ExamGecko
Login
Home / Palo Alto Networks / PCNSA / List of questions
Ask Question

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 12

List of questions

Question 111

Report
Export
Collapse

The PowerBall Lottery has reached an unusually high value this week. Your company has decided to raise morale by allowing employees to access the PowerBall Lottery website (www.powerball.com) for just this week. However, the company does not want employees to access any other websites also listed in the URL filtering "gambling" category.

Which method allows the employees to access the PowerBall Lottery website but without unblocking access to the "gambling" URL category?

Add just the URL www.powerball.com to a Security policy allow rule.
Add just the URL www.powerball.com to a Security policy allow rule.
Manually remove powerball.com from the gambling URL category.
Manually remove powerball.com from the gambling URL category.
Add *.powerball.com to the URL Filtering allow list.
Add *.powerball.com to the URL Filtering allow list.
Create a custom URL category, add *.powerball.com to it and allow it in the Security Profile.
Create a custom URL category, add *.powerball.com to it and allow it in the Security Profile.
Suggested answer: C, D
asked 23/09/2024
Rebecca Gillespie
40 questions

Question 112

Report
Export
Collapse

Which type of administrator account cannot be used to authenticate user traffic flowing through the firewall's data plane?

Kerberos user
Kerberos user
SAML user
SAML user
local database user
local database user
local user
local user
Suggested answer: B
asked 23/09/2024
TREVOR COLLEDGE
45 questions

Question 113

Report
Export
Collapse

Access to which feature requires the PAN-OS Filtering license?

PAN-DB database
PAN-DB database
DNS Security
DNS Security
Custom URL categories
Custom URL categories
URL external dynamic lists
URL external dynamic lists
Suggested answer: A

Explanation:

Reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/activatelicenses-andsubscriptions.html

asked 23/09/2024
Cristian Pernia
42 questions

Question 114

Report
Export
Collapse

You receive notification about new malware that is being used to attack hosts The malware exploits a software bug in a common application Which Security Profile detects and blocks access to this threat after you update the firewall's threat signature database?

Data Filtering Profile applied to outbound Security policy rules
Data Filtering Profile applied to outbound Security policy rules
Antivirus Profile applied to outbound Security policy rules
Antivirus Profile applied to outbound Security policy rules
Data Filtering Profile applied to inbound Security policy rules
Data Filtering Profile applied to inbound Security policy rules
Vulnerability Profile applied to inbound Security policy rules
Vulnerability Profile applied to inbound Security policy rules
Suggested answer: B
asked 23/09/2024
Assane SENE
39 questions

Question 115

Report
Export
Collapse

Which Security profile can you apply to protect against malware such as worms and Trojans?

data filtering
data filtering
antivirus
antivirus
vulnerability protection
vulnerability protection
anti-spyware
anti-spyware
Suggested answer: B

Explanation:

Reference:

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/policy/securityprofiles#:~:text=Antivirus%20profiles%20protect%20against%20viruses,as%20well%20as%20spyware%20downloads

asked 23/09/2024
Juan Gonzalez
37 questions

Question 116

Report
Export
Collapse

Which two settings allow you to restrict access to the management interface? (Choose two )

enabling the Content-ID filter
enabling the Content-ID filter
administrative management services
administrative management services
restricting HTTP and telnet using App-ID
restricting HTTP and telnet using App-ID
permitted IP addresses
permitted IP addresses
Suggested answer: A, C
asked 23/09/2024
Ali Diaz
31 questions

Question 117

Report
Export
Collapse

Which object would an administrator create to block access to all high-risk applications?

HIP profile
HIP profile
application filter
application filter
application group
application group
Vulnerability Protection profile
Vulnerability Protection profile
Suggested answer: B

Explanation:

Reference:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClKECA0

asked 23/09/2024
Roberto Garavaglia
45 questions

Question 118

Report
Export
Collapse

An administrator would like to override the default deny action for a given application and instead would like to block the traffic and send the ICMP code "communication with the destination is administratively prohibited" Which security policy action causes this?

Drop
Drop
Drop, send ICMP Unreachable
Drop, send ICMP Unreachable
Reset both
Reset both
Reset server
Reset server
Suggested answer: B
asked 23/09/2024
JULIUS BALNEG
37 questions

Question 119

Report
Export
Collapse

What is a prerequisite before enabling an administrative account which relies on a local firewall user database?

Configure an authentication policy
Configure an authentication policy
Configure an authentication sequence
Configure an authentication sequence
Configure an authentication profile
Configure an authentication profile
Isolate the management interface on a dedicated management VLAN
Isolate the management interface on a dedicated management VLAN
Suggested answer: C
asked 23/09/2024
Ankit Parimi
33 questions

Question 120

Report
Export
Collapse

Which two rule types allow the administrator to modify the destination zone? (Choose two )

interzone
interzone
intrazone
intrazone
universal
universal
shadowed
shadowed
Suggested answer: A, C
asked 23/09/2024
Cesar Castillo
43 questions
Total 362 questions
Go to page: of 37
Open VPLUS File
Convert VPLUS to PDF

Related questions

An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_base. On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days. Based on the information, how is the SuperApp traffic affected after the 30 days have passed?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which firewall plane provides configuration, logging, and reporting functions on a separate processor?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which order of steps is the correct way to create a static route?
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)