Verified PCNSC exam dumps Q&As with Correct 74 Questions and Answers [Q30-Q51]

Verified PCNSC exam dumps Q&As with Correct 74 Questions and Answers

Palo Alto Networks PCNSC Test Engine PDF - All Free Dumps from BraindumpQuiz

Sample Questions for Palo Alto PCNSC Exam

What are the two Captive Portal modes? (Choose two.)

• certificate
• redirect
• transparent
• proxy
• web form

Which action is not required when multi-factor authentication and a SAML Identity Provider (IdP) are configured?

• configure NTLM settings
• create an Authentication policy rule
• create an Authentication Profile
• create an Authentication object

An Authentication policy rule has a HIP Profile. Where are the users being authenticated coming from?

• internal servers running UNIX (Solaris, HPUX, AIX, etc.)
• internal devices, such as Linux workstations
• GlobalProtect connections through the internet
• external devices belonging to customers of the organization

 

NEW QUESTION 30
A speed/duplex negotiation mismatch is between the Palo Alto Networks management port and the switch it connect.
How would an administrator configure the interface to IGbps?

• A. set deviceconfig interface speed-duplex 1Gbs--half-duplex
• B. set deviceconfig system speed-duplex 10Gbps-full-duplex
• C. set deviceconfig system speed-duplex 1Gbs--half-duplex.
• D. set deviceconfig interface speed-duplex 1Gbs--full-duplex

Answer: C

 

NEW QUESTION 31
A Security policy rule is configured with a Vulnerability Protection Profile and an action of Deny".
Which action will this configuration cause on the matched traffic?

• A. The configuration is invalid it will cause the firewall to Skip this Security policy rule A warning will be displayed during a command.
• B. The configuration is valid It will cause the firewall to deny the matched sessions. Any configured Security Profiles have no effect if the Security policy rule action is set to "Deny" The configuration will allow the matched session unless a vulnerability signature is detected. The "Deny" action will supersede the per. defined, severity defined actions defined in the associated Vulnerability Protection Profile.
• C. The configuration is invalid. The Profile Settings section will be- grayed out when the action is set to "Deny"

Answer: C

 

NEW QUESTION 32
An administrator encountered problems with inbound decryption. Which option should the administrator investigate as part of triage?

• A. firewall connectivity to a CRL
• B. Security policy rule allowing SSL to the target server
• C. Root certificate imported into the firewall with "Trust" enabled
• D. importation of a certificate from an HSM

Answer: B

 

NEW QUESTION 33
Which Captive Portal mode must be contoured to support MFA authentication?

• A. NTLM
• B. Transparent
• C. Single Sign-On
• D. Redirect

Answer: D

 

NEW QUESTION 34
Refer to the exhibit.

A web server in the DMZ is being mapped to a public address through DNAT.
Which Security policy rule will allow traffic to flow to the web server?

• A. Untrust (any) to Untrust (1. 1. 1. 100), web browsing - Allow
• B. Untrust (any) to Untrust (10. 1.1. 100), web browsing - Allow
• C. Untrust (any) to DMZ (10. 1. 1. 100), web browsing - Allow
• D. Untrust (any) to DMZ (1. 1. 1. 100), web browsing - Allow

Answer: A

 

NEW QUESTION 35
An administrator wants multiple web servers in the DMZ to receive connections from the internet. Traffic destined for 206.15.22.9 port 80/TCP needs to be forwarded to the server at 10 1.22 Based on the information shown in the age, which NAT rule will forward web-browsing traffic correctly?

A)

B)

C)

D)

• A. Option D
• B. Option C
• C. Option B
• D. Option A

Answer: D

 

NEW QUESTION 36
VPN traffic intended for an administrator's Palo Alto Networks NGfW is being maliciously intercepted and retransmitted by the interceptor. When Creating a VPN tunnel, which protection profile cm be enabled to prevent this malicious behavior?

• A. zone Protection
• B. DoS Protection
• C. Web Application
• D. Replay

Answer: A

 

NEW QUESTION 37
A global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck near the User-ID agent server. Which solution in PAN -OS software would help in this case?

• A. application override
• B. redistribution of user mappings
• C. Virtual Wire mode
• D. content inspection

Answer: B

 

NEW QUESTION 38
A firewall administrator has been asked to configure a Palo Alto Networks NGFW to prevent against compromised hosts trying to phone-number or bacon out to eternal command-and-control (C2) servers.
Which Security Profile type will prevent these behaviors?

• A. Anti-Spyware
• B. Antivirus
• C. Wildfire
• D. Vulnerability Protection

Answer: A

 

NEW QUESTION 39
An administrator has enabled OSPF on a virtual router on the NGFW OSPF is not adding new routes to the virtual router.
Which two options enable the administrator top troubleshoot this issue? (Choose two.)

• A. Add a redistribution profile to forward as BGP updates.
• B. View System logs.
• C. View Runtime Status virtual router.
• D. Perform a traffic pcap at the routing stage.

Answer: B,C

 

NEW QUESTION 40
How would an administrator monitor/capture traffic on the management interface of the Palo Alto Networks NGFW?

• A. Use the tcpdump command
• B. USe the debug dataplane packet-dia set capture stage firewall file command
• C. Enable all four stage of traffic capture (TX, RX, DROP, Firewall)
• D. Use the debug dataplane packet-diag set capture stage management file command

Answer: A

 

NEW QUESTION 41
Which option would an administration choose to define the certificate and protect that Panorama and its managed devices uses for SSL/ITS services?

• A. Configure on SSL/TLS Profile.
• B. Set up Security policy rule to allow SSL communication.
• C. Set Up SSL/TLS under Policies > Service/URL Category > Service.
• D. Configure a Decryption Profile and select SSL/TLS services.

Answer: A

 

NEW QUESTION 42
What is exchanged through the HA2 link?

• A. HA state information
• B. User-ID in information
• C. session synchronization
• D. hello heartbeats

Answer: C

 

NEW QUESTION 43
Which three file types can be forward to WildMFire for analysis a part of the basic WildMFire service?

• A. .pdf
• B. .exe
• C. .fon
• D. .apk
• E. .jar
• F. .dil

Answer: A,D,E

 

NEW QUESTION 44
Which two methods can be used to verify firewall connectivity to Autofocus? (Choose two. )

• A. Check the WebUl Dashboard Autofocus widget
• B. Verify AutoFocus is enabled below Device Management tab
• C. Check the license
• D. Verify AutoFocus status using the CLI "test"command.
• E. Check for WildFire forwarding logs.

Answer: A,C

 

NEW QUESTION 45
An administrator pushes a new configuration from panorama to a pair of firewalls that are configured as active/passive HA pair.
Which NGFW receives the configuration from panorama?

• A. both the active and passive firewalls independently, with no synchronization afterward
• B. the passive firewall, which then synchronizes to the active firewall
• C. the active firewall, which then synchronizes to the passive firewall
• D. both the active and passive firewalls, which then synchronizes with each other

Answer: D

 

NEW QUESTION 46
An administrator using an enterprise PKI needs to establish a unique chain of trust to ensure mutual authentication between panorama and the managed firewall and Log Collectors. How would the administrator establish the chain of trust?

• A. Configure strong password
• B. Enable LDAP or RADIUS integration.
• C. Set up multiple-factor authentication.
• D. Use custom certificates.

Answer: D

 

NEW QUESTION 47
Which User-ID method should b configured to map addresses to usernames for users connected through a terminal server?

• A. server monitoring
• B. port mapping
• C. XFF header
• D. Client probing

Answer: B

 

NEW QUESTION 48
Which two action would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL forward proxy? (Choose two.)

• A. Create a Security Policy rule with vulnerability Security Profile attached.
• B. Create a no-decrypt Decryption Policy rule.
• C. Configure an EDL to pull IP Addresses of known sites resolved from a CRL.
• D. Configure a Dynamic Address Group for untrusted sites.
• E. Enable the "Block seasons with untrusted Issuers- setting.

Answer: A,E

 

NEW QUESTION 49
What are two benefits of nested device groups in panorama? (Choose two )

• A. requires configuration both function and location for every device
• B. overwrites local firewall configuration
• C. all device groups inherit setting from the Shared group
• D. reuse of the existing Security policy rules and objects

Answer: A,C

 

NEW QUESTION 50
The administrator has enabled BGP on a virtual router on the Palo Alto Networks NGFW, but new routes do not seem to be populating the virtual router.
Which two options would help the administrator Troubleshoot this issue? (Choose two.)

• A. View the System logs and look for error messages about BGP
• B. View the ACC lab to isolate routing issues.
• C. Perform a traffic pcap on the NGFW lo see any BGP problems
• D. View the Runtime Stats and look for problems with BGP configuration

Answer: B,D

 

NEW QUESTION 51
......

What is Palo Alto PCNSC Certification Exam and Retake policy

The tests are at present PC based evaluations of information and abilities. There is different decision, coordinating and requesting questions. For definite data on singular Certification prerequisites and accessible assets to help get ready for the tests, similar to true accessible preparing, study guides, practice test, if it's not too much trouble, visit the Palo Alto Networks Certification site.

 

100% Passing Guarantee - Brilliant PCNSC Exam Questions PDF: https://skillsoft.braindumpquiz.com/PCNSC-exam-material.html