1. Home
  2. Palo Alto Networks
  3. PCNSC

Palo Alto Networks Certified Network Security Consultant

Exam Details

  • Exam Code
    :PCNSC
  • Exam Name
    :Palo Alto Networks Certified Network Security Consultant
  • Certification
    :Palo Alto Certifications and Accreditations
  • Vendor
    :Palo Alto Networks
  • Total Questions
    :81 Q&As
  • Last Updated
    :May 14, 2024

Palo Alto Networks Palo Alto Certifications and Accreditations PCNSC Questions & Answers

  • Question 61:

    Which two benefits come from assigning a Decrypting Profile to a Decryption rule with a" NO Decrypt" action? (Choose two.)

    A. Block sessions with unsuspected cipher suites

    B. Block sessions with untrusted issuers

    C. Block credential phishing.

    D. Block sessions with client authentication

    E. Block sessions with expired certificates

  • Question 62:

    Which two subscriptions are available when configuring panorama to push dynamic updates to connected devices? (Choose two.)

    A. User-ID

    B. Antivirus

    C. Application and Threats

    D. Content-ID

  • Question 63:

    A firewall administrator has been asked to configure a Palo Alto Networks NGFW to prevent against compromised hosts trying to phone-number or bacon out to eternal command-and-control (C2) servers. Which Security Profile type will prevent these behaviors?

    A. Vulnerability Protection

    B. Antivirus

    C. Wildfire

    D. Anti-Spyware

  • Question 64:

    A session in the Traffic log is reporting the application as "incomplete"

    What does "incomplete" mean?

    A. The three-way TCP handshake did not complete.

    B. Data was received but wan instantly discarded because of a Deny policy was applied before App ID could be applied.

    C. The three-way TCP handshake was observed, but the application could not be identified.

    D. The traffic is coming across UDP, and the application could not be identified.

  • Question 65:

    Which action would enables the firewalls to send their preexisting logs to Panorama?

    A. A CLI command will forward the pre-existing logs to Panorama.

    B. Use the import option to pull logs panorama.

    C. Use the ACC to consolidate pre-existing logs.

    D. The- log database will need to be exported from the firewall and manually imported into Panorama.

  • Question 66:

    An administrator has been asked to configure active/active HA for a pair of Palo Alto Networks NGFWs. The firewalls use layer 3 interface to send traffic to a single gateway IP for the pair.

    Which configuration will enable this HA scenario?

    A. The firewall do not use floating IPs in active/active HA.

    B. The two firewalls will share a single floating IP and will use gratuitous ARP to share the floating IP.

    C. The firewalls will share the same interface IP address, and device 1 will use the floating IP if device 0 fails.

    D. Each firewall will have a separate floating IP. and priority will determine which firewall has the primary IP.

  • Question 67:

    Which two options prevents the firewall from capturing traffic passing through it? (Choose two.)

    A. The firewall is in milti-vsys mode.

    B. The traffic does not match the packet capture filter

    C. The traffic is offloaded.

    D. The firewall's DP CPU is higher than 50%

  • Question 68:

    Which event will happen administrator uses an Application Override Policy?

    A. The application name assigned to the traffic by the security rule is written to the traffic log.

    B. The Palo Alto Networks NGFW Steps App-ID processing at Layer 4.

    C. Threat-ID processing time is decreased.

    D. App-ID processing time is increased.

  • Question 69:

    Which User-ID method should b configured to map addresses to usernames for users connected through a terminal server?

    A. XFF header

    B. Client probing

    C. port mapping

    D. server monitoring

  • Question 70:

    An organization has Palo Alto Networks MGfWs that send logs to remote monitoring and security management platforms. The network team has report has excessive traffic on the corporate WAN. How could the Palo Alto Networks NOFW administrator reduce WAN traffic while maintaining support for all the existing monitoring/security platforms?

    A. forward logs from firewalls only to Panorama, and have Panorama forward log* lo other external service.

    B. Any configuration on an M-500 would address the insufficient bandwidth concerns.

    C. Configure log compression and optimization features on all remote firewalls.

    D. Forward logs from external sources to Panorama for correlation, arid from Panorama send to the NGFW.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Palo Alto Networks exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PCNSC exam preparations and Palo Alto Networks certification application, do not hesitate to visit our Vcedump.com to find your solutions here.