New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Paloalto Networks PCNSC Palo Alto Networks Certified Network Security Consultant Exam Practice Test

Demo: 11 questions
Total 60 questions

Palo Alto Networks Certified Network Security Consultant Questions and Answers

Question 1

What are two benefits of nested device groups in panorama?(Choose two )

Options:

A.

overwrites local firewall configuration

B.

requires configuration both function and location for every device

C.

all device groups inherit setting from the Shared group

D.

reuse of the existing Security policy rules and objects

Question 2

An administrator wants multiple web servers in the DMZ to receive connections from the internet. Traffic destined for 206.15.22.9 port 80/TCP needs to be forwarded to the server at 10 1.22

Based on the information shown in the age, which NAT rule will forward web-browsing traffic correctly?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 3

An administrator has created an SSL Decryption policy rule that decrypts SSL sessions on any port. Which log entry can the administrator use to verify that sessions are being decrypted?

Options:

A.

Decryption tag

B.

In the details of the Threat log entries

C.

In the details of the Traffic log entries

D.

Data filtering log

Question 4

A web server is hosted in the DMZ and the server re configured to listen for income connections on TCP port 443. A Security policies rules allowing access from the Trust zone to the DMZ zone needs to be configured to allow web-browsing access. The web server host its contents over Traffic from Trust to DMZ is being decrypted with a Forward Proxy rule.

Which combination of service and application, and order of Security policy rules needs to be configured to allow cleaned web-browsing traffic to the server on tcp/443?

Options:

A.

Rule# 1 application: ssl; service application-default: action allow

Role # 2 application web browsing, service application default, action allow

B.

Rule #1application web-browsing, service service imp action allow

Rule #2 application ssl. service application -default, action allow

C.

Rule#1 application web-brows.no service application-default, action allow

Rule #2 application ssl. Service application-default, action allow

D.

Rule#1application: web-biows.no;service service-https action allow

Rule#2 application ssl. Service application-default, action allow

Question 5

Which three authentication faction factors does PAN-OS® software support for MFA? (Choose three.)

Options:

A.

Voice

B.

Pull

C.

SMS

D.

Push

E.

Okta Adaptive

Question 6

An administrator has users accessing network resources through Citrix XenApp 7 .x. Which User-ID mapping solution will map multiple mat who using Citrix to connect to the network and access resources?

Options:

A.

Client Probing

B.

Globa1Protect

C.

Terminal Services agent

D.

Syslog Monitoring

Question 7

An administrator sees several inbound sessions identified as unknown tcp in the Traffic logs. The administrator determines that thesesessions are from external users accessing the company’s propriety accounting application. The administrator wants to reliability identity this as their accounting application and to scan this traffic for threats.

Which option would achieve this result?

Options:

A.

Create an Application Override policy and a custom threat signature for the application.

B.

Create a custom App-ID and use the "ordered condition cheek box.

C.

Create an Application Override policy

D.

Create a custom App-ID and enable scanning on the advanced tab.

Question 8

Which two action would be part of an automatic solution that would block sites with untrusted certificates without enabling SSLforward proxy? (Choose two.)

Options:

A.

Configure an EDL to pull IP Addresses of known sites resolved from a CRL.

B.

Create a Security Policy rule with vulnerability Security Profile attached.

C.

Create a no-decrypt Decryption Policy rule.

D.

Enable the "Block seasons with untrusted Issuers- setting.

E.

Configure a Dynamic Address Group for untrusted sites.

Question 9

Which feature prevents the submission of corporate login information into website forms?

Options:

A.

credential submission prevention

B.

file blocking

C.

User-ID

D.

data filtering

Question 10

Which CLI command enables an administrator to view detail about the firewall including uptime. PAN -OS® version, and serial number?

Options:

A.

debug system details

B.

Show systemdetail

C.

Show system info

D.

Show session info

Question 11

What should an administrator consider when planning to revert Panorama to a pre-PAN-OS 8.1 version?

Options:

A.

When Panorama is reverted to an earlier PAN-OS release, variable used in template stacks will be removed authentically.

B.

Panorama cannot be reverted to an earlier PAN-OS release if variables are used in templates or stacks.

C.

An administrator must use the Expedition tool to adapt the configuration to the pre-pan-OS 8.1 state.

D.

Administrators need to manually update variable characters to those to used in pre-PAN-OS 8.1.

Demo: 11 questions
Total 60 questions