palo alto networks pcnsc practice test
Palo Alto Networks Certified Network Security Consultant
Last exam update: Apr 12 ,2024
Question 1
Which method will dynamically register tags on the Palo Alto Networks NGFW?
- A. Restful API or the VMware API on the firewall or on the User.-D agent or the ready -only domain controller
- B. XML API or the VMware API on the firewall on the User-ID agent or the CLI
- C. Restful API or the VMware API on the firewall or on the User-ID Agent
- D. XML- API or lite VM Monitoring agent on the NGFW or on the User- ID agent
Answer:
D
Question 2
View the GlobalProtect configuration screen capture.
What is the purpose of this configuration?
- A. It forces an internal client to connect to an internal gateway at IP address 192 168 10 I.
- B. It configures the tunnel address of all internal clients lo an IP address range starting at 192 168 10 1.
- C. It forces the firewall to perform a dynamic DNS update, Which adds the internal gateway's hostname and IP address to the DNS server.
- D. It enables a Client to perform a reverse DNS lookup on 192 .168. 10 .1. to delect it is an internal client.
Answer:
D
Question 3
Which two options prevents the firewall from capturing traffic passing through it? (Choose two.)
- A. The firewall is in milti-vsys mode.
- B. The traffic does not match the packet capture filter
- C. The traffic is offloaded.
- D. The firewall's DP CPU is higher than 50%
Answer:
B C
Question 4
An administrator deploys PA-500 NGFWs as an active/passive high availability pair . The devices are not participating in
dynamic router and preemption is disabled.
What must be verified to upgrade the firewalls to the most recent version of PAN OS software?
- A. Antivirus update package
- B. Applications and Threats update package
- C. Wildfire update package
- D. User-ID agent
Answer:
B
Question 5
What will be the egress interface if the traffics ingress interface is Ethernet 1/6 sourcing form 192.168.11.3 and to the
destination 10.46.41.113.during the.
- A. ethernet 1/6
- B. ethernet 1/5
- C. ethernet 1/3
- D. ethernet 1/7
Answer:
C
Question 6
An administrator pushes a new configuration from panorama to a pair of firewalls that are configured as active/passive HA
pair.
Which NGFW receives the configuration from panorama?
- A. the active firewall, which then synchronizes to the passive firewall
- B. the passive firewall, which then synchronizes to the active firewall
- C. both the active and passive firewalls independently, with no synchronization afterward
- D. both the active and passive firewalls, which then synchronizes with each other
Answer:
D
Question 7
A user's traffic traversing a Palo Alto Networks NGFW sometime can reach http//www company com At the session times
out. The NGFW has been configured with a PBF rule that the user's traffic matches when it goes to http //www company
com.
How con the firewall be configured to automatically disable the PBF rule if the next hop goes down?
- A. Configure path monitoring for tine next hop gateway on the default route in tin- virtual router.
- B. Enable and configure a Link Monitoring Profile for the external interface of the firewall.
- C. Create and add a Monitor Profile with an action of Wait Recover in the PBF rule in question.
- D. Create and add a Monitor Profile with an action of Fail Over in the PBF rule in question.
Answer:
D
Question 8
Which two methods can be used to verify firewall connectivity to Autofocus? (Choose two. )
- A. Check the WebUl Dashboard Autofocus widget
- B. Check for WildFire forwarding logs.
- C. Verify AutoFocus is enabled below Device Management tab
- D. Verify AutoFocus status using the CLI "test"command.
- E. Check the license
Answer:
A E
Question 9
Which two subscriptions are available when configuring panorama to push dynamic updates to connected devices? (Choose
two.)
- A. User-ID
- B. Antivirus
- C. Application and Threats
- D. Content-ID
Answer:
B C
Question 10
In High Availability, which information is transferred via the HA data link?
- A. heartbeats
- B. HA state information
- C. session information
- D. User-ID information
Answer:
C
Question 11
How would an administrator monitor/capture traffic on the management interface of the Palo Alto Networks NGFW?
- A. Use the tcpdump command
- B. Use the debug dataplane packet-diag set capture stage management file command
- C. USe the debug dataplane packet-dia set capture stage firewall file command
- D. Enable all four stage of traffic capture (TX, RX, DROP, Firewall)
Answer:
A
Question 12
Which CLI command enables an administrator to view detail about the firewall including uptime. PAN -OS version, and
serial number?
- A. debug system details
- B. Show system detail
- C. Show system info
- D. Show session info
Answer:
C
Question 13
An administrator has left a firewall to used default port for all management services. Which three function performed by the
dataplane? (Choose three.)
- A. NTP
- B. antivirus
- C. NAT
- D. WildFire updates
- E. file blocking
Answer:
A C D
Question 14
A client has a sensitive application server in their data center and is particularly concerned about resource exhaustion
because of distributed denial-of-service attacks.
How can the Palo Alto Networks NGFW be configured to specifically protect tins server against resource exhaustion
originating from multiple IP address (DDoS attack)?
- A. Define a custom App-ID to ensure that only legitimate application traffic reaches the server
- B. Add a DoS Protection Profile with defined session count.
- C. Add a Vulnerability Protection Profile to block the attack.
- D. Add QoS Profiles to throttle incoming requests.
Answer:
B
Question 15
A firewall administrator has been asked to configure a Palo Alto Networks NGFW to prevent against compromised hosts
trying to phone-number or bacon out to eternal command-and-control (C2) servers.
Which Security Profile type will prevent these behaviors?
- A. Vulnerability Protection
- B. Antivirus
- C. Wildfire
- D. Anti-Spyware
Answer:
D