Ask Question
Palo Alto Networks PCNSC Practice Test - Questions Answers
List of questions
Question 1
TAC has requested a PCAP on your Panorama lo see why the DNS app is having intermittent issues resolving FODN What is the appropriate CLI command1*
To capture a PCAP on your Panorama to troubleshoot DNS resolution issues, the appropriate CLI command is:
B . tcpdump snaplen 0 filter 'port 53'
This command captures packets with no size limit (snaplen 0) and filters the traffic for port 53, which is used by DNS. This is the most straightforward and comprehensive way to capture all DNS traffic for analysis.
Palo Alto Networks - Using tcpdump on PAN-OS: https://knowledgebase.paloaltonetworks.com
Palo Alto Networks - Troubleshooting Network Connectivity Issues: https://docs.paloaltonetworks.com
Question 2
Examine the configured Security policy rule Which day one/Iron Skillet Security Profile Group is used to secure the traffic that is permitted through this rule?
The security policy rule shown in the image is configured to permit traffic from a source zone LAN-User-Zone to a destination zone Server-Zone. The applications allowed include tftp, ssl, and web-browsing, and the action is allow. According to Iron Skillet day one configurations, which provide best practice security profiles for immediate deployment, the relevant security profile group used to secure internal traffic like this is the Internal profile group.
Iron Skillet provides predefined configuration templates including security profile groups like Internal, External, and others to quickly secure traffic according to typical deployment scenarios.
Palo Alto Networks - Iron Skillet Documentation: https://github.com/PaloAltoNetworks/iron-skillet
Question 3
Which of the following is a primary use case for the Decryption Broker feature?
Question 4
How can you ensure that a Palo Alto Networks firewall does not block traffic during a software update?
Question 5
Which CLI command is used to verify the high availability state of a Palo Alto Networks firewall?
Question 6
In Panorama, what is the correct order of precedence for security policies?
Question 7
A firewall that was previously connected lo a User-ID agent server now shows disconnected What is the likely cause?
If a firewall that was previously connected to a User-ID agent server now shows disconnected, the likely cause is:
D . The firewall was upgraded to a PAN-OS version that is not compatible with the agent version
When a firewall is upgraded to a new version of PAN-OS, there can be compatibility issues with the existing User-ID agent if it is not updated accordingly. This can result in the firewall being unable to communicate with the User-ID agent, showing it as disconnected.
Palo Alto Networks - User-ID Agent Compatibility: https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/user-id/user-id-agent
Question 8
A customer's Palo Alto Networks NGFW currently has only one security policy allowing all traffic They have identified that this is a substantial security risk and have heard that the Expedition tool can help them extract security policies from an 'allow any' rule
What should the consultant say about Expedition?
The Expedition tool can help the customer extract security policies from an 'allow any' rule by using its Machine Learning feature:
B . By using the Machine Learning feature, Expedition can parse the traffic log files related to the policy and extract security rules for matching traffic
Expedition can analyze traffic log files and apply machine learning algorithms to suggest security policies that match the observed traffic patterns. This helps in creating a more secure and granular policy set from a broad 'allow any' rule.
Palo Alto Networks - Expedition Documentation: https://live.paloaltonetworks.com/t5/expedition-migration-tool/ct-p/migration_tool
Palo Alto Networks - Using Machine Learning in Expedition: https://live.paloaltonetworks.com/t5/expedition-articles/expedition-machine-learning-overview/ta-p/260401
Question 9
In an environment using User-ID, what role does the User-ID agent play?
Question 10
Which two types of security profiles are recommended to protect against known and unknown threats? (Choose two)
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
15
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
40
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Selling illegal goods, money scams etc.
Serious attack on a group.
Harassing an individual (including doxing)
Threatening or glorifying violence or serious harm, including self-harm
Nudity/Sexual content
Sexually explicit or suggestive imagery or writing involving minors
Sexually explicit or suggestive imagery or writing involving non-consenting adults or non-humans
Reusing content without attribution (link and blockquotes)
Not in English or has very bad formatting, grammar, and spelling
Author's credential is offensive, spam, or impersonation
Ex. Illegal content, incomplete question...
Practice Tests
Vendor:
Exam Questions:
Learners
Last Updated
Language
Question