[Q14-Q34] Try 100% Updated PCNSC Exam Questions [2021]

Try 100% Updated PCNSC Exam Questions [2021]

Pass PCNSC Exam - Real Questions & Answers

NEW QUESTION 14
Which virtual router feature determines if a specific destination IP address is reachable'?

• A. Path Monitoring
• B. Failover
• C. Heartbeat Monitoring
• D. Ping-Path

Answer: A

 

NEW QUESTION 15
The administrator has enabled BGP on a virtual router on the Palo Alto Networks NGFW, but new routes do not seem to be populating the virtual router.
Which two options would help the administrator Troubleshoot this issue? (Choose two.)

• A. View the Runtime Stats and look for problems with BGP configuration
• B. View the System logs and look for error messages about BGP
• C. Perform a traffic pcap on the NGFW lo see any BGP problems
• D. View the ACC lab to isolate routing issues.

Answer: A,D

 

NEW QUESTION 16
Which two methods can be configured to validate the revocation status of a certificate? (Choose two)

• A. CRL
• B. CRT
• C. SSL /TLS Service Profile
• D. OCSP
• E. Cert-Validation-Profile

Answer: B,E

 

NEW QUESTION 17
What is exchanged through the HA2 link?

• A. hello heartbeats
• B. HA state information
• C. User-ID in information
• D. session synchronization

Answer: D

 

NEW QUESTION 18
View the GlobalProtect configuration screen capture.
What is the purpose of this configuration?

• A. It forces the firewall to perform a dynamic DNS update, Which adds the internal gateway's hostname and IP address to the DNS server.
• B. It forces an internal client to connect to an internal gateway at IP address 192 168 10 I.
• C. It enables a Client to perform a reverse DNS lookup on 192 .168. 10 .1. to delect it is an internal client.
• D. It configures the tunnel address of all internal clients lo an IP address range starting at 192 168 10 1.

Answer: C

 

NEW QUESTION 19
What are two benefits of nested device groups in panorama? (Choose two )

• A. requires configuration both function and location for every device
• B. overwrites local firewall configuration
• C. all device groups inherit setting from the Shared group
• D. reuse of the existing Security policy rules and objects

Answer: A,C

 

NEW QUESTION 20
An administrator sees several inbound sessions identified as unknown tcp in the Traffic logs. The administrator determines that these sessions are from external users accessing the company's propriety accounting application. The administrator wants to reliability identity this as their accounting application and to scan this traffic for threats.
Which option would achieve this result?

• A. Create an Application Override policy and a custom threat signature for the application.
• B. Create a custom App-ID and enable scanning on the advanced tab.
• C. Create a custom App-ID and use the "ordered condition cheek box.
• D. Create an Application Override policy

Answer: A

 

NEW QUESTION 21
Which User-ID method should b configured to map addresses to usernames for users connected through a terminal server?

• A. Client probing
• B. XFF header
• C. port mapping
• D. server monitoring

Answer: C

 

NEW QUESTION 22
An administrator wants multiple web servers in the DMZ to receive connections from the internet. Traffic destined for 206.15.22.9 port 80/TCP needs to be forwarded to the server at 10 1.22 Based on the information shown in the age, which NAT rule will forward web-browsing traffic correctly?

A)

B)

C)

D)

• A. Option A
• B. Option B
• C. Option D
• D. Option C

Answer: A

 

NEW QUESTION 23
Which three user authentication services can be modified in to provide the Palo Alto Networks NGFW with both username and role names? (Choose three.)

• A. SAML
• B. TACACS+
• C. PAP
• D. LDAP
• E. RADIUS
• F. Kerberos

Answer: B,D,E

 

NEW QUESTION 24
An administrator creates a custom application containing Layer 7 signatures. The latest application and threat dynamic update is downloaded to the same NGFW. THE update contains application that matches the same traffic signatures as the customer application.
Which application should be used to identify traffic traversing the NGFW?

• A. downloaded application
• B. Custom and downloaded application signature files are merged and are used
• C. System longs show an application errors and signature is used.
• D. custom application

Answer: D

 

NEW QUESTION 25
An administrator has been asked to configure active/active HA for a pair of Palo Alto Networks NGFWs. The firewalls use layer 3 interface to send traffic to a single gateway IP for the pair.
Which configuration will enable this HA scenario?

• A. Each firewall will have a separate floating IP. and priority will determine which firewall has the primary IP.
• B. The two firewalls will share a single floating IP and will use gratuitous ARP to share the floating IP.
• C. The firewall do not use floating IPs in active/active HA.
• D. The firewalls will share the same interface IP address, and device 1 will use the floating IP if device 0 fails.

Answer: A

 

NEW QUESTION 26
Which processing order will be enabled when a panorama administrator selects the setting "Objects defined in ancestors will takes higher precedence?

• A. Descendant objects, will take precedence over ancestor objects.
• B. Ancestor will have precedence over descendant objects.
• C. Ancestor objects will have precedence over other ancestor objects.
• D. Descendant object will take precedence over other descendant objects.

Answer: B

 

NEW QUESTION 27
An administrator has enabled OSPF on a virtual router on the NGFW OSPF is not adding new routes to the virtual router.
Which two options enable the administrator top troubleshoot this issue? (Choose two.)

• A. View Runtime Status virtual router.
• B. View System logs.
• C. Perform a traffic pcap at the routing stage.
• D. Add a redistribution profile to forward as BGP updates.

Answer: A,B

 

NEW QUESTION 28
A firewall administrator has been asked to configure a Palo Alto Networks NGFW to prevent against compromised hosts trying to phone-number or bacon out to eternal command-and-control (C2) servers.
Which Security Profile type will prevent these behaviors?

• A. Antivirus
• B. Anti-Spyware
• C. Vulnerability Protection
• D. Wildfire

Answer: B

 

NEW QUESTION 29
In High Availability, which information is transferred via the HA data link?

• A. session information
• B. HA state information
• C. User-ID information
• D. heartbeats

Answer: A

 

NEW QUESTION 30
Which feature can be configured on VM-Series firewalls'?

• A. aggregate interlaces
• B. machine learning
• C. Globallprotect
• D. multiple virtual systems

Answer: C

 

NEW QUESTION 31
Which event will happen administrator uses an Application Override Policy?

• A. The Palo Alto Networks NGFW Steps App-ID processing at Layer 4.
• B. The application name assigned to the traffic by the security rule is written to the traffic log.
• C. App-ID processing time is increased.
• D. Threat-ID processing time is decreased.

Answer: A

 

NEW QUESTION 32
Which DoS protection mechanism detects and prevents session exhaustion attacks?

• A. Pocket Based Attack Protection
• B. Flood Protection
• C. TCP Port Scan Protection
• D. Resource Protection

Answer: D

 

NEW QUESTION 33
Which PAN-OS policy must you configure to force a user to provide additional credential before he is allowed to access an internal application that contains highly sensitive business data?

• A. Authentication policy
• B. Decryption policy
• C. Application Override policy
• D. Security policy

Answer: A

 

NEW QUESTION 34
......

How to book the Palo Alto PCNSC Exam

Test arrangements might be made ahead of time or on the day you wish to test, subject to accessibility. The test/arrangement testing time limit noted on Pearson VUE website pages mirrors the absolute arrangement time, including a NDA, test time, and review.

 

PCNSC Exam Questions Get Updated [2021] with Correct Answers: https://www.bootcamppdf.com/PCNSC_exam-dumps.html