ExamGecko
Login
Home / Palo Alto Networks / PCNSA / List of questions
Ask Question

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 13

List of questions

Question 121

Report
Export
Collapse

Which statement is true about Panorama managed devices?

Panorama automatically removes local configuration locks after a commit from Panorama
Panorama automatically removes local configuration locks after a commit from Panorama
Local configuration locks prohibit Security policy changes for a Panorama managed device
Local configuration locks prohibit Security policy changes for a Panorama managed device
Security policy rules configured on local firewalls always take precedence
Security policy rules configured on local firewalls always take precedence
Local configuration locks can be manually unlocked from Panorama
Local configuration locks can be manually unlocked from Panorama
Suggested answer: C

Explanation:

Reference:

https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/administerpanorama/manage-locks-forrestricting-configuration-changes.html

Palo Alto Networks PCNSA image Question 121 explanation 53936 09232024001155000000

asked 23/09/2024
Danilo Ferrareis
34 questions

Question 122

Report
Export
Collapse

What can be achieved by selecting a policy target prior to pushing policy rules from Panorama?

Doing so limits the templates that receive the policy rules
Doing so limits the templates that receive the policy rules
Doing so provides audit information prior to making changes for selected policy rules
Doing so provides audit information prior to making changes for selected policy rules
You can specify the firewalls m a device group to which to push policy rules
You can specify the firewalls m a device group to which to push policy rules
You specify the location as pre can - or post-rules to push policy rules
You specify the location as pre can - or post-rules to push policy rules
Suggested answer: C
asked 23/09/2024
Paul LOUIS DIT PICARD
36 questions

Question 123

Report
Export
Collapse

An administrator would like to see the traffic that matches the interzone-default rule in the traffic logs.

What is the correct process to enable this logging1?

Select the interzone-default rule and edit the rule on the Actions tab select Log at Session Start and click OK
Select the interzone-default rule and edit the rule on the Actions tab select Log at Session Start and click OK
Select the interzone-default rule and edit the rule on the Actions tab select Log at Session End and click OK
Select the interzone-default rule and edit the rule on the Actions tab select Log at Session End and click OK
This rule has traffic logging enabled by default no further action is required
This rule has traffic logging enabled by default no further action is required
Select the interzone-default rule and click Override on the Actions tab select Log at Session End and click OK
Select the interzone-default rule and click Override on the Actions tab select Log at Session End and click OK
Suggested answer: D
asked 23/09/2024
Luis Gerardo Collazos Castro
38 questions

Question 124

Report
Export
Collapse

What is the correct process tor creating a custom URL category?

Objects > Security Profiles > URL Category > Add
Objects > Security Profiles > URL Category > Add
Objects > Custom Objects > URL Filtering > Add
Objects > Custom Objects > URL Filtering > Add
Objects > Security Profiles > URL Filtering > Add
Objects > Security Profiles > URL Filtering > Add
Objects > Custom Objects > URL Category > Add
Objects > Custom Objects > URL Category > Add
Suggested answer: D
asked 23/09/2024
Liam Harris
51 questions

Question 125

Report
Export
Collapse

Which tab would an administrator click to create an address object?

Device
Device
Policies
Policies
Monitor
Monitor
Objects
Objects
Suggested answer: D
asked 23/09/2024
Michael Serda
36 questions

Question 126

Report
Export
Collapse

An administrator would like to silently drop traffic from the internet to a ftp server.

Which Security policy action should the administrator select?

Reset-server
Reset-server
Block
Block
Deny
Deny
Drop
Drop
Suggested answer: D
asked 23/09/2024
Victor Avila
29 questions

Question 127

Report
Export
Collapse

The Palo Alto Networks NGFW was configured with a single virtual router named VR-1 What changes are required on VR-1 to route traffic between two interfaces on the NGFW?

Add zones attached to interfaces to the virtual router
Add zones attached to interfaces to the virtual router
Add interfaces to the virtual router
Add interfaces to the virtual router
Enable the redistribution profile to redistribute connected routes
Enable the redistribution profile to redistribute connected routes
Add a static routes to route between the two interfaces
Add a static routes to route between the two interfaces
Suggested answer: D
asked 23/09/2024
Vaibhav Somani
34 questions

Question 128

Report
Export
Collapse

What is the main function of the Test Policy Match function?

verify that policy rules from Expedition are valid
verify that policy rules from Expedition are valid
confirm that rules meet or exceed the Best Practice Assessment recommendations
confirm that rules meet or exceed the Best Practice Assessment recommendations
confirm that policy rules in the configuration are allowing/denying the correct traffic
confirm that policy rules in the configuration are allowing/denying the correct traffic
ensure that policy rules are not shadowing other policy rules
ensure that policy rules are not shadowing other policy rules
Suggested answer: D
asked 23/09/2024
M Kumar
40 questions

Question 129

Report
Export
Collapse

Which option is part of the content inspection process?

IPsec tunnel encryption
IPsec tunnel encryption
Packet egress process
Packet egress process
SSL Proxy re-encrypt
SSL Proxy re-encrypt
Packet forwarding process
Packet forwarding process
Suggested answer: C
asked 23/09/2024
Balanavaneethan Nitharsan
29 questions

Question 130

Report
Export
Collapse

Which objects would be useful for combining several services that are often defined together?

shared service objects
shared service objects
service groups
service groups
application groups
application groups
application filters
application filters
Suggested answer: B

Explanation:

Reference:

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/objects/objectsservices.html

asked 23/09/2024
Jose Rodrigues
38 questions
Total 362 questions
Go to page: of 37
Open VPLUS File
Convert VPLUS to PDF

Related questions

An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_base. On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days. Based on the information, how is the SuperApp traffic affected after the 30 days have passed?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which firewall plane provides configuration, logging, and reporting functions on a separate processor?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which order of steps is the correct way to create a static route?
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)