CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Palo Alto Networks
  5. PCNSC

Free PCNSC Exam Braindumps (page: 5)

Page 4 of 19
PDF with 75 Questions

A Security policy rule is configured with a Vulnerability Protection Profile and an action of “Deny”.
Which action will this cause configuration on the matched traffic?

  1. The configuration is invalid. The Profile Settings section will be grayed out when the Action is set to “Deny”.
  2. The configuration will allow the matched session unless a vulnerability signature is detected. The “Deny” action will supersede the per-severity defined actions defined in the associated Vulnerability Protection Profile.
  3. The configuration is invalid. It will cause the firewall to skip this Security policy rule. A warning will be displayed during a commit.
  4. The configuration is valid. It will cause the firewall to deny the matched sessions. Any configured Security Profiles have no effect if the Security policy rule action is set to “Deny.”

Answer(s): D



Which DoS protection mechanism detects and prevents session exhaustion attacks?

  1. TCP Port Scan Protection
  2. Flood Protection
  3. Resource Protection
  4. Pocket Based Attack Protection

Answer(s): C



Refer to the exhibit.


An administrator wants multiple web servers in the DMZ to receive connections from the internet. Traffic destined for 206.15.22.9 port 80/TCP needs to be forwarded to the server at 10 1.22
Based on the information shown in the age, which NAT rule will forward web-browsing traffic correctly?

  1. Option A
  2. Option B
  3. Option C
  4. Option D

Answer(s): A



View the GlobalProtect configuration screen capture.

What is the purpose of this configuration?

  1. It forces an internal client to connect to an internal gateway at IP address 192 168 10 I.
  2. It configures the tunnel address of all internal clients lo an IP address range starting at 192 168 10 1.
  3. It forces the firewall to perform a dynamic DNS update, Which adds the internal gateway's hostname and IP address to the DNS server.
  4. It enables a Client to perform a reverse DNS lookup on 192 .168. 10 .1. to delect it is an internal client.

Answer(s): D






Post your Comments and Discuss Palo Alto Networks PCNSC exam with other Community members:

PCNSC Discussions & Posts