ExamGecko
Login
Home / Palo Alto Networks / PCNSA / List of questions
Ask Question

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 11

List of questions

Question 101

Report Export Collapse

You must configure which firewall feature to enable a data-plane interface to submit DNS queries on behalf of the control plane?

Admin Role profile
Admin Role profile
virtual router
virtual router
DNS proxy
DNS proxy
service route
service route
Suggested answer: A
asked 23/09/2024
Melvin Masina
38 questions

Question 102

Report Export Collapse

Which license must an administrator acquire prior to downloading Antivirus updates for use with the firewall?

URL filtering
URL filtering
Antivirus
Antivirus
WildFire
WildFire
Threat Prevention
Threat Prevention
Suggested answer: D
asked 23/09/2024
Siddig Ahmed
50 questions

Question 103

Report Export Collapse

Which definition describes the guiding principle of the zero-trust architecture?

never trust, never connect
never trust, never connect
always connect and verify
always connect and verify
never trust, always verify
never trust, always verify
trust, but verity
trust, but verity
Suggested answer: C
Explanation:

Reference:

https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture

asked 23/09/2024
Sasha Grib
49 questions

Question 104

Report Export Collapse

Four configuration choices are listed, and each could be used to block access to a specific URL. If you configured each choices to block the sameURL then which choice would be the last to block access to the URL?

EDL in URL Filtering Profile.
EDL in URL Filtering Profile.
Custom URL category in Security Policy rule.
Custom URL category in Security Policy rule.
Custom URL category in URL Filtering Profile.
Custom URL category in URL Filtering Profile.
PAN-DB URL category in URL Filtering Profile.
PAN-DB URL category in URL Filtering Profile.
Suggested answer: D
Explanation:

The precedence is from the top down; First Match Wins: 1) Block list: Manually entered blocked URLsObjects - 2) Allow list: Manually entered allowed URLs Objects - 3) Custom URL Categories - 4) CachedCached: URLs learned from External Dynamic Lists (EDLs) - 5) Pre-Defined Categories: PAN-DB orBrightcloud categories.



asked 23/09/2024
Ehsan Ali
44 questions

Question 105

Report Export Collapse

The CFO found a malware infected USB drive in the parking lot, which when inserted infected their corporate laptop the malware contacted a known command-and-control server which exfiltrating corporate data.

Which Security profile feature could have been used to prevent the communications with the command-and-control server?

Create a Data Filtering Profile and enable its DNS sinkhole feature.
Create a Data Filtering Profile and enable its DNS sinkhole feature.
Create an Antivirus Profile and enable its DNS sinkhole feature.
Create an Antivirus Profile and enable its DNS sinkhole feature.
Create an Anti-Spyware Profile and enable its DNS sinkhole feature.
Create an Anti-Spyware Profile and enable its DNS sinkhole feature.
Create a URL Filtering Profile and block the DNS sinkhole URL category.
Create a URL Filtering Profile and block the DNS sinkhole URL category.
Suggested answer: C
asked 23/09/2024
marwan albahar
38 questions

Question 106

Report Export Collapse

Which two features can be used to tag a user name so that it is included in a dynamic user group?

(Choose two)

XML API
XML API
log forwarding auto-tagging
log forwarding auto-tagging
GlobalProtect agent
GlobalProtect agent
User-ID Windows-based agent
User-ID Windows-based agent
Suggested answer: A, D
Explanation:

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/url-filtering/url-filtering-concepts/urlfiltering-profile-actions

asked 23/09/2024
Dinuka Darshana
45 questions

Question 107

Report Export Collapse

Based on the security policy rules shown, ssh will be allowed on which port?

Palo Alto Networks PCNSA image Question 107 53922 09232024001155000000

any port
any port
same port as ssl and snmpv3
same port as ssl and snmpv3
the default port
the default port
only ephemeral ports
only ephemeral ports
Suggested answer: C
asked 23/09/2024
Takenobu Tanida
37 questions

Question 108

Report Export Collapse

Which action results in the firewall blocking network traffic with out notifying the sender?

Drop
Drop
Deny
Deny
Reset Server
Reset Server
Reset Client
Reset Client
Suggested answer: B
asked 23/09/2024
Sander de Beus
41 questions

Question 109

Report Export Collapse

All users from the internal zone must be allowed only Telnet access to a server in the DMZ zone.

Complete the two empty fields in the Security Policy rules that permits only this type of access.

Source Zone: Internal Destination Zone: DMZ Zone Application: _________? Service: ____________?

Action: allow

Choose two.

Service = "any"
Service = "any"
Application = "Telnet"
Application = "Telnet"
Service - "application-default"
Service - "application-default"
Application = "any"
Application = "any"
Suggested answer: B, C
asked 23/09/2024
Bryan Smith
45 questions

Question 110

Report Export Collapse

Which type of administrative role must you assign to a firewall administrator account, if the account must include a custom set of firewall permissions?

SAML
SAML
Multi-Factor Authentication
Multi-Factor Authentication
Role-based
Role-based
Dynamic
Dynamic
Suggested answer: C
Explanation:

Reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewalladministration/manage-firewall-administrators/administrative-role-types.html

asked 23/09/2024
Shawn Sullivan
43 questions
Total 362 questions
Go to page: of 37
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_base. On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days. Based on the information, how is the SuperApp traffic affected after the 30 days have passed?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which firewall plane provides configuration, logging, and reporting functions on a separate processor?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which order of steps is the correct way to create a static route?
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)