Free Palo Alto Networks Certified Network Security Consultant PCNSC Exam Practice Test

An administrator has enabled OSPF on a virtual router on the NGFW OSPF is not adding new routes to the virtual router.Which two options enable the administrator top troubleshoot this issue? (Choose two.)

• Perform a traffic pcap at the routing stage.
  
• View System logs.
  
• Add a redistribution profile to forward as BGP updates.
  
• View Runtime Status virtual router.
  

An administrator has users accessing network resources through Citrix XenApp 7 .x. Which User-ID mapping solution will map multiple mat who using Citrix to connect to the network and access resources?

• Client Probing
  
• Globa1Protect
  
• Terminal Services agent
  
• Syslog Monitoring
  

Which option would an administration choose to define the certificate and protect that Panorama and its managed devices uses for SSL/ITS services?

• Set Up SSL/TLS under Policies > Service/URL Category > Service.
  
• Configure on SSL/TLS Profile.
  
• Configure a Decryption Profile and select SSL/TLS services.
  
• Set up Security policy rule to allow SSL communication.
  

A client has a sensitive application server in their data center and is particularly concerned about resource exhaustion because of distributed denial-of-service attacks.How can the Palo Alto Networks NGFW be configured to specifically protect tins server against resource exhaustion originating from multiple IP address (DDoS attack)?

• Define a custom App-ID to ensure that only legitimate application traffic reaches the server
  
• Add a DoS Protection Profile with defined session count.
  
• Add a Vulnerability Protection Profile to block the attack.
  
• Add QoS Profiles to throttle incoming requests.
  

An administrator accidentally closed the commit window/screen before the commit was finished. Which two options could the administrator use to verify the progress or success of that commit task? (Choose two.)

• Option
  

  

• Option
  

  

• Option
  

  

• Option
  

  

Which two benefits come from assigning a Decrypting Profile to a Decryption rule with a'' NO Decrypt'' action? (Choose two.)

• Block sessions with unsuspected cipher suites
  
• Block sessions with untrusted issuers
  
• Block credential phishing.
  
• Block sessions with client authentication
  
• Block sessions with expired certificates
  

A global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck near the User-ID agent server. Which solution in PAN -OS software would help in this case?

• content inspection
  
• application override
  
• Virtual Wire mode
  
• redistribution of user mappings
  

Winch three steps will reduce the CPU utilization on the management plane? (Choose three. ) Disable logging at session start in Security policies.

• Disable predefined reports.
  
• Reduce the traffic being decrypted by the firewall.
  
• Disable SNMP on the management interface.
  
• Application override of SSL application.
  

A firewall administrator has been asked to configure a Palo Alto Networks NGFW to prevent against compromised hosts trying to phone-number or bacon out to eternal command-and-control (C2) servers.Which Security Profile type will prevent these behaviors?

• Vulnerability Protection
  
• Antivirus
  
• Wildfire
  
• Anti-Spyware
  

An administrator has been asked to configure active/active HA for a pair of Palo Alto Networks NGFWs. The firewalls use layer 3 interface to send traffic to a single gateway IP for the pair.Which configuration will enable this HA scenario?

• The firewall do not use floating IPs in active/active HA.
  
• The two firewalls will share a single floating IP and will use gratuitous ARP to share the floating IP.
  
• The firewalls will share the same interface IP address, and device 1 will use the floating IP if device 0 fails.
  
• Each firewall will have a separate floating IP. and priority will determine which firewall has the primary IP.