ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSA

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 11

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which order of steps is the correct way to create a static route?
Which statement is true about Panorama managed devices?
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)
An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)

Question 101

Report
Export
Collapse

You must configure which firewall feature to enable a data-plane interface to submit DNS queries on behalf of the control plane?

A.
Admin Role profile
A.
Admin Role profile
Answers
B.
virtual router
B.
virtual router
Answers
C.
DNS proxy
C.
DNS proxy
Answers
D.
service route
D.
service route
Answers
Suggested answer: A

Question 102

Report
Export
Collapse

Which license must an administrator acquire prior to downloading Antivirus updates for use with the firewall?

A.
URL filtering
A.
URL filtering
Answers
B.
Antivirus
B.
Antivirus
Answers
C.
WildFire
C.
WildFire
Answers
D.
Threat Prevention
D.
Threat Prevention
Answers
Suggested answer: D

Question 103

Report
Export
Collapse

Which definition describes the guiding principle of the zero-trust architecture?

A.
never trust, never connect
A.
never trust, never connect
Answers
B.
always connect and verify
B.
always connect and verify
Answers
C.
never trust, always verify
C.
never trust, always verify
Answers
D.
trust, but verity
D.
trust, but verity
Answers
Suggested answer: C

Explanation:

Reference:

https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture

Question 104

Report
Export
Collapse

Four configuration choices are listed, and each could be used to block access to a specific URL. If you configured each choices to block the sameURL then which choice would be the last to block access to the URL?

A.
EDL in URL Filtering Profile.
A.
EDL in URL Filtering Profile.
Answers
B.
Custom URL category in Security Policy rule.
B.
Custom URL category in Security Policy rule.
Answers
C.
Custom URL category in URL Filtering Profile.
C.
Custom URL category in URL Filtering Profile.
Answers
D.
PAN-DB URL category in URL Filtering Profile.
D.
PAN-DB URL category in URL Filtering Profile.
Answers
Suggested answer: D

Explanation:

The precedence is from the top down; First Match Wins: 1) Block list: Manually entered blocked URLsObjects - 2) Allow list: Manually entered allowed URLs Objects - 3) Custom URL Categories - 4) CachedCached: URLs learned from External Dynamic Lists (EDLs) - 5) Pre-Defined Categories: PAN-DB orBrightcloud categories.



Question 105

Report
Export
Collapse

The CFO found a malware infected USB drive in the parking lot, which when inserted infected their corporate laptop the malware contacted a known command-and-control server which exfiltrating corporate data.

Which Security profile feature could have been used to prevent the communications with the command-and-control server?

A.
Create a Data Filtering Profile and enable its DNS sinkhole feature.
A.
Create a Data Filtering Profile and enable its DNS sinkhole feature.
Answers
B.
Create an Antivirus Profile and enable its DNS sinkhole feature.
B.
Create an Antivirus Profile and enable its DNS sinkhole feature.
Answers
C.
Create an Anti-Spyware Profile and enable its DNS sinkhole feature.
C.
Create an Anti-Spyware Profile and enable its DNS sinkhole feature.
Answers
D.
Create a URL Filtering Profile and block the DNS sinkhole URL category.
D.
Create a URL Filtering Profile and block the DNS sinkhole URL category.
Answers
Suggested answer: C

Question 106

Report
Export
Collapse

Which two features can be used to tag a user name so that it is included in a dynamic user group?

(Choose two)

A.
XML API
A.
XML API
Answers
B.
log forwarding auto-tagging
B.
log forwarding auto-tagging
Answers
C.
GlobalProtect agent
C.
GlobalProtect agent
Answers
D.
User-ID Windows-based agent
D.
User-ID Windows-based agent
Answers
Suggested answer: A, D

Explanation:

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/url-filtering/url-filtering-concepts/urlfiltering-profile-actions

Question 107

Report
Export
Collapse

Based on the security policy rules shown, ssh will be allowed on which port?

A.
any port
A.
any port
Answers
B.
same port as ssl and snmpv3
B.
same port as ssl and snmpv3
Answers
C.
the default port
C.
the default port
Answers
D.
only ephemeral ports
D.
only ephemeral ports
Answers
Suggested answer: C

Question 108

Report
Export
Collapse

Which action results in the firewall blocking network traffic with out notifying the sender?

A.
Drop
A.
Drop
Answers
B.
Deny
B.
Deny
Answers
C.
Reset Server
C.
Reset Server
Answers
D.
Reset Client
D.
Reset Client
Answers
Suggested answer: B

Question 109

Report
Export
Collapse

All users from the internal zone must be allowed only Telnet access to a server in the DMZ zone.

Complete the two empty fields in the Security Policy rules that permits only this type of access.

Source Zone: Internal Destination Zone: DMZ Zone Application: _________? Service: ____________?

Action: allow

Choose two.

A.
Service = "any"
A.
Service = "any"
Answers
B.
Application = "Telnet"
B.
Application = "Telnet"
Answers
C.
Service - "application-default"
C.
Service - "application-default"
Answers
D.
Application = "any"
D.
Application = "any"
Answers
Suggested answer: B, C

Question 110

Report
Export
Collapse

Which type of administrative role must you assign to a firewall administrator account, if the account must include a custom set of firewall permissions?

A.
SAML
A.
SAML
Answers
B.
Multi-Factor Authentication
B.
Multi-Factor Authentication
Answers
C.
Role-based
C.
Role-based
Answers
D.
Dynamic
D.
Dynamic
Answers
Suggested answer: C

Explanation:

Reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewalladministration/manage-firewall-administrators/administrative-role-types.html

Total 362 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms