Certification Provider: PaloaltoExam: Paloalto Certified Network Security ConsultantExam Code: PCNSCTotal Question: 62Question per Quiz: 60Updated On: 31 March 2025Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam. 1. In an HA active/active configuration, what is the purpose of APR load sharing? protect internal networks from an ARP flooding attack sync the ARP table between the two firewalls share all IP addresses and provide Layer 4 through Layer 7 services when failure is detected share an IP address and provide gateway services None 2. In a HA active/active configuration, which task does the session setup firewall perform? NAT Traffic log generation threat scanning decryption None 3. A customer’s Palo Alto Networks NGFW currently has only one security policy allowing all traffic. They have identified that this is a substantial security risk and have heard that the Expedition tool can help them extract security policies from an “allow any” rule. What should the consultant say about Expedition? By using the Machine Learning feature, Expedition can parse the traffic log files related to the policy and extract security rules for matching traffic. Live firewall traffic can be viewed on Expedition when connected to a firewall, and Expedition can automatically create and push policies to the firewall. The log flies can be viewed on Expedition, and right-clicking a log entry gives the option to create security policy from the log entry. Expedition cannot parse log files and therefore cannot be used for this purpose. None 4. In Panorama, the web interface displays the security rules in evaluation order. Organize the security rules in the order in which they will be evaluated? Shared pre-rules -> Device group pre-rules -> Local firewall-rules ->Device group post-rules -> Shared post-rules Shared pre-rules ->Local firewall-rules -> Device group pre-rules ->Device group post-rules -> Shared post-rules Shared pre-rules -> Device group pre-rules ->Device group post-rules -> Shared post-rules -> Local firewall-rules Shared pre-rules -> Shared post-rules -> Device group pre-rules -> Local firewall-rules ->Device group post-rules None 5. Instead of disabling App-IDs regularly, a security policy rule is going to be configured to temporarily allow new App-IDs. In which two circumstances is it valid to disable App-IDs as part of content update? (Choose two.) when you want to immediately benefit from the latest threat prevention when planning to enable the App-IDs immediately when disabling facebook-base to disable all other Facebook App-IDs when an organization operates a mission-critical network and has zero tolerance for downtime 6. A customer has firewalls deployed at multiple data centers globally, and which are managed by a single Panorama pair. Each data center has multiple PA-7080 firewalls running PAN-OS 9.0. What are two recommended logging infrastructures across the data centers if the customer needs to log? (Choose two.) Distributed log collector Single log collector in the main data center Mixed mode Panorama Cortex Data Lake 7. Which are two commands required to upgrade Expedition? (Choose two.) sudo apt-get install expedition-beta sudo apt-get update sudo apt-get upgrade all sudo apt-get update expedition 8. What is the preferred method for gathering User-ID mappings from Citrix VDI servers? GlobalProtect with an internal gateway The Terminal Services agent Agentless Server Monitoring The Windows User-ID agent None 9. An existing customer who has deployed several Palo Alto Networks Next-Generation Firewalls would like to start using Device-ID to obtain policy rule recommendations. They have also purchased a Support license, a Threat license, a URL Filtering license, and a WildFire license for each firewall. What additional license do they need to purchase? an IoT Security license for the perimeter firewall an Enterprise Data Loss Prevention (DLP) license an IoT Security license for each deployed firewall a Cortex Data Lake license None 10. Identify the Stakeholder with their Role when planning a Firewall, Panorama, and Cortex XDR Deployment. Select correct 4 Security Operation Analyst -> Manages the alerts and responds to threats identified to the network or endpoints. Security Administrator-> Determines the security, logging, reporting requirement and manages the security policy Security Administrator -> Manages the software distribution method for Cortex XDR Client Security Engineer -> Determines the security, logging, reporting requirement and manages the security policy Network Engineer -> manages the routing, switching, and general device interconnectivity Security Engineer-> Manages the software distribution method for Cortex XDR Client None 11. In Expedition, which objects are classified as “Ghost objects”? Unused address objects Address objects that are not part of an Address Group Addresses imported from Security and NAT policies without corresponding address objects. Address objects that are not applied in Security or NAT policies None 12. A customer has a pair of Panorama HA appliances running local log collectors and wants to have log redundancy on logs forwarded from firewalls. Which two configuration options fulfill the customer’s requirement for log redundancy? (Choose two.) Panorama configured in HA provides log redundancy. A Collector Group must contain at least two Log Collectors. Log redundancy must be enabled per Collector Group. Panorama operational mode needs to be Dedicated Log Collector. Time's up
