PCNSC Exam Questions
72 real PCNSC exam questions with expert-verified answers and explanations. Page 1 of 2.
- Question #1
View the GlobalProtect configuration screen capture. What is the purpose of this configuration?
- Question #2
Which feature prevents the submission of corporate login information into website forms?
- Question #3
A firewall engineer creates a new App-ID report under Monitor > Reports > Application Reports > New Applications to monitor new applications on the network and better assess any Se...
- Question #4
An administrator needs to optimize traffic to prefer business-critical applications over non-critical applications. QoS natively integrates with which feature to provide service qu...
- Question #5
A Palo Alto Networks NGFW just submitted a file to WildFire for analysis. Assume a 5- minute window for analysis. The firewall is configured to check for verdicts every 5 minutes....
- Question #6
Which three steps will reduce the CPU utilization on the management plane? (Choose three.)
- Question #7
If an administrator wants to decrypt SMTP traffic and possesses the saver's certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to inspect traffic to the...
- Question #8
An administrator encountered problems with inbound decryption. Which option should the administrator investigate as part of triage?
- Question #9
Which feature can be configured on VM-Series firewalls?
- Question #10
Which two benefits come from assigning a Decrypting Profile to a Decryption rule with a" NO Decrypt" action? (Choose two.)
- Question #11
In High Availability, which information is transferred via the HA data link?
- Question #12
Which PAN-OSֲ® policy must you configure to force a user to provide additional credentials before he is allowed to access an internal application that contains highly-sensitive bus...
- Question #13
An administrator has left a firewall to use default port for all management services. Which three function performed by the dataplane? (Choose three.)
- Question #14
An administrator has created an SSL Decryption policy rule that decrypts SSL sessions on any port. Which log entry can the administrator use to verify that sessions are being decry...
- Question #15
When is the content inspection performed in the packet flow process?
- Question #16
A company needs to preconfigure firewalls to be sent to remote sites with the least amount of reconfiguration. Once deployed, each firewall must establish secure tunnels back to mu...
- Question #18
VPN traffic intended for an administrator's Palo Alto Networks NGfW is being maliciously intercepted and retransmitted by the interceptor. When Creating a VPN tunnel, which protect...
- Question #19
Which event will happen if an administrator uses an Application Override Policy?
- Question #20
The firewall identifies a popular application as an unknown-tcp. Which two options are available to identify the application? (Choose two.)
- Question #21
Which three file types can be forwarded to WildFire for analysis as a part of the basic WildFire service? (Choose three.)
- Question #22
Which two methods can be configured to validate the revocation status of a certificate? (Choose two)
- Question #23
Which virtual router feature determines if a specific destination IP address is reachable'?
- Question #24
The administrator has enabled BGP on a virtual router on the Palo Alto Networks NGFW, but new routes do not seem to be populating the virtual router. Which two options would help t...
- Question #25
A global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck near the User-ID agent server. Which solution in PAN-OS® software would...
- Question #26
During the packet flow process, which two processes are performed in application identification? (Choose two.)
- Question #27
An administrator is using Panorama and multiple Palo Alto Networks NGFWs. After upgrading all devices to the latest PAN-OSֲ® software, the administrator enables log forwarding from...
- Question #28
Which administrative authentication method supports authorization by an external service?
- Question #29
A client has a sensitive application server in their data center and is particularly concerned about resource exhaustion because of distributed denial-of-service attacks. How can t...
- Question #30
An engineer is monitoring an active/active high availability (HA) firewall pair. Which HA firewall state describes the firewall that is currently processing traffic?
- Question #31
A web server is hosted in the DMZ and the server is configured to listen for incoming connections on TCP port 443. A Security policies rules allowing access from the Trust zone to...
- Question #32
Which prerequisite must be satisfied before creating an SSH proxy Decryption policy?
- Question #33
An administrator deploys PA-500 NGFWs as an active/passive high availability pair. The devices are not participating in dynamic routing, and preemption is disabled. What must be ve...
- Question #34
Which processing order will be enabled when a panorama administrator selects the setting "Objects defined in ancestors will takes higher precedence?
- Question #36
How would an administrator monitor/capture traffic on the management interface of the Palo Alto Networks NGFW?
- Question #37
An organization has Palo Alto Networks MGfWs that send logs to remote monitoring and security management platforms. The network team has report has excessive traffic on the corpora...
- Question #38
A user's traffic traversing a Palo Alto Networks NGFW sometimes can reach How can the firewall be configured automatically disable the PBF rule if the next hop goes down?
- Question #39
Which two methods can be used to verify firewall connectivity to Autofocus? (Choose two. )
- Question #40
An administrator creates a custom application containing Layer 7 signatures. The latest application and threat dynamic update is downloaded to the same firewall. The update contain...
- Question #41
Which three options are supposed in HA Lite? (Choose three.)
- Question #42
Which three user authentication services can be modified in to provide the Palo Alto Networks NGFW with both username and role names? (Choose three.)
- Question #43
An administrator has been asked to configure active/passive HA for a pair of Palo Alto Networks NGFWs. The administrator assigns priority 100 to the active firewall. Which priority...
- Question #44
When a malware-infected host attempts to resolve a known command-and-control server, the traffic matches a security policy with DNS sinhole enabled, generating a traffic log. What...
- Question #45
A session in the Traffic log is reporting the application as "incomplete". What does "incomplete" mean?
- Question #46
Refer to the exhibit. A web server in the DMZ is being mapped to a public address through DNAT. Which Security policy rule will allow traffic to flow to the web server?
- Question #47
Which version of Global Protect supports split tunneling based on destination domain, client process, and HTTP/HTTPs video streaming application?
- Question #48
Which User-ID method should be configured to map IP addresses to usernames for users connected through a terminal server?
- Question #49
An administrator has been asked to configure active/active HA for a pair of Palo Alto Networks NGFWs. The firewalls use layer 3 interface to send traffic to a single gateway IP for...
- Question #50
An administrator using an enterprise PKI needs to establish a unique chain of trust to ensure mutual authentication between panorama and the managed firewall and Log Collectors. Ho...
- Question #51
Refer to the exhibit. Which will be the egress interface if the traffic's ingress interface is ethernet 1/7 sourcing from 192.168.111.3 and to the destination 10.46.41.113?
- Question #52
An administrator sees several inbound sessions identified as unknown tcp in the Traffic logs. The administrator determines that these sessions are from external users accessing the...