ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSC

Palo Alto Networks PCNSC Practice Test - Questions Answers, Page 4

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A customer's Palo Alto Networks NGFW currently has only one security policy allowing all traffic They have identified that this is a substantial security risk and have heard that the Expedition tool can help them extract security policies from an 'allow any' rule What should the consultant say about Expedition?
An existing customer who has deployed several Palo Alto Networks Next-Generation Firewalls would like to start using Device-ID to obtain policy rule recommendations They have also purchased a Support license, a Threat license a URL Filtering license, and a WildFire license for each firewall What additional license do they need to purchase'?
How can you verify that a new security policy is correctly blocking traffic without disrupting the network?
What is the maximum number of virtual systems supported by a Palo Alto Networks VM-300 firewall?
You are hosting a public-facing web server on your DMZ and access to that server is through a Palo Alto Networks firewall Both internal clients and internet clients access this web server using the FQDN public webserver acme com which resolves to the public address of 99.99 99.2 Which combination of NAT policies is necessary to enable access to the web server for both internal and internet clients? A) B) C) D)
Which two log types are necessary to fully investigate a network intrusion? (Choose two)
Which GlobalProtect feature ensures that only trusted endpoints can connect to the network?
Which CLI command should you use to verify whether all SFP SFP*, or QSFP modules are installed in a firewall?
Instead of disabling App-IDs regularly, a security policy rule is going to be configured to temporarily allow new App-IDs. In which two circumstances is it valid to disable App-IDs as part of content update-? (Choose two)
A customer has a five-year-old firewall in production in the time since the firewall was installed, the IT team deleted unused security policies on a regular basis but they did not remove the address objects and groups that were part of these security policies. What is the best way to delete all of the unused address objects on the firewall?

Question 31

Report
Export
Collapse

An administrator needs to create a new Antivirus Profile to address a virus that is spreading internally over SMB.

To create a secure posture the administrator should choose which set of actions for the SMB decoder in an Antivirus Profile?

A.
Action - Drop; Wildfire Action - Reset-Both
A.
Action - Drop; Wildfire Action - Reset-Both
Answers
B.
Action - Reset-Both: Wildfire Action - Reset-Both
B.
Action - Reset-Both: Wildfire Action - Reset-Both
Answers
C.
Action - Allow; Wildfire Action - Allow
C.
Action - Allow; Wildfire Action - Allow
Answers
D.
Action - Reset-Both. WiWfire Action - Alert
D.
Action - Reset-Both. WiWfire Action - Alert
Answers
Suggested answer: B

Explanation:

To create a secure Antivirus Profile to address a virus spreading internally over SMB, the administrator should choose the following set of actions for the SMB decoder:

B . Action - Reset-Both; Wildfire Action - Reset-Both

Choosing 'Reset-Both' for both the Antivirus Action and the Wildfire Action ensures that the connection is terminated on both the client and server sides whenever a virus is detected. This action helps prevent the spread of the virus by cutting off the infected connection immediately.

Palo Alto Networks - Antivirus Profile Best Practices: https://docs.paloaltonetworks.com/best-practices

Palo Alto Networks - Creating and Configuring Antivirus Profiles: https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/antivirus-profiles

Question 32

Report
Export
Collapse

Instead of disabling App-IDs regularly, a security policy rule is going to be configured to temporarily allow new App-IDs. In which two circumstances is it valid to disable App-IDs as part of content update-?

(Choose two)

A.
when planning to enable the App-IDs immediately
A.
when planning to enable the App-IDs immediately
Answers
B.
when you want to immediately benefit from the latest threat prevention
B.
when you want to immediately benefit from the latest threat prevention
Answers
C.
when disabling facebook-base to disable all other Facebook App-IDs
C.
when disabling facebook-base to disable all other Facebook App-IDs
Answers
D.
when an organization operates a mission-critical network and has zero tolerance for downtime
D.
when an organization operates a mission-critical network and has zero tolerance for downtime
Answers
Suggested answer: B, D

Explanation:

Disabling App-IDs as part of a content update can be valid in the following circumstances:

B . When you want to immediately benefit from the latest threat prevention: Disabling certain App-IDs can help ensure that the latest threat prevention measures are applied without waiting for the App-IDs to be fully tested in a specific environment. This can be crucial in quickly addressing emerging threats.

D . When an organization operates a mission-critical network and has zero tolerance for downtime: In such environments, administrators might temporarily disable new or modified App-IDs to avoid potential disruptions caused by unverified or untested App-IDs. This ensures that the network remains stable and functional while the new App-IDs are evaluated in a controlled manner.

Palo Alto Networks - Best Practices for Application and Threat Content Updates: https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/app-id/manage-app-id/application-and-threat-content-updates

Palo Alto Networks - Application and Threat Content Release Notes: https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-release-notes/application-and-threat-content-release-notes

Question 33

Report
Export
Collapse

Which CLI command should you use to verify whether all SFP SFP*, or QSFP modules are installed in a firewall?

A.
show system info
A.
show system info
Answers
B.
show interface <interface nane> detail
B.
show interface <interface nane> detail
Answers
C.
show system state filter sys.s'-p'-phy
C.
show system state filter sys.s'-p'-phy
Answers
D.
show system state filter sys.p*.phy
D.
show system state filter sys.p*.phy
Answers
Suggested answer: C

Explanation:

To verify whether all SFP, SFP+, or QSFP modules are installed in a firewall, you should use the following CLI command:

C . show system state filter sys.s-phy*

This command provides detailed information about the physical state of the system, including the status of SFP, SFP+, and QSFP modules installed in the firewall.

Palo Alto Networks - CLI Commands for Troubleshooting Hardware Issues: https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-cli-quick-start/troubleshooting-hardware-issues

Palo Alto Networks - Understanding Hardware and Interface Details via CLI: https://knowledgebase.paloaltonetworks.com

Question 34

Report
Export
Collapse

A customer who has a multi-tenant environment needs the administrator to be restricted lo specific objects and policies in the virtual system within its tenant How can an administrators access be restricted?

A.
Define access domains for virtual systems in the environment
A.
Define access domains for virtual systems in the environment
Answers
B.
Define an Admin Role Profile with Panorama enabling all access
B.
Define an Admin Role Profile with Panorama enabling all access
Answers
C.
Define an access domain that enables the device groups assigned to the admin
C.
Define an access domain that enables the device groups assigned to the admin
Answers
D.
Define an Admin Role Profile with a device group and template enabling all access
D.
Define an Admin Role Profile with a device group and template enabling all access
Answers
Suggested answer: A

Explanation:

To restrict an administrator's access to specific objects and policies in the virtual system within a multi-tenant environment, you should:

A . Define access domains for virtual systems in the environment

Access domains allow you to control administrator access to specific virtual systems, device groups, and templates. By defining access domains, you can restrict the administrator's permissions to only the relevant sections of the configuration, ensuring they can manage only the objects and policies within their assigned virtual systems.

Palo Alto Networks - Admin Role Profiles and Access Domains: https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/administering-pan-os/admin-role-profiles-and-access-domains

Palo Alto Networks - Multi-Tenancy in Virtual Systems: https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/firewall-administration/multi-tenancy

Question 35

Report
Export
Collapse

Which command would you use to view the current sessions on a Palo Alto firewall?

A.
show session all
A.
show session all
Answers
B.
show session info
B.
show session info
Answers
C.
show session list
C.
show session list
Answers
D.
show session current
D.
show session current
Answers
Suggested answer: B

Question 36

Report
Export
Collapse

Which of the following is NOT a benefit of using App-ID?

A.
Identifies applications running on non-standard ports
A.
Identifies applications running on non-standard ports
Answers
B.
Blocks application traffic that uses dynamic ports
B.
Blocks application traffic that uses dynamic ports
Answers
C.
Reduces the attack surface by allowing only required applications
C.
Reduces the attack surface by allowing only required applications
Answers
D.
Ensures consistent bandwidth allocation for all applications
D.
Ensures consistent bandwidth allocation for all applications
Answers
Suggested answer: D

Question 37

Report
Export
Collapse

What feature should be used to decrypt and inspect inbound SSL traffic without having to install a certificate on the client devices?

A.
SSL Inbound Inspection
A.
SSL Inbound Inspection
Answers
B.
SSL Outbound Inspection
B.
SSL Outbound Inspection
Answers
C.
SSL Forward Proxy
C.
SSL Forward Proxy
Answers
D.
SSL Reverse Proxy
D.
SSL Reverse Proxy
Answers
Suggested answer: D

Question 38

Report
Export
Collapse

Which GlobalProtect feature ensures that only trusted endpoints can connect to the network?

A.
Host Information Profile (HIP)
A.
Host Information Profile (HIP)
Answers
B.
App-ID
B.
App-ID
Answers
C.
User-ID
C.
User-ID
Answers
D.
SSL Decryption
D.
SSL Decryption
Answers
Suggested answer: A

Question 39

Report
Export
Collapse

What command can you use to check the status of GlobalProtect clients connected to the firewall?

A.
show globalprotect status
A.
show globalprotect status
Answers
B.
show globalprotect gateway
B.
show globalprotect gateway
Answers
C.
show globalprotect current-user
C.
show globalprotect current-user
Answers
D.
show globalprotect statistics
D.
show globalprotect statistics
Answers
Suggested answer: B

Question 40

Report
Export
Collapse

Which feature allows you to use multiple links simultaneously to balance the load in a Palo Alto Networks firewall?

A.
High Availability
A.
High Availability
Answers
B.
Aggregate Ethernet
B.
Aggregate Ethernet
Answers
C.
Virtual Wire
C.
Virtual Wire
Answers
D.
ECMP (Equal-Cost Multi-Path)
D.
ECMP (Equal-Cost Multi-Path)
Answers
Suggested answer: D
Total 60 questions
Go to page: of 6
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms