor Profile with an action of Fail Over in the PBF rule in question.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Which two methods can be used to verify firewall connectivity to Autofocus? (Choose two. )

  • A. Check the WebUl Dashboard Autofocus widget
  • B. Check for WildFire forwarding logs.
  • C. Verify AutoFocus is enabled below Device Management tab
  • D. Verify AutoFocus status using the CLI "test"command.
  • E. Check the license
Answer:

A E

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 9

Which two subscriptions are available when configuring panorama to push dynamic updates to connected devices? (Choose
two.)

  • A. User-ID
  • B. Antivirus
  • C. Application and Threats
  • D. Content-ID
Answer:

B C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

In High Availability, which information is transferred via the HA data link?

  • A. heartbeats
  • B. HA state information
  • C. session information
  • D. User-ID information
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

How would an administrator monitor/capture traffic on the management interface of the Palo Alto Networks NGFW?

  • A. Use the tcpdump command
  • B. Use the debug dataplane packet-diag set capture stage management file command
  • C. USe the debug dataplane packet-dia set capture stage firewall file command
  • D. Enable all four stage of traffic capture (TX, RX, DROP, Firewall)
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

Which CLI command enables an administrator to view detail about the firewall including uptime. PAN -OS version, and
serial number?

  • A. debug system details
  • B. Show system detail
  • C. Show system info
  • D. Show session info
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

An administrator has left a firewall to used default port for all management services. Which three function performed by the
dataplane? (Choose three.)

  • A. NTP
  • B. antivirus
  • C. NAT
  • D. WildFire updates
  • E. file blocking
Answer:

A C D

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 14

A client has a sensitive application server in their data center and is particularly concerned about resource exhaustion
because of distributed denial-of-service attacks.
How can the Palo Alto Networks NGFW be configured to specifically protect tins server against resource exhaustion
originating from multiple IP address (DDoS attack)?

  • A. Define a custom App-ID to ensure that only legitimate application traffic reaches the server
  • B. Add a DoS Protection Profile with defined session count.
  • C. Add a Vulnerability Protection Profile to block the attack.
  • D. Add QoS Profiles to throttle incoming requests.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

A firewall administrator has been asked to configure a Palo Alto Networks NGFW to prevent against compromised hosts
trying to phone-number or bacon out to eternal command-and-control (C2) servers.
Which Security Profile type will prevent these behaviors?

  • A. Vulnerability Protection
  • B. Antivirus
  • C. Wildfire
  • D. Anti-Spyware
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2