New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Paloalto Networks PCNSC Dumps Questions Answers

Page: 1 / 3
Total 60 questions

Palo Alto Networks Certified Network Security Consultant Questions and Answers

Question 1

Which two methods can be configured to validate the revocation status of a certificate? (Choose two)

Options:

A.

CRL

B.

Cert-Validation-Profile

C.

OCSP

D.

CRT

E.

SSL /TLS Service Profile

Buy Now
Question 2

The administrator has enabled BGP on a virtual router on the Palo Alto Networks NGFW, but new routes do not seem to be populating the virtual router.

Which two options would help the administrator Troubleshootthis issue? (Choose two.)

Options:

A.

Perform a traffic pcap on the NGFW lo see any BGP problems

B.

View the System logs and look for error messages about BGP

C.

View the Runtime Stats and look for problems with BGP configuration

D.

View the ACC lab toisolate routing issues.

Question 3

What will be the egress interface if the traffic’s ingress interface is Ethernet 1/6 sourcing form 192.168.11.3 and to the destination 10.46.41.113.during the.

Options:

A.

ethernet 1/6

B.

ethernet 1/5

C.

ethernet 1/3

D.

ethernet 1/7

Question 4

A user's traffic traversing a Palo Alto Networks NGFW sometime can reach http//www company com At the session times out. The NGFW has been configured with a PBF rule that the user's traffic matches when it goes to http //www company com.

How con the firewall be configured to automatically disable the PBF rule if thenext hop goes down?

Options:

A.

Configure path monitoring for tine next hop gateway on the default route in tin- virtual router.

B.

Enable and configure a Link Monitoring Profile for the external interface of the firewall.

C.

Create and add a Monitor Profile withan action of Wait Recover in the PBF rule in question.

D.

Create and add a Monitor Profile with an action of Fail Over in the PBF rule in question.

Question 5

Which three authentication faction factors does PAN-OS® software support for MFA? (Choose three.)

Options:

A.

Voice

B.

Pull

C.

SMS

D.

Push

E.

Okta Adaptive

Question 6

In High Availability, which information is transferred via the HA data link?

Options:

A.

heartbeats

B.

HA state information

C.

session information

D.

User-ID information

Question 7

Which two action would be part of an automatic solution that would block sites with untrusted certificates without enabling SSLforward proxy? (Choose two.)

Options:

A.

Configure an EDL to pull IP Addresses of known sites resolved from a CRL.

B.

Create a Security Policy rule with vulnerability Security Profile attached.

C.

Create a no-decrypt Decryption Policy rule.

D.

Enable the "Block seasons with untrusted Issuers- setting.

E.

Configure a Dynamic Address Group for untrusted sites.

Question 8

What are two benefits of nested device groups in panorama?(Choose two )

Options:

A.

overwrites local firewall configuration

B.

requires configuration both function and location for every device

C.

all device groups inherit setting from the Shared group

D.

reuse of the existing Security policy rules and objects

Question 9

View theGlobalProtect configuration screen capture.

What is the purpose of this configuration?

Options:

A.

It forces an internal client to connect to an internal gateway at IP address 192 168 10 I.

B.

It configures the tunnel address of all internal clients lo an IP address range starting at 192 168 10 1.

C.

It forces the firewall to perform a dynamic DNS update, Which adds the internal gateway's hostname and IP address to the DNS server.

D.

It enables a Client to perform a reverse DNS lookup on 192 .168. 10 .1. to delectit is an internal client.

Question 10

An administrator needs to optimize traffic to prefer business-critical applications overnon-critical applications.

QoS natively integrates with which feature to provide service quality?

Options:

A.

port inspection

B.

certification revocation

C.

Content-ID

D.

App-ID

Question 11

Refer to the exhibit.

A web server in the DMZ is being mapped to a public address through DNAT.

Which Security policy rule will allow traffic to flow to the web server?

Options:

A.

Untrust (any) to Untrust (10. 1.1. 100), web browsing – Allow

B.

Untrust (any) to Untrust (1. 1. 1. 100), web browsing – Allow

C.

Untrust (any) to DMZ (1. 1. 1. 100), web browsing – Allow

D.

Untrust (any) to DMZ (10. 1. 1. 100), web browsing – Allow

Page: 1 / 3
Total 60 questions