Which of the following is a primary use case for the Decryption Broker feature?

Sharing decrypted traffic with multiple security appliances

Managing multiple decryption rules

Sharing decrypted traffic with multiple security appliances

Decrypting outbound SSL traffic

Aggregating traffic logs from different sources

How can you ensure that a Palo Alto Networks firewall does not block traffic during a software update?

Schedule the upgrade during a maintenance window

Enable the Suspend Traffic During Upgrade option

Schedule the upgrade during a maintenance window

Configure session synchronization

Use the High Availability feature

In Panorama, what is the correct order of precedence for security policies?

Shared pre-rules, device group pre-rules, local rules, device group post-rules, shared post-rules

Device group pre-rules, shared pre-rules, local rules, device group post-rules, shared post-rules

Shared pre-rules, device group pre-rules, local rules, shared post-rules, device group post-rules

Shared pre-rules, device group pre-rules, local rules, device group post-rules, shared post-rules

Device group pre-rules, shared pre-rules, local rules, shared post-rules, device group post-rules

A firewall that was previously connected lo a User-ID agent server now shows disconnected What is the likely cause?

The firewall was upgraded to a PAN-OS version that is not compatible with the agent version

The server has stopped listening on port 2010

The Domain Controller service account has been locked out

The firewall was upgraded to a PAN-OS version that is not compatible with the agent version

A customer's Palo Alto Networks NGFW currently has only one security policy allowing all traffic They have identified that this is a substantial security risk and have heard that the Expedition tool can help them extract security policies from an 'allow any' ruleWhat should the consultant say about Expedition?

By using the Machine Learning feature Expedition can parse the traffic log files related to the polcy and extract security rules for matching traffic

Expedition cannot parse log files and therefore cannot be used for this purpose

By using the Machine Learning feature Expedition can parse the traffic log files related to the polcy and extract security rules for matching traffic

Live firewall traffic can be viewed on Expedition when connected to a firewall, and Expedition can automatically create and push policies to the firewall

The log files can be viewed on Expedition, and right-clicking a log entry gives the option to create security policy from the log entry.

In an environment using User-ID, what role does the User-ID agent play?

It maps user identities to IP addresses

It assigns IP addresses to users

It maps user identities to IP addresses

It inspects traffic for malicious content

It enforces security policies based on IP addresses

What is the purpose of the WildFire Analysis Profile in a security policy?

To specify which files are sent to WildFire for analysis

To configure the WildFire subscription settings

To enable WildFire to analyze all network traffic

To define the action to be taken on files analyzed by WildFire

A customer has deployed a GlobalProtect portal and gateway as its remote-access VPN solution for its fleet of Windows 10 laptopsThe customer wants to use Host information Profile (HIP) data collected at the GlobalProtect gateway throughout its enterprise as an additional means of policy enforcementWhat additional licensing must the customer purchase?

GlobalProtect license for each firewall that will use HIP data to enforce policy

DNS Security on the perimeter firewall

GlobalProtect license for each firewall that will use HIP data to enforce policy

GlobalProtect license for the gateway firewall

Your customer has asked you to set up tunnel monitoring on an IPsec VPN tunnel between two offices What three steps are needed to set up tunnel monitoring? (Choose three)

Add an IP address to each tunnel interface

Enable tunnel monitoring on each IPsec tunnel

Add an IP address to each tunnel interface

Enable tunnel monitoring on each IPsec tunnel

A customer is adding a new site-to-site tunnel from a Palo Alto Networks NGFW to a third party with a policy based VPN peer After the initial configuration is completed and the changes are committed, phase 2 fails to establishWhich two changes may be required to fix the issue? (Choose two)

Verify that PFS is enabled on both ends

Add proxy IDs to the iPsec tunnel configuration

Verity that the certificate used tor authentication is installed.

Verify that PFS is enabled on both ends

Enable the NAT Traversal advanced option.

Add proxy IDs to the iPsec tunnel configuration

Where and how is Expedition installed^

On an Ubuntu server, by running an installation script that will automatically download all dependencies

On an Ubuntu server, by manually installing the application and all dependencies

On a Windows Server, by running an installation script that will automatically download all dependencies

On a Windows Server by manually installing the application and all dependencies

Which three steps must an administrator perform to load only address objects from a PAN-OS saved configuration file into a VM-3C0 firewall that is in production? (Choose three)

load the config in the web interface and commit

enter the configuration mode from the CLI

use load config partial command

use the device configuration import in Panorama

Import named configuration snapshot through the web interface

load the config in the web interface and commit

enter the configuration mode from the CLI

use load config partial command

SSL Forward Proxy decryption is enabled on (he firewall When clients use Chrome to browse to HTTPS sites, the firewall returns the Forward Trust certificate, even when accessing websites with invalid certificates The clients need to be presented with a browser warning error with the option to proceed to websites with invalid certificatesWhich two options will satisfy this requirement? (Choose two.)

create a Decryption Profile with the Block sessions with expired certificates option enabled

create a self-signed Forward Untrust enabled certificate

create a Decryption Profile with the Block sessions with expired certificates option enabled

create a self-signed Forward Untrust enabled certificate

create a PKI signed Forward Unlrust enabled certificate

remove the Forward Untrust option from the Forward Trust certificate

A customer has a pair of Panorama HA appliances tunning local log collectors and wants to have log redundancy on logs forwarded from firewalls Which two configuration options fulfill the customer's requirement for log redundancy? (Choose two)

Log redundancy must be enabled per Collector Group

A Collector Group must contain at least two Log Collectors

Panorama operational mode needs to be Dedicated Log Collector

Log redundancy must be enabled per Collector Group

A Collector Group must contain at least two Log Collectors

Panorama configured in HA provides log redundancy

What happens when a packet from an existing session is received by a firewall that

The firewall lakes ownership of the session from the peer firewall

The firewall requests the sender to resend the packet

The firewall drops the packet to prevent any L3 loops

The firewall forwards the packet lo the peer firewall over the HA3 link

The firewall lakes ownership of the session from the peer firewall

A customer has a five-year-old firewall in production in the time since the firewall was installed, the IT team deleted unused security policies on a regular basis but they did not remove the address objects and groups that were part of these security policies.What is the best way to delete all of the unused address objects on the firewall?

Using CLI execute request configuration address-objects remove-unused-objects.

Import the configuration in Expedition, remove unused address objects, and reimport the configuration.

Using CLI execute request configuration address-objects remove-unused-objects.

Go to Address Objects under the Objects tab and click on Remove unused objects.

Search each address object with Global Find and delete if it shows that the address object is not referenced.

An administrator needs to create a new Antivirus Profile to address a virus that is spreading internally over SMB.To create a secure posture the administrator should choose which set of actions for the SMB decoder in an Antivirus Profile?

Action - Reset-Both: Wildfire Action - Reset-Both

Action - Drop; Wildfire Action - Reset-Both

Action - Reset-Both: Wildfire Action - Reset-Both

Action - Allow; Wildfire Action - Allow

Action - Reset-Both. WiWfire Action - Alert

Instead of disabling App-IDs regularly, a security policy rule is going to be configured to temporarily allow new App-IDs. In which two circumstances is it valid to disable App-IDs as part of content update-?(Choose two)

when you want to immediately benefit from the latest threat prevention

when an organization operates a mission-critical network and has zero tolerance for downtime

when planning to enable the App-IDs immediately

when you want to immediately benefit from the latest threat prevention

when disabling facebook-base to disable all other Facebook App-IDs

when an organization operates a mission-critical network and has zero tolerance for downtime

Which CLI command should you use to verify whether all SFP SFP*, or QSFP modules are installed in a firewall?

show system state filter sys.s'-p'-phy

show interface <interface nane> detail

show system state filter sys.s'-p'-phy

show system state filter sys.p*.phy

A customer who has a multi-tenant environment needs the administrator to be restricted lo specific objects and policies in the virtual system within its tenant How can an administrators access be restricted?

Define access domains for virtual systems in the environment

Define an Admin Role Profile with Panorama enabling all access

Define an access domain that enables the device groups assigned to the admin

Define an Admin Role Profile with a device group and template enabling all access

Which of the following is NOT a benefit of using App-ID?

Ensures consistent bandwidth allocation for all applications

Identifies applications running on non-standard ports

Blocks application traffic that uses dynamic ports

Reduces the attack surface by allowing only required applications

Ensures consistent bandwidth allocation for all applications

What command can you use to check the status of GlobalProtect clients connected to the firewall?

show globalprotect current-user

Palo Alto Networks PCNSC Practice Test 1 - Free Online Exam Prep & Questions

Question 1 / 40

TAC has requested a PCAP on your Panorama lo see why the DNS app is having intermittent issues resolving FODN What is the appropriate CLI command1*

tcp dump snaplen 53 filter 'tcp 53'

tcpdump snaplen 0 filter 'port 53'

tcp dump snap-en 0 filter 'app dns'

tcpdump snaplen 53 filter 'port 53'

Comment (0)

Palo Alto Networks PCNSC Practice Test 1

Question

Palo Alto Networks PCNSC Practice Tests

Practice Tests