palo-alto-networks pcnsc practice test
Palo Alto Networks Certified Network Security Consultant
Question 1
Which method will dynamically register tags on the Palo Alto Networks NGFW?
- A. Restful API or the VMware API on the firewall or on the User.-D agent or the ready -only domain controller
- B. XML API or the VMware API on the firewall on the User-ID agent or the CLI
- C. Restful API or the VMware API on the firewall or on the User-ID Agent
- D. XML- API or lite VM Monitoring agent on the NGFW or on the User- ID agent
Answer:
D
Question 2
View the GlobalProtect configuration screen capture.
What is the purpose of this configuration?
- A. It forces an internal client to connect to an internal gateway at IP address 192 168 10 I.
- B. It configures the tunnel address of all internal clients lo an IP address range starting at 192 168 10 1.
- C. It forces the firewall to perform a dynamic DNS update, Which adds the internal gateway's hostname and IP address to the DNS server.
- D. It enables a Client to perform a reverse DNS lookup on 192 .168. 10 .1. to delect it is an internal client.
Answer:
D
Question 3
Which two options prevents the firewall from capturing traffic passing through it? (Choose two.)
- A. The firewall is in milti-vsys mode.
- B. The traffic does not match the packet capture filter
- C. The traffic is offloaded.
- D. The firewall's DP CPU is higher than 50%
Answer:
B C
Question 4
An administrator deploys PA-500 NGFWs as an active/passive high availability pair . The devices are not participating in
dynamic router and preemption is disabled.
What must be verified to upgrade the firewalls to the most recent version of PAN OS software?
- A. Antivirus update package
- B. Applications and Threats update package
- C. Wildfire update package
- D. User-ID agent
Answer:
B
Question 5
What will be the egress interface if the traffics ingress interface is Ethernet 1/6 sourcing form 192.168.11.3 and to the
destination 10.46.41.113.during the.
- A. ethernet 1/6
- B. ethernet 1/5
- C. ethernet 1/3
- D. ethernet 1/7
Answer:
C
Question 6
An administrator pushes a new configuration from panorama to a pair of firewalls that are configured as active/passive HA
pair.
Which NGFW receives the configuration from panorama?
- A. the active firewall, which then synchronizes to the passive firewall
- B. the passive firewall, which then synchronizes to the active firewall
- C. both the active and passive firewalls independently, with no synchronization afterward
- D. both the active and passive firewalls, which then synchronizes with each other
Answer:
D
Question 7
A user's traffic traversing a Palo Alto Networks NGFW sometime can reach http//www company com At the session times
out. The NGFW has been configured with a PBF rule that the user's traffic matches when it goes to http //www company
com.
How con the firewall be configured to automatically disable the PBF rule if the next hop goes down?
- A. Configure path monitoring for tine next hop gateway on the default route in tin- virtual router.
- B. Enable and configure a Link Monitoring Profile for the external interface of the firewall.
- C. Create and add a Monitor Profile with an action of Wait Recover in the PBF rule in question.
- D. Create and add a Monitor Profile with an action of Fail Over in the PBF rule in question.
Answer:
D
Question 8
Which two methods can be used to verify firewall connectivity to Autofocus? (Choose two. )
- A. Check the WebUl Dashboard Autofocus widget
- B. Check for WildFire forwarding logs.
- C. Verify AutoFocus is enabled below Device Management tab
- D. Verify AutoFocus status using the CLI "test"command.
- E. Check the license
Answer:
A E
Question 9
Which two subscriptions are available when configuring panorama to push dynamic updates to connected devices? (Choose
two.)
- A. User-ID
- B. Antivirus
- C. Application and Threats
- D. Content-ID
Answer:
B C
Question 10
In High Availability, which information is transferred via the HA data link?
- A. heartbeats
- B. HA state information
- C. session information
- D. User-ID information
Answer:
C