PCNSC Online Practice Questions and Answers

Which feature prevents the submission of login information into website froms?

A. credential phishing prevention

B. file blocking

C. User-ID

D. data filtering

Which User-ID method should b configured to map addresses to usernames for users connected through a terminal server?

A. XFF header

B. Client probing

C. port mapping

D. server monitoring

An administrator has users accessing network resources through Citrix XenApp 7 .x.

Which User-ID mapping solution will map multiple mat who using Citrix to connect to the network and access resources?

A. Client Probing

B. Globa1Protect

C. Terminal Services agent

D. Syslog Monitoring

Which administrative authentication method supports authorization by an external service?

A. RADIUS

B. SSH keys

C. Certification

D. LDAP

A Security policy rule is configured with a Vulnerability Protection Profile and an action of Deny".

Which action will this configuration cause on the matched traffic?

A. The configuration is invalid it will cause the firewall to Skip this Security policy rule A warning will be displayed during a command.

B. The configuration is valid It will cause the firewall to deny the matched sessions. Any configured Security Profiles have no effect if the Security policy rule action is set to "Deny".

C. The configuration will allow the matched session unless a vulnerability signature is detected. The "Deny" action will supersede the per. defined, severity defined actions defined in the associated Vulnerability Protection Profile.

D. The configuration is invalid. The Profile Settings section will be- grayed out when the action is set to "Deny".

The firewall identified a popular application as a unknown-tcp. Which options are available to identify the application? (Choose two.)

A. Create a Security policy to identify the customer application.

B. Create a customer object for the customer application server to identify the custom application.

C. Submit an App-ID request to Palo Alto Networks.

D. Create a custom application.

Which version of Global Protect supports split tunneling based on destination domain, client process, and HTTP/HTTPs video streaming application?

A. Glovbalprotect version 4.0 with PAn-OS 8.0

B. Glovbalprotect version 4.1 with PAn-OS 8.1

C. Glovbalprotect version 4.0 with PAn-OS 8.1

D. Glovbalprotect version 4.1 with PAn-OS 8.0

An administrator pushes a new configuration from panorama to a pair of firewalls that are configured as active/passive HA pair. Which NGFW receives the configuration from panorama?

A. the active firewall, which then synchronizes to the passive firewall

B. the passive firewall, which then synchronizes to the active firewall

C. both the active and passive firewalls independently, with no synchronization afterward

D. both the active and passive firewalls, which then synchronizes with each other

Which three options are supposed in HA Lite? (Choose three.)

A. Configuration synchronization

B. Virtual link

C. active/passive deployment

D. session synchronization

E. synchronization of IPsec security associations

An administrator deploys PA-500 NGFWs as an active/passive high availability pair . The devices are not participating in dynamic router and preemption is disabled.

What must be verified to upgrade the firewalls to the most recent version of PAN OS software?

A. Antivirus update package

B. Applications and Threats update package

C. Wildfire update package

D. User-ID agent