ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSA

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 14

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which statement is true about Panorama managed devices?
Which order of steps is the correct way to create a static route?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)
An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?

Question 131

Report
Export
Collapse

Palo Alto Networks firewall architecture accelerates content map minimizing latency using which two components'? (Choose two )

A.
Network Processing Engine
A.
Network Processing Engine
Answers
B.
Single Stream-based Engine
B.
Single Stream-based Engine
Answers
C.
Policy Engine
C.
Policy Engine
Answers
D.
Parallel Processing Hardware
D.
Parallel Processing Hardware
Answers
Suggested answer: B

Question 132

Report
Export
Collapse

Which type of address object is "10 5 1 1/0 127 248 2"?

A.
IP subnet
A.
IP subnet
Answers
B.
IP wildcard mask
B.
IP wildcard mask
Answers
C.
IP netmask
C.
IP netmask
Answers
D.
IP range
D.
IP range
Answers
Suggested answer: B

Question 133

Report
Export
Collapse

An administrator has configured a Security policy where the matching condition includes a single application and the action is deny If the application s default deny action is reset-both what action does the firewall take*?

A.
It sends a TCP reset to the client-side and server-side devices
A.
It sends a TCP reset to the client-side and server-side devices
Answers
B.
It silently drops the traffic and sends an ICMP unreachable code
B.
It silently drops the traffic and sends an ICMP unreachable code
Answers
C.
It silently drops the traffic
C.
It silently drops the traffic
Answers
D.
It sends a TCP reset to the server-side device
D.
It sends a TCP reset to the server-side device
Answers
Suggested answer: A

Question 134

Report
Export
Collapse

How are Application Fillers or Application Groups used in firewall policy?

A.
An Application Filter is a static way of grouping applications and can be configured as a nested member of an Application Group
A.
An Application Filter is a static way of grouping applications and can be configured as a nested member of an Application Group
Answers
B.
An Application Filter is a dynamic way to group applications and can be configured as a nested member of an Application Group
B.
An Application Filter is a dynamic way to group applications and can be configured as a nested member of an Application Group
Answers
C.
An Application Group is a dynamic way of grouping applications and can be configured as a nested member of an Application Group
C.
An Application Group is a dynamic way of grouping applications and can be configured as a nested member of an Application Group
Answers
D.
An Application Group is a static way of grouping applications and cannot be configured as a nested member of Application Group
D.
An Application Group is a static way of grouping applications and cannot be configured as a nested member of Application Group
Answers
Suggested answer: B

Question 135

Report
Export
Collapse

An administrator wishes to follow best practices for logging traffic that traverses the firewall Which log setting is correct?

A.
Disable all logging
A.
Disable all logging
Answers
B.
Enable Log at Session End
B.
Enable Log at Session End
Answers
C.
Enable Log at Session Start
C.
Enable Log at Session Start
Answers
D.
Enable Log at both Session Start and End
D.
Enable Log at both Session Start and End
Answers
Suggested answer: B

Explanation:

Reference:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clt5CAC

Question 136

Report
Export
Collapse

Assume that traffic matches a Security policy rule but the attached Security Profiles is configured to block matching traffic Which statement accurately describes how the firewall will apply an action to matching traffic?

A.
If it is an allowed rule, then the Security Profile action is applied last
A.
If it is an allowed rule, then the Security Profile action is applied last
Answers
B.
If it is a block rule then the Security policy rule action is applied last
B.
If it is a block rule then the Security policy rule action is applied last
Answers
C.
If it is an allow rule then the Security policy rule is applied last
C.
If it is an allow rule then the Security policy rule is applied last
Answers
D.
If it is a block rule then Security Profile action is applied last
D.
If it is a block rule then Security Profile action is applied last
Answers
Suggested answer: A

Question 137

Report
Export
Collapse

You have been tasked to configure access to a new web server located in the DMZ Based on the diagram what configuration changes are required in the NGFW virtual router to route traffic from the 10 1 1 0/24 network to 192 168 1 0/24?

A.
Add a route with the destination of 192 168 1 0/24 using interface Eth 1/3 with a next-hop of 192.168 1.10
A.
Add a route with the destination of 192 168 1 0/24 using interface Eth 1/3 with a next-hop of 192.168 1.10
Answers
B.
Add a route with the destination of 192 168 1 0/24 using interface Eth 1/2 with a next-hop of 172.16.1.2
B.
Add a route with the destination of 192 168 1 0/24 using interface Eth 1/2 with a next-hop of 172.16.1.2
Answers
C.
Add a route with the destination of 192 168 1 0/24 using interface Eth 1/3 with a next-hop of 172.16.1.2
C.
Add a route with the destination of 192 168 1 0/24 using interface Eth 1/3 with a next-hop of 172.16.1.2
Answers
D.
Add a route with the destination of 192 168 1 0/24 using interface Eth 1/3 with a next-hop of 192.168.1.254
D.
Add a route with the destination of 192 168 1 0/24 using interface Eth 1/3 with a next-hop of 192.168.1.254
Answers
Suggested answer: C

Question 138

Report
Export
Collapse

An administrator wants to prevent access to media content websites that are risky Which two URL categories should be combined in a custom URL category to accomplish this goal?

(Choose two)

A.
streaming-media
A.
streaming-media
Answers
B.
high-risk
B.
high-risk
Answers
C.
recreation-and-hobbies
C.
recreation-and-hobbies
Answers
D.
known-risk
D.
known-risk
Answers
Suggested answer: A, C

Question 139

Report
Export
Collapse

A Security Profile can block or allow traffic at which point?

A.
after it is matched to a Security policy rule that allows traffic
A.
after it is matched to a Security policy rule that allows traffic
Answers
B.
on either the data plane or the management plane
B.
on either the data plane or the management plane
Answers
C.
after it is matched to a Security policy rule that allows or blocks traffic
C.
after it is matched to a Security policy rule that allows or blocks traffic
Answers
D.
before it is matched to a Security policy rule
D.
before it is matched to a Security policy rule
Answers
Suggested answer: A

Question 140

Report
Export
Collapse

Given the cyber-attack lifecycle diagram identify the stage in which the attacker can run malicious code against a vulnerability in a targeted machine.

A.
Exploitation
A.
Exploitation
Answers
B.
Installation
B.
Installation
Answers
C.
Reconnaissance
C.
Reconnaissance
Answers
D.
Act on the Objective
D.
Act on the Objective
Answers
Suggested answer: A
Total 362 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms