Palo Alto Networks PCNSC Exam Practice Test Instant Access

Question 1

Which processing order will be enabled when a panorama administrator selects the setting "Objects defined in ancestors will takes higher precedence?

ADescendant objects, will take precedence over ancestor objects.

BAncestor will have precedence over descendant objects.

CAncestor objects will have precedence over other ancestor objects.

DDescendant object will take precedence over other descendant objects.

Answer : B

Question 2

An administrator deploys PA-500 NGFWs as an active/passive high availability pair . The devices are not participating in dynamic router and preemption is disabled.

What must be verified to upgrade the firewalls to the most recent version of PAN OS software?

AAntivirus update package

BApplications and Threats update package

CWildfire update package

DUser-ID agent

Answer : B

Question 3

Which prerequisite must be satisfied before creating an SSH proxy Decryption policy?

ANo prerequisites are required

BSSH keys must be manually generated

CBoth SSH keys and SSL certificates must be generated

DSSL certificates must be generated

Answer : A

Question 4

A web server is hosted in the DMZ and the server re configured to listen for income connections on TCP port 443. A Security policies rules allowing access from the Trust zone to the DMZ zone needs to be configured to allow web-browsing access. The web server host its contents over Traffic from Trust to DMZ is being decrypted with a Forward Proxy rule.

Which combination of service and application, and order of Security policy rules needs to be configured to allow cleaned web-browsing traffic to the server on tcp/443?

ARule# 1 application: ssl; service application-default: action allow
Role # 2 application web browsing, service application default, action allow

BRule #1application web-browsing, service service imp action allow
Rule #2 application ssl. service application -default, action allow

CRule#1 application web-brows.no service application-default, action allow
Rule #2 application ssl. Service application-default, action allow

DRule#1application: web-biows.no; service service-https action allow
Rule#2 application ssl. Service application-default, action allow

Answer : C

Question 5

Which administrative authentication method supports authorization by an external service?

ARADIUS

BSSH keys

CCertification

DLDAP

Answer : B

Question 6

Which administrative authentication method supports authorization by an external service?

ARADIUS

BSSH keys

CCertification

DLDAP

Answer : A

Question 7

Which two benefits come from assigning a Decrypting Profile to a Decryption rule with a'' NO Decrypt'' action? (Choose two.)

ABlock sessions with unsuspected cipher suites

BBlock sessions with untrusted issuers

CBlock credential phishing.

DBlock sessions with client authentication

EBlock sessions with expired certificates

Answer : B, E

Palo Alto Networks Certified Network Security Consultant Exam Practice Test

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7