ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSA

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 13

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which statement is true about Panorama managed devices?
Which order of steps is the correct way to create a static route?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)
An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?

Question 121

Report
Export
Collapse

Which statement is true about Panorama managed devices?

A.
Panorama automatically removes local configuration locks after a commit from Panorama
A.
Panorama automatically removes local configuration locks after a commit from Panorama
Answers
B.
Local configuration locks prohibit Security policy changes for a Panorama managed device
B.
Local configuration locks prohibit Security policy changes for a Panorama managed device
Answers
C.
Security policy rules configured on local firewalls always take precedence
C.
Security policy rules configured on local firewalls always take precedence
Answers
D.
Local configuration locks can be manually unlocked from Panorama
D.
Local configuration locks can be manually unlocked from Panorama
Answers
Suggested answer: C

Explanation:

Reference:

https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/administerpanorama/manage-locks-forrestricting-configuration-changes.html

Question 122

Report
Export
Collapse

What can be achieved by selecting a policy target prior to pushing policy rules from Panorama?

A.
Doing so limits the templates that receive the policy rules
A.
Doing so limits the templates that receive the policy rules
Answers
B.
Doing so provides audit information prior to making changes for selected policy rules
B.
Doing so provides audit information prior to making changes for selected policy rules
Answers
C.
You can specify the firewalls m a device group to which to push policy rules
C.
You can specify the firewalls m a device group to which to push policy rules
Answers
D.
You specify the location as pre can - or post-rules to push policy rules
D.
You specify the location as pre can - or post-rules to push policy rules
Answers
Suggested answer: C

Question 123

Report
Export
Collapse

An administrator would like to see the traffic that matches the interzone-default rule in the traffic logs.

What is the correct process to enable this logging1?

A.
Select the interzone-default rule and edit the rule on the Actions tab select Log at Session Start and click OK
A.
Select the interzone-default rule and edit the rule on the Actions tab select Log at Session Start and click OK
Answers
B.
Select the interzone-default rule and edit the rule on the Actions tab select Log at Session End and click OK
B.
Select the interzone-default rule and edit the rule on the Actions tab select Log at Session End and click OK
Answers
C.
This rule has traffic logging enabled by default no further action is required
C.
This rule has traffic logging enabled by default no further action is required
Answers
D.
Select the interzone-default rule and click Override on the Actions tab select Log at Session End and click OK
D.
Select the interzone-default rule and click Override on the Actions tab select Log at Session End and click OK
Answers
Suggested answer: D

Question 124

Report
Export
Collapse

What is the correct process tor creating a custom URL category?

A.
Objects > Security Profiles > URL Category > Add
A.
Objects > Security Profiles > URL Category > Add
Answers
B.
Objects > Custom Objects > URL Filtering > Add
B.
Objects > Custom Objects > URL Filtering > Add
Answers
C.
Objects > Security Profiles > URL Filtering > Add
C.
Objects > Security Profiles > URL Filtering > Add
Answers
D.
Objects > Custom Objects > URL Category > Add
D.
Objects > Custom Objects > URL Category > Add
Answers
Suggested answer: D

Question 125

Report
Export
Collapse

Which tab would an administrator click to create an address object?

A.
Device
A.
Device
Answers
B.
Policies
B.
Policies
Answers
C.
Monitor
C.
Monitor
Answers
D.
Objects
D.
Objects
Answers
Suggested answer: D

Question 126

Report
Export
Collapse

An administrator would like to silently drop traffic from the internet to a ftp server.

Which Security policy action should the administrator select?

A.
Reset-server
A.
Reset-server
Answers
B.
Block
B.
Block
Answers
C.
Deny
C.
Deny
Answers
D.
Drop
D.
Drop
Answers
Suggested answer: D

Question 127

Report
Export
Collapse

The Palo Alto Networks NGFW was configured with a single virtual router named VR-1 What changes are required on VR-1 to route traffic between two interfaces on the NGFW?

A.
Add zones attached to interfaces to the virtual router
A.
Add zones attached to interfaces to the virtual router
Answers
B.
Add interfaces to the virtual router
B.
Add interfaces to the virtual router
Answers
C.
Enable the redistribution profile to redistribute connected routes
C.
Enable the redistribution profile to redistribute connected routes
Answers
D.
Add a static routes to route between the two interfaces
D.
Add a static routes to route between the two interfaces
Answers
Suggested answer: D

Question 128

Report
Export
Collapse

What is the main function of the Test Policy Match function?

A.
verify that policy rules from Expedition are valid
A.
verify that policy rules from Expedition are valid
Answers
B.
confirm that rules meet or exceed the Best Practice Assessment recommendations
B.
confirm that rules meet or exceed the Best Practice Assessment recommendations
Answers
C.
confirm that policy rules in the configuration are allowing/denying the correct traffic
C.
confirm that policy rules in the configuration are allowing/denying the correct traffic
Answers
D.
ensure that policy rules are not shadowing other policy rules
D.
ensure that policy rules are not shadowing other policy rules
Answers
Suggested answer: D

Question 129

Report
Export
Collapse

Which option is part of the content inspection process?

A.
IPsec tunnel encryption
A.
IPsec tunnel encryption
Answers
B.
Packet egress process
B.
Packet egress process
Answers
C.
SSL Proxy re-encrypt
C.
SSL Proxy re-encrypt
Answers
D.
Packet forwarding process
D.
Packet forwarding process
Answers
Suggested answer: C

Question 130

Report
Export
Collapse

Which objects would be useful for combining several services that are often defined together?

A.
shared service objects
A.
shared service objects
Answers
B.
service groups
B.
service groups
Answers
C.
application groups
C.
application groups
Answers
D.
application filters
D.
application filters
Answers
Suggested answer: B

Explanation:

Reference:

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/objects/objectsservices.html

Total 362 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms