Full PCNSC Practice Test and 74 unique questions with explanations waiting just for you!
Paloalto Certifications and Accreditations Dumps PCNSC Exam for Full Questions - Exam Study Guide
NEW QUESTION 24
Which three file types can be forward to WildMFire for analysis a part of the basic WildMFire service?
- A. .dil
- B. .apk
- C. .exe
- D. .jar
- E. .pdf
- F. .fon
Answer: B,D,E
NEW QUESTION 25
Refer to the exhibit.
A web server in the DMZ is being mapped to a public address through DNAT.
Which Security policy rule will allow traffic to flow to the web server?
- A. Untrust (any) to DMZ (10. 1. 1. 100), web browsing - Allow
- B. Untrust (any) to Untrust (10. 1.1. 100), web browsing - Allow
- C. Untrust (any) to Untrust (1. 1. 1. 100), web browsing - Allow
- D. Untrust (any) to DMZ (1. 1. 1. 100), web browsing - Allow
Answer: C
NEW QUESTION 26
When a malware-infected host attempts to resolve a known command-and-control server, the traffic matches a security policy with DNS sinhole enabled, generating a traffic log.
What will be the destination IP Address in that log entry?
- A. The IP Address of the command-and-control server
- B. The IP Address specified in the sinkhole configuration
- C. The IP Address of sinkhole.paloaltonetworks.com
- D. The IP Address of one of the external DNS servers identified in the anti-spyware database
Answer: B
Explanation:
Explanation
https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Verify-DNS-Sinkhole-Function-is-Working/t
NEW QUESTION 27
Which version of Global Protect supports split tunneling based on destination domain, client process, and HTTP/HTTPs video streaming application?
- A. Glovbalprotect version 4.1 with PAn-OS 8.1
- B. Glovbalprotect version 4.0 with PAn-OS 8.1
- C. Glovbalprotect version 4.1 with PAn-OS 8.0
- D. Glovbalprotect version 4.0 with PAn-OS 8.0
Answer: B
NEW QUESTION 28
An administrator has created an SSL Decryption policy rule that decrypts SSL sessions on any port. Which log entry can the administrator use to verify that sessions are being decrypted?
- A. Data filtering log
- B. Decryption tag
- C. In the details of the Traffic log entries
- D. In the details of the Threat log entries
Answer: C
NEW QUESTION 29
A speed/duplex negotiation mismatch is between the Palo Alto Networks management port and the switch it connect.
How would an administrator configure the interface to IGbps?
- A. set deviceconfig interface speed-duplex 1Gbs--full-duplex
- B. set deviceconfig interface speed-duplex 1Gbs--half-duplex
- C. set deviceconfig system speed-duplex 10Gbps-full-duplex
- D. set deviceconfig system speed-duplex 1Gbs--half-duplex.
Answer: D
NEW QUESTION 30
Which two options prevents the firewall from capturing traffic passing through it? (Choose two.)
- A. The firewall's DP CPU is higher than 50%
- B. The traffic does not match the packet capture filter
- C. The traffic is offloaded.
- D. The firewall is in milti-vsys mode.
Answer: B,C
NEW QUESTION 31
The administrator has enabled BGP on a virtual router on the Palo Alto Networks NGFW, but new routes do not seem to be populating the virtual router.
Which two options would help the administrator Troubleshoot this issue? (Choose two.)
- A. View the ACC lab to isolate routing issues.
- B. View the Runtime Stats and look for problems with BGP configuration
- C. View the System logs and look for error messages about BGP
- D. Perform a traffic pcap on the NGFW lo see any BGP problems
Answer: A,B
NEW QUESTION 32
Which two action would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL forward proxy? (Choose two.)
- A. Create a Security Policy rule with vulnerability Security Profile attached.
- B. Create a no-decrypt Decryption Policy rule.
- C. Enable the "Block seasons with untrusted Issuers- setting.
- D. Configure an EDL to pull IP Addresses of known sites resolved from a CRL.
- E. Configure a Dynamic Address Group for untrusted sites.
Answer: A,C
NEW QUESTION 33
Which User-ID method should b configured to map addresses to usernames for users connected through a terminal server?
- A. port mapping
- B. server monitoring
- C. XFF header
- D. Client probing
Answer: A
NEW QUESTION 34
Which DoS protection mechanism detects and prevents session exhaustion attacks?
- A. TCP Port Scan Protection
- B. Flood Protection
- C. Pocket Based Attack Protection
- D. Resource Protection
Answer: D
NEW QUESTION 35
Which two methods can be used to verify firewall connectivity to Autofocus? (Choose two. )
- A. Check the WebUl Dashboard Autofocus widget
- B. Check for WildFire forwarding logs.
- C. Verify AutoFocus is enabled below Device Management tab
- D. Check the license
- E. Verify AutoFocus status using the CLI "test"command.
Answer: A,D
NEW QUESTION 36
Which three options are supposed in HA Lite? (Choose three.)
- A. Configuration synchronization
- B. session synchronization
- C. synchronization of IPsec security associations
- D. Virtual link
- E. active/passive deployment
Answer: A,C,E
NEW QUESTION 37
A Company needs to preconfigured firewalls to be sent to remote sites with the least amount of preconfiguration. Once deployed, each firewall must establish secure tunnels back to multiple regional data centers to include the future regional data centers.
Which VPN configuration would adapt to changes when deployed to Hie future site?
- A. preconfigured GlobalProtcet client
- B. preconfigured GlobalProtcet satellite
- C. preconfigured iPsec tunnels
- D. preconfigured PPTP Tunnels
Answer: B
NEW QUESTION 38
An administrator logs in to the Palo Alto Networks NGFW and reports and reports that the WebUI is missing the policies tab. Which profile is the cause of the missing policies tab?
- A. Admin Role
- B. Authorization
- C. Authentication
- D. WebUI
Answer: A
NEW QUESTION 39
The firewall identified a popular application as a unknown-tcp. Which options are available to identify the application? (Choose two.)
- A. Create a customer object for the customer application server to identify the custom application.
- B. Create a custom application.
- C. Submit an App-ID request to Palo Alto Networks.
- D. Create a Security policy to identify the customer application.
Answer: A,B
NEW QUESTION 40
......
Authentic Best resources for PCNSC Online Practice Exam: https://www.certkingdompdf.com/PCNSC-latest-certkingdom-dumps.html