Free Palo Alto Networks Certified Network Security Consultant PCNSC Exam Practice Test

Which PAN-OS policy must you configure to force a user to provide additional credential before he is allowed to access an internal application that contains highly sensitive business data?

• Authentication policy
  
• Decryption policy
  
• Security policy
  
• Application Override policy
  

An administrator has created an SSL Decryption policy rule that decrypts SSL sessions on any port. Which log entry can the administrator use to verify that sessions are being decrypted?

• Decryption tag
  
• In the details of the Threat log entries
  
• In the details of the Traffic log entries
  
• Data filtering log
  

How would an administrator monitor/capture traffic on the management interface of the Palo Alto Networks NGFW?

• Use the tcpdump command
  
• Use the debug dataplane packet-diag set capture stage management file command
  
• USe the debug dataplane packet-dia set capture stage firewall file command
  
• Enable all four stage of traffic capture (TX, RX, DROP, Firewall)
  

Which prerequisite must be satisfied before creating an SSH proxy Decryption policy?

• No prerequisites are required
  
• SSH keys must be manually generated
  
• Both SSH keys and SSL certificates must be generated
  
• SSL certificates must be generated
  

An administrator sees several inbound sessions identified as unknown tcp in the Traffic logs. The administrator determines that these sessions are from external users accessing the company's propriety accounting application. The administrator wants to reliability identity this as their accounting application and to scan this traffic for threats.Which option would achieve this result?

• Create an Application Override policy and a custom threat signature for the application.
  
• Create a custom App-ID and use the 'ordered condition cheek box.
  
• Create an Application Override policy
  
• Create a custom App-ID and enable scanning on the advanced tab.
  

Which two action would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL forward proxy? (Choose two.)

• Configure an EDL to pull IP Addresses of known sites resolved from a CRL.
  
• Create a Security Policy rule with vulnerability Security Profile attached.
  
• Create a no-decrypt Decryption Policy rule.
  
• Enable the 'Block seasons with untrusted Issuers- setting.
  
• Configure a Dynamic Address Group for untrusted sites.
  

How does Panorama prompt VMware NSX to quarantine an in6erface VM??

• Syslog Server Profile
  
• Email Server Profile
  
• SNMP Server Profile
  
• HTTP Server Profile
  

If an administrator wants to decrypt SMTP traffic and possesses the saver's certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to inspect traffic to the server?

• TLS Bidirectional Inspection
  
• SSL Inbound Inspection
  
• SSH Forward now proxy
  
• SMTP inbound Decryption
  

During the packet flow process, which two processes are performed in application identification? (Choose two.)

• Application changed from content inspection
  
• session application identified
  
• pattern based application identification
  
• application override policy match
  

An administrator deploys PA-500 NGFWs as an active/passive high availability pair . The devices are not participating in dynamic router and preemption is disabled.What must be verified to upgrade the firewalls to the most recent version of PAN OS software?

• Antivirus update package
  
• Applications and Threats update package
  
• Wildfire update package
  
• User-ID agent