ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSA

Palo Alto Networks PCNSA Practice Test - Questions Answers

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which order of steps is the correct way to create a static route?
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)
An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)
Which statement is true about Panorama managed devices?
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)

Question 1

Report
Export
Collapse

Which firewall plane provides configuration, logging, and reporting functions on a separate processor?

A.
control
A.
control
Answers
B.
network processing
B.
network processing
Answers
C.
data
C.
data
Answers
D.
security processing
D.
security processing
Answers
Suggested answer: A

Question 2

Report
Export
Collapse

A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_base.

On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days.

Based on the information, how is the SuperApp traffic affected after the 30 days have passed?

A.
All traffic matching the SuperApp_chat, and SuperApp_download is denied because it no longer matches the SuperApp-base application
A.
All traffic matching the SuperApp_chat, and SuperApp_download is denied because it no longer matches the SuperApp-base application
Answers
B.
No impact because the apps were automatically downloaded and installed
B.
No impact because the apps were automatically downloaded and installed
Answers
C.
No impact because the firewall automatically adds the rules to the App-ID interface
C.
No impact because the firewall automatically adds the rules to the App-ID interface
Answers
D.
All traffic matching the SuperApp_base, SuperApp_chat, and SuperApp_download is denied until the security administrator approves the applications
D.
All traffic matching the SuperApp_base, SuperApp_chat, and SuperApp_download is denied until the security administrator approves the applications
Answers
Suggested answer: A

Explanation:

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/app-id/manage-new-app-idsintroduced-in-content-releases/review-new-app-id-impact-on-existing-policy-rules

Question 3

Report
Export
Collapse

How many zones can an interface be assigned with a Palo Alto Networks firewall?

A.
two
A.
two
Answers
B.
three
B.
three
Answers
C.
four
C.
four
Answers
D.
one
D.
one
Answers
Suggested answer: D

Explanation:

References:

Question 4

Report
Export
Collapse

Which two configuration settings shown are not the default? (Choose two.)

A.
Enable Security Log
A.
Enable Security Log
Answers
B.
Server Log Monitor Frequency (sec)
B.
Server Log Monitor Frequency (sec)
Answers
C.
Enable Session
C.
Enable Session
Answers
D.
Enable Probing
D.
Enable Probing
Answers
Suggested answer: B, C

Explanation:

References:

Question 5

Report
Export
Collapse

Which data-plane processor layer of the graphic shown provides uniform matching for spyware and vulnerability exploits on a Palo Alto Networks Firewall?

A.
Signature Matching
A.
Signature Matching
Answers
B.
Network Processing
B.
Network Processing
Answers
C.
Security Processing
C.
Security Processing
Answers
D.
Security Matching
D.
Security Matching
Answers
Suggested answer: A

Question 6

Report
Export
Collapse

Which option lists the attributes that are selectable when setting up an Application filters?

A.
Category, Subcategory, Technology, and Characteristic
A.
Category, Subcategory, Technology, and Characteristic
Answers
B.
Category, Subcategory, Technology, Risk, and Characteristic
B.
Category, Subcategory, Technology, Risk, and Characteristic
Answers
C.
Name, Category, Technology, Risk, and Characteristic
C.
Name, Category, Technology, Risk, and Characteristic
Answers
D.
Category, Subcategory, Risk, Standard Ports, and Technology
D.
Category, Subcategory, Risk, Standard Ports, and Technology
Answers
Suggested answer: B

Explanation:

Reference:

https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-web-interface-help/objects/objectsapplication-filters

Question 7

Report
Export
Collapse

Actions can be set for which two items in a URL filtering security profile? (Choose two.)

A.
Block List
A.
Block List
Answers
B.
Custom URL Categories
B.
Custom URL Categories
Answers
C.
PAN-DB URL Categories
C.
PAN-DB URL Categories
Answers
D.
Allow List
D.
Allow List
Answers
Suggested answer: A, D

Explanation:

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/url-filtering/url-filtering-concepts/urlfiltering-profile-actions

Question 8

Report
Export
Collapse

Which two statements are correct about App-ID content updates? (Choose two.)

A.
Updated application content may change how security policy rules are enforced
A.
Updated application content may change how security policy rules are enforced
Answers
B.
After an application content update, new applications must be manually classified prior to use
B.
After an application content update, new applications must be manually classified prior to use
Answers
C.
Existing security policy rules are not affected by application content updates
C.
Existing security policy rules are not affected by application content updates
Answers
D.
After an application content update, new applications are automatically identified and classified
D.
After an application content update, new applications are automatically identified and classified
Answers
Suggested answer: A, D

Question 9

Report
Export
Collapse

Which User-ID mapping method should be used for an environment with clients that do not authenticate to Windows Active Directory?

A.
Windows session monitoring via a domain controller
A.
Windows session monitoring via a domain controller
Answers
B.
passive server monitoring using the Windows-based agent
B.
passive server monitoring using the Windows-based agent
Answers
C.
Captive Portal
C.
Captive Portal
Answers
D.
passive server monitoring using a PAN-OS integrated User-ID agent
D.
passive server monitoring using a PAN-OS integrated User-ID agent
Answers
Suggested answer: C

Explanation:

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/user-id/map-ip-addresses-tousers/map-ip-addresses-to-usernames-using-captive-portal.html

Question 10

Report
Export
Collapse

An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment?

A.
Create an Application Filter and name it Office Programs, the filter it on the business-systems category, office-programs subcategory
A.
Create an Application Filter and name it Office Programs, the filter it on the business-systems category, office-programs subcategory
Answers
B.
Create an Application Group and add business-systems to it
B.
Create an Application Group and add business-systems to it
Answers
C.
Create an Application Filter and name it Office Programs, then filter it on the business-systems category
C.
Create an Application Filter and name it Office Programs, then filter it on the business-systems category
Answers
D.
Create an Application Group and add Office 365, Evernote, Google Docs, and Libre Office
D.
Create an Application Group and add Office 365, Evernote, Google Docs, and Libre Office
Answers
Suggested answer: A

Explanation:

An application filter is an object that dynamically groups applications based on application attributes that you define, including category, subcategory, technology, risk factor, and characteristic. This is useful when you want to safely enable access to applications that you do not explicitly sanction, but that you want users to be able to access. For example, you may want to enable employees to choose their own office programs (such as Evernote, Google Docs, or Microsoft

Office 365) for business use.

To safely enable these types of applications, you could create an application filter that matches on the Category business-systems and the Subcategory office-programs. As new applications office programs emerge and new App-IDs get created, these new applications will automatically match the filter you defined; you will not have to make any additional changes to your policy rulebase to safely enable any application that matches the attributes you defined for the filter.

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/app-id/use-application-objects-in -policy/create-an-application-filter.html

Total 362 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms