ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSA

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 12

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which statement is true about Panorama managed devices?
Which order of steps is the correct way to create a static route?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)
An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?

Question 111

Report
Export
Collapse

The PowerBall Lottery has reached an unusually high value this week. Your company has decided to raise morale by allowing employees to access the PowerBall Lottery website (www.powerball.com) for just this week. However, the company does not want employees to access any other websites also listed in the URL filtering "gambling" category.

Which method allows the employees to access the PowerBall Lottery website but without unblocking access to the "gambling" URL category?

A.
Add just the URL www.powerball.com to a Security policy allow rule.
A.
Add just the URL www.powerball.com to a Security policy allow rule.
Answers
B.
Manually remove powerball.com from the gambling URL category.
B.
Manually remove powerball.com from the gambling URL category.
Answers
C.
Add *.powerball.com to the URL Filtering allow list.
C.
Add *.powerball.com to the URL Filtering allow list.
Answers
D.
Create a custom URL category, add *.powerball.com to it and allow it in the Security Profile.
D.
Create a custom URL category, add *.powerball.com to it and allow it in the Security Profile.
Answers
Suggested answer: C, D

Question 112

Report
Export
Collapse

Which type of administrator account cannot be used to authenticate user traffic flowing through the firewall's data plane?

A.
Kerberos user
A.
Kerberos user
Answers
B.
SAML user
B.
SAML user
Answers
C.
local database user
C.
local database user
Answers
D.
local user
D.
local user
Answers
Suggested answer: B

Question 113

Report
Export
Collapse

Access to which feature requires the PAN-OS Filtering license?

A.
PAN-DB database
A.
PAN-DB database
Answers
B.
DNS Security
B.
DNS Security
Answers
C.
Custom URL categories
C.
Custom URL categories
Answers
D.
URL external dynamic lists
D.
URL external dynamic lists
Answers
Suggested answer: A

Explanation:

Reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/activatelicenses-andsubscriptions.html

Question 114

Report
Export
Collapse

You receive notification about new malware that is being used to attack hosts The malware exploits a software bug in a common application Which Security Profile detects and blocks access to this threat after you update the firewall's threat signature database?

A.
Data Filtering Profile applied to outbound Security policy rules
A.
Data Filtering Profile applied to outbound Security policy rules
Answers
B.
Antivirus Profile applied to outbound Security policy rules
B.
Antivirus Profile applied to outbound Security policy rules
Answers
C.
Data Filtering Profile applied to inbound Security policy rules
C.
Data Filtering Profile applied to inbound Security policy rules
Answers
D.
Vulnerability Profile applied to inbound Security policy rules
D.
Vulnerability Profile applied to inbound Security policy rules
Answers
Suggested answer: B

Question 115

Report
Export
Collapse

Which Security profile can you apply to protect against malware such as worms and Trojans?

A.
data filtering
A.
data filtering
Answers
B.
antivirus
B.
antivirus
Answers
C.
vulnerability protection
C.
vulnerability protection
Answers
D.
anti-spyware
D.
anti-spyware
Answers
Suggested answer: B

Explanation:

Reference:

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/policy/securityprofiles#:~:text=Antivirus%20profiles%20protect%20against%20viruses,as%20well%20as%20spyware%20downloads

Question 116

Report
Export
Collapse

Which two settings allow you to restrict access to the management interface? (Choose two )

A.
enabling the Content-ID filter
A.
enabling the Content-ID filter
Answers
B.
administrative management services
B.
administrative management services
Answers
C.
restricting HTTP and telnet using App-ID
C.
restricting HTTP and telnet using App-ID
Answers
D.
permitted IP addresses
D.
permitted IP addresses
Answers
Suggested answer: A, C

Question 117

Report
Export
Collapse

Which object would an administrator create to block access to all high-risk applications?

A.
HIP profile
A.
HIP profile
Answers
B.
application filter
B.
application filter
Answers
C.
application group
C.
application group
Answers
D.
Vulnerability Protection profile
D.
Vulnerability Protection profile
Answers
Suggested answer: B

Explanation:

Reference:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClKECA0

Question 118

Report
Export
Collapse

An administrator would like to override the default deny action for a given application and instead would like to block the traffic and send the ICMP code "communication with the destination is administratively prohibited" Which security policy action causes this?

A.
Drop
A.
Drop
Answers
B.
Drop, send ICMP Unreachable
B.
Drop, send ICMP Unreachable
Answers
C.
Reset both
C.
Reset both
Answers
D.
Reset server
D.
Reset server
Answers
Suggested answer: B

Question 119

Report
Export
Collapse

What is a prerequisite before enabling an administrative account which relies on a local firewall user database?

A.
Configure an authentication policy
A.
Configure an authentication policy
Answers
B.
Configure an authentication sequence
B.
Configure an authentication sequence
Answers
C.
Configure an authentication profile
C.
Configure an authentication profile
Answers
D.
Isolate the management interface on a dedicated management VLAN
D.
Isolate the management interface on a dedicated management VLAN
Answers
Suggested answer: C

Question 120

Report
Export
Collapse

Which two rule types allow the administrator to modify the destination zone? (Choose two )

A.
interzone
A.
interzone
Answers
B.
intrazone
B.
intrazone
Answers
C.
universal
C.
universal
Answers
D.
shadowed
D.
shadowed
Answers
Suggested answer: A, C
Total 362 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms