1. Home
  2. Palo Alto Networks
  3. PCNSC

Palo Alto Networks Certified Network Security Consultant

Exam Details

  • Exam Code
    :PCNSC
  • Exam Name
    :Palo Alto Networks Certified Network Security Consultant
  • Certification
    :Palo Alto Certifications and Accreditations
  • Vendor
    :Palo Alto Networks
  • Total Questions
    :81 Q&As
  • Last Updated
    :May 14, 2024

Palo Alto Networks Palo Alto Certifications and Accreditations PCNSC Questions & Answers

  • Question 71:

    In High Availability, which information is transferred via the HA data link?

    A. heartbeats

    B. HA state information

    C. session information

    D. User-ID information

  • Question 72:

    An administrator using an enterprise PKI needs to establish a unique chain of trust to ensure mutual authentication between panorama and the managed firewall and Log Collectors. How would the administrator establish the chain of trust?

    A. Configure strong password

    B. Set up multiple-factor authentication.

    C. Use custom certificates.

    D. Enable LDAP or RADIUS integration.

  • Question 73:

    Refer to the exhibit.

    A web server in the DMZ is being mapped to a public address through DNAT. Which Security policy rule will allow traffic to flow to the web server?

    A. Untrust (any) to Untrust (10. 1.1. 100), web browsing -Allow

    B. Untrust (any) to Untrust (1. 1. 1. 100), web browsing -Allow

    C. Untrust (any) to DMZ (1. 1. 1. 100), web browsing -Allow

    D. Untrust (any) to DMZ (10. 1. 1. 100), web browsing -Allow

  • Question 74:

    Which feature prevents the submission of login information into website froms?

    A. credential phishing prevention

    B. file blocking

    C. User-ID

    D. data filtering

  • Question 75:

    The administrator has enabled BGP on a virtual router on the Palo Alto Networks NGFW, but new routes do not seem to be populating the virtual router.

    Which two options would help the administrator Troubleshoot this issue? (Choose two.)

    A. Perform a traffic pcap on the NGFW lo see any BGP problems

    B. View the System logs and look for error messages about BGP

    C. View the Runtime Stats and look for problems with BGP configuration

    D. View the ACC lab to isolate routing issues.

  • Question 76:

    Which three user authentication services can be modified in to provide the Palo Alto Networks NGFW with both username and role names? (Choose three.)

    A. PAP

    B. SAML

    C. LDAP

    D. TACACS+

    E. RADIUS

    F. Kerberos

  • Question 77:

    View the GlobalProtect configuration screen capture.

    What is the purpose of this configuration?

    A. It forces an internal client to connect to an internal gateway at IP address 192 168 10 1.

    B. It configures the tunnel address of all internal clients lo an IP address range starting at 192 168 10 1.

    C. It forces the firewall to perform a dynamic DNS update, Which adds the internal gateway's hostname and IP address to the DNS server.

    D. It enables a Client to perform a reverse DNS lookup on 192 .168. 10 .1. to delect it is an internal client.

  • Question 78:

    An administrator sees several inbound sessions identified as unknown tcp in the Traffic logs. The administrator determines that these sessions are from external users accessing the company's propriety accounting application. The administrator wants to reliability identity this as their accounting application and to scan this traffic for threats.

    Which option would achieve this result?

    A. Create an Application Override policy and a custom threat signature for the application.

    B. Create a custom App-ID and use the "ordered condition cheek box.

    C. Create an Application Override policy

    D. Create a custom App-ID and enable scanning on the advanced tab.

  • Question 79:

    Which PAN-OS policy must you configure to force a user to provide additional credential before he is allowed to access an internal application that contains highly sensitive business data?

    A. Authentication policy

    B. Decryption policy

    C. Security policy

    D. Application Override policy

  • Question 80:

    A web server is hosted in the DMZ and the server re configured to listen for income connections on TCP port 443. A Security policies rules allowing access from the Trust zone to the DMZ zone needs to be configured to allow web-browsing access. The web server host its contents over Traffic from Trust to DMZ is being decrypted with a Forward Proxy rule.

    Which combination of service and application, and order of Security policy rules needs to be configured to allow cleaned web-browsing traffic to the server on tcp/443?

    A. Rule# 1 application: ssl; service application-default: action allow Role # 2 application web browsing, service application default, action allow

    B. Rule #1application web-browsing, service service imp action allow Rule #2 application ssl. service application -default, action allow

    C. Rule#1 application web-brows.no service application-default, action allow Rule #2 application ssl. Service application-default, action allow

    D. Rule#1application: web-biows.no; service service-https action allow Rule#2 application ssl. Service application-default, action allow

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Palo Alto Networks exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PCNSC exam preparations and Palo Alto Networks certification application, do not hesitate to visit our Vcedump.com to find your solutions here.