PCNSC Online Practice Questions and Answers

A web server is hosted in the DMZ and the server re configured to listen for income connections on TCP port 443. A Security policies rules allowing access from the Trust zone to the DMZ zone needs to be configured to allow web-browsing access. The web server host its contents over Traffic from Trust to DMZ is being decrypted with a Forward Proxy rule.

Which combination of service and application, and order of Security policy rules needs to be configured to allow cleaned web-browsing traffic to the server on tcp/443?

A. Rule# 1 application: ssl; service application-default: action allow Role # 2 application web browsing, service application default, action allow

B. Rule #1application web-browsing, service service imp action allow Rule #2 application ssl. service application -default, action allow

C. Rule#1 application web-brows.no service application-default, action allow Rule #2 application ssl. Service application-default, action allow

D. Rule#1application: web-biows.no; service service-https action allow Rule#2 application ssl. Service application-default, action allow

Which three authentication faction factors does PAN-OS software support for MFA? (Choose three.)

A. Voice

B. Pull

C. SMS

D. Push

E. Okta Adaptive

Which CLI command enables an administrator to view detail about the firewall including uptime. PAN -OS version, and serial number?

A. debug system details

B. Show system detail

C. Show system info

D. Show session info

VPN traffic intended for an administrator's Palo Alto Networks NGfW is being maliciously intercepted and retransmitted by the interceptor. When Creating a VPN tunnel, which protection profile cm be enabled to prevent this malicious behavior?

A. zone Protection

B. Web Application

C. DoS Protection

D. Replay

When is the content inspection performed in the packet flow process?

A. after the SSL Proxy re-encrypts the packet

B. before the packet forwarding process

C. after the application has been identified

D. before session lookup

Which three options are supposed in HA Lite? (Choose three.)

A. Configuration synchronization

B. Virtual link

C. active/passive deployment

D. session synchronization

E. synchronization of IPsec security associations

Which DoS protection mechanism detects and prevents session exhaustion attacks?

A. TCP Port Scan Protection

B. Flood Protection

C. Resource Protection

D. Pocket Based Attack Protection

Which CLI command is used to simulate traffic goingthrough the firewall and determine which Security policy rule, NAT translation, static route, or PBF rule will be triggered by the traffic?

A. check

B. find

C. test

D. sim

A network security engineer is asked to provide a report on bandwidth usage. Which tab in the ACC provides the information needed to create the report?

A. Blocked Activity

B. Bandwidth Activity

C. Threat Activity

D. Network Activity

An administrator accidentally closed the commit window/screen before the commit was finished. Which two options could the administrator use to verify the progress or success of that commit task? (Choose two.)

A. Option A

B. Option B

C. Option C

D. Option D