ExamGecko
Login
Home / Palo Alto Networks / PCNSA / List of questions
Ask Question

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 10

List of questions

Question 91

Report
Export
Collapse

Which statements is true regarding a Heatmap report?

When guided by authorized sales engineer, it helps determine te areas of greatest security risk.
When guided by authorized sales engineer, it helps determine te areas of greatest security risk.
It provides a percentage of adoption for each assessment area.
It provides a percentage of adoption for each assessment area.
It runs only on firewall.
It runs only on firewall.
It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture.
It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture.
Suggested answer: B

Explanation:

Reference: https://live.paloaltonetworks.com/t5/best-practice-assessment-blogs/the-best-practiceassessment-bpa-tool-for-ngfw-and-panorama/ba-p/248343

asked 23/09/2024
Vusani Nedzungani
50 questions

Question 92

Report
Export
Collapse

Starting with PAN_OS version 9.1 which new type of object is supported for use within the user field of a security policy rule?

local username
local username
dynamic user group
dynamic user group
remote username
remote username
static user group
static user group
Suggested answer: B
asked 23/09/2024
PATRICK ADUSEI
45 questions

Question 93

Report
Export
Collapse

Which two statements are true for the DNS security service introduced in PAN-OS version 10.0?

It functions like PAN-DB and requires activation through the app portal.
It functions like PAN-DB and requires activation through the app portal.
It removes the 100K limit for DNS entries for the downloaded DNS updates.
It removes the 100K limit for DNS entries for the downloaded DNS updates.
IT eliminates the need for dynamic DNS updates.
IT eliminates the need for dynamic DNS updates.
IT is automatically enabled and configured.
IT is automatically enabled and configured.
Suggested answer: A, B
asked 23/09/2024
ACHILLE CARROLL
43 questions

Question 94

Report
Export
Collapse

Which three statement describe the operation of Security Policy rules or Security Profiles? (Choose three)

Security policy rules inspect but do not block traffic.
Security policy rules inspect but do not block traffic.
Security Profile should be used only on allowed traffic.
Security Profile should be used only on allowed traffic.
Security Profile are attached to security policy rules.
Security Profile are attached to security policy rules.
Security Policy rules are attached to Security Profiles.
Security Policy rules are attached to Security Profiles.
Security Policy rules can block or allow traffic.
Security Policy rules can block or allow traffic.
Suggested answer: B, C, E
asked 23/09/2024
Elizaveta Kutuzova
54 questions

Question 95

Report
Export
Collapse

Based on the screenshot what is the purpose of the included groups?

Palo Alto Networks PCNSA image Question 95 53910 09232024001155000000

They are only groups visible based on the firewall's credentials.
They are only groups visible based on the firewall's credentials.
They are used to map usernames to group names.
They are used to map usernames to group names.
They contain only the users you allow to manage the firewall.
They contain only the users you allow to manage the firewall.
They are groups that are imported from RADIUS authentication servers.
They are groups that are imported from RADIUS authentication servers.
Suggested answer: B

Explanation:

Reference:

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/map-users-to-groups.html

asked 23/09/2024
ALAEDDINE BENMAKHLOUF
46 questions

Question 96

Report
Export
Collapse

What is an advantage for using application tags?

They are helpful during the creation of new zones
They are helpful during the creation of new zones
They help with the design of IP address allocations in DHCP.
They help with the design of IP address allocations in DHCP.
They help content updates automate policy updates
They help content updates automate policy updates
They help with the creation of interfaces
They help with the creation of interfaces
Suggested answer: C
asked 23/09/2024
Aparecido Lemos
34 questions

Question 97

Report
Export
Collapse

Which operations are allowed when working with App-ID application tags?

Predefined tags may be deleted.
Predefined tags may be deleted.
Predefined tags may be augmented by custom tags.
Predefined tags may be augmented by custom tags.
Predefined tags may be modified.
Predefined tags may be modified.
Predefined tags may be updated by WildFire dynamic updates.
Predefined tags may be updated by WildFire dynamic updates.
Suggested answer: B
asked 23/09/2024
Sebastian van de Zweerde
43 questions

Question 98

Report
Export
Collapse

You need to allow users to access the officeñsuite application of their choice. How should you configure the firewall to allow access to any office-suite application?

Create an Application Group and add Office 365, Evernote Google Docs and Libre Office
Create an Application Group and add Office 365, Evernote Google Docs and Libre Office
Create an Application Group and add business-systems to it.
Create an Application Group and add business-systems to it.
Create an Application Filter and name it Office Programs, then filter it on the office programs subcategory.
Create an Application Filter and name it Office Programs, then filter it on the office programs subcategory.
Create an Application Filter and name it Office Programs then filter on the business-systems category.
Create an Application Filter and name it Office Programs then filter on the business-systems category.
Suggested answer: C
asked 23/09/2024
Nils Stelling
26 questions

Question 99

Report
Export
Collapse

In which profile should you configure the DNS Security feature?

URL Filtering Profile
URL Filtering Profile
Anti-Spyware Profile
Anti-Spyware Profile
Zone Protection Profile
Zone Protection Profile
Antivirus Profile
Antivirus Profile
Suggested answer: B

Explanation:

Reference:

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/threat-prevention/dnssecurity/enable- dnssecurity.html

asked 23/09/2024
nebaba monda
42 questions

Question 100

Report
Export
Collapse

Access to which feature requires PAN-OS Filtering licens?

PAN-DB database
PAN-DB database
URL external dynamic lists
URL external dynamic lists
Custom URL categories
Custom URL categories
DNS Security
DNS Security
Suggested answer: A

Explanation:

Reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/activatelicenses-and-subscriptions.html

asked 23/09/2024
Vladimir Kornfeld
41 questions
Total 362 questions
Go to page: of 37
Open VPLUS File
Convert VPLUS to PDF

Related questions

An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_base. On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days. Based on the information, how is the SuperApp traffic affected after the 30 days have passed?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which firewall plane provides configuration, logging, and reporting functions on a separate processor?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which order of steps is the correct way to create a static route?
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)