ExamGecko
Login
Home / Palo Alto Networks / PCNSA / List of questions
Ask Question

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 14

List of questions

Question 131

Report Export Collapse

Palo Alto Networks firewall architecture accelerates content map minimizing latency using which two components'? (Choose two )

Network Processing Engine
Network Processing Engine
Single Stream-based Engine
Single Stream-based Engine
Policy Engine
Policy Engine
Parallel Processing Hardware
Parallel Processing Hardware
Suggested answer: B
asked 23/09/2024
Casey Donovan
43 questions

Question 132

Report Export Collapse

Which type of address object is "10 5 1 1/0 127 248 2"?

IP subnet
IP subnet
IP wildcard mask
IP wildcard mask
IP netmask
IP netmask
IP range
IP range
Suggested answer: B
asked 23/09/2024
JEAN-MARIE HERMANT
60 questions

Question 133

Report Export Collapse

An administrator has configured a Security policy where the matching condition includes a single application and the action is deny If the application s default deny action is reset-both what action does the firewall take*?

It sends a TCP reset to the client-side and server-side devices
It sends a TCP reset to the client-side and server-side devices
It silently drops the traffic and sends an ICMP unreachable code
It silently drops the traffic and sends an ICMP unreachable code
It silently drops the traffic
It silently drops the traffic
It sends a TCP reset to the server-side device
It sends a TCP reset to the server-side device
Suggested answer: A
asked 23/09/2024
Koh Renbin
43 questions

Question 134

Report Export Collapse

How are Application Fillers or Application Groups used in firewall policy?

An Application Filter is a static way of grouping applications and can be configured as a nested member of an Application Group
An Application Filter is a static way of grouping applications and can be configured as a nested member of an Application Group
An Application Filter is a dynamic way to group applications and can be configured as a nested member of an Application Group
An Application Filter is a dynamic way to group applications and can be configured as a nested member of an Application Group
An Application Group is a dynamic way of grouping applications and can be configured as a nested member of an Application Group
An Application Group is a dynamic way of grouping applications and can be configured as a nested member of an Application Group
An Application Group is a static way of grouping applications and cannot be configured as a nested member of Application Group
An Application Group is a static way of grouping applications and cannot be configured as a nested member of Application Group
Suggested answer: B
asked 23/09/2024
Joe Evanchak
46 questions

Question 135

Report Export Collapse

An administrator wishes to follow best practices for logging traffic that traverses the firewall Which log setting is correct?

Disable all logging
Disable all logging
Enable Log at Session End
Enable Log at Session End
Enable Log at Session Start
Enable Log at Session Start
Enable Log at both Session Start and End
Enable Log at both Session Start and End
Suggested answer: B
Explanation:

Reference:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clt5CAC

asked 23/09/2024
Faria Sah
40 questions

Question 136

Report Export Collapse

Assume that traffic matches a Security policy rule but the attached Security Profiles is configured to block matching traffic Which statement accurately describes how the firewall will apply an action to matching traffic?

If it is an allowed rule, then the Security Profile action is applied last
If it is an allowed rule, then the Security Profile action is applied last
If it is a block rule then the Security policy rule action is applied last
If it is a block rule then the Security policy rule action is applied last
If it is an allow rule then the Security policy rule is applied last
If it is an allow rule then the Security policy rule is applied last
If it is a block rule then Security Profile action is applied last
If it is a block rule then Security Profile action is applied last
Suggested answer: A
asked 23/09/2024
Abdelilah BAKIR
32 questions

Question 137

Report Export Collapse

You have been tasked to configure access to a new web server located in the DMZ Based on the diagram what configuration changes are required in the NGFW virtual router to route traffic from the 10 1 1 0/24 network to 192 168 1 0/24?

Palo Alto Networks PCNSA image Question 137 53952 09232024001155000000

Add a route with the destination of 192 168 1 0/24 using interface Eth 1/3 with a next-hop of 192.168 1.10
Add a route with the destination of 192 168 1 0/24 using interface Eth 1/3 with a next-hop of 192.168 1.10
Add a route with the destination of 192 168 1 0/24 using interface Eth 1/2 with a next-hop of 172.16.1.2
Add a route with the destination of 192 168 1 0/24 using interface Eth 1/2 with a next-hop of 172.16.1.2
Add a route with the destination of 192 168 1 0/24 using interface Eth 1/3 with a next-hop of 172.16.1.2
Add a route with the destination of 192 168 1 0/24 using interface Eth 1/3 with a next-hop of 172.16.1.2
Add a route with the destination of 192 168 1 0/24 using interface Eth 1/3 with a next-hop of 192.168.1.254
Add a route with the destination of 192 168 1 0/24 using interface Eth 1/3 with a next-hop of 192.168.1.254
Suggested answer: C
asked 23/09/2024
Jean Ducasse
45 questions

Question 138

Report Export Collapse

An administrator wants to prevent access to media content websites that are risky Which two URL categories should be combined in a custom URL category to accomplish this goal?

(Choose two)

streaming-media
streaming-media
high-risk
high-risk
recreation-and-hobbies
recreation-and-hobbies
known-risk
known-risk
Suggested answer: A, C
asked 23/09/2024
Romain PAILLAS
36 questions

Question 139

Report Export Collapse

A Security Profile can block or allow traffic at which point?

after it is matched to a Security policy rule that allows traffic
after it is matched to a Security policy rule that allows traffic
on either the data plane or the management plane
on either the data plane or the management plane
after it is matched to a Security policy rule that allows or blocks traffic
after it is matched to a Security policy rule that allows or blocks traffic
before it is matched to a Security policy rule
before it is matched to a Security policy rule
Suggested answer: A
asked 23/09/2024
ANIKET PATEL
42 questions

Question 140

Report Export Collapse

Given the cyber-attack lifecycle diagram identify the stage in which the attacker can run malicious code against a vulnerability in a targeted machine.

Palo Alto Networks PCNSA image Question 140 53955 09232024001155000000

Exploitation
Exploitation
Installation
Installation
Reconnaissance
Reconnaissance
Act on the Objective
Act on the Objective
Suggested answer: A
asked 23/09/2024
Grant Richardson
40 questions
Total 362 questions
Go to page: of 37
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_base. On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days. Based on the information, how is the SuperApp traffic affected after the 30 days have passed?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which firewall plane provides configuration, logging, and reporting functions on a separate processor?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which order of steps is the correct way to create a static route?
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)