PCNSA: Palo Alto Networks Certified Network Security Administrator

A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_base.

On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days.

Based on the information, how is the SuperApp traffic affected after the 30 days have passed?

Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?

Which action would an administrator take to ensure that a service object will be available only to the selected device group?

Which firewall plane provides configuration, logging, and reporting functions on a separate processor?

Review the Screenshot:

Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the

SERVER zone to the DMZ on SSH only.

Which rule group enables the required traffic?

A)

B)

C)

D)

An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains.

Which type of single unified engine will get this result?

Which order of steps is the correct way to create a static route?

Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?

What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)