ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSA

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 15

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which statement is true about Panorama managed devices?
Which order of steps is the correct way to create a static route?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)
An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?

Question 141

Report
Export
Collapse

Assume a custom URL Category Object of "NO-FILES" has been created to identify a specific website How can file uploading/downloading be restricted for the website while permitting general browsing access to that website?

A.
Create a Security policy with a URL Filtering profile that references the site access setting of continue to NO-FILES
A.
Create a Security policy with a URL Filtering profile that references the site access setting of continue to NO-FILES
Answers
B.
Create a Security policy with a URL Filtering profile that references the site access setting of block to NO-FILES
B.
Create a Security policy with a URL Filtering profile that references the site access setting of block to NO-FILES
Answers
C.
Create a Security policy that references NO-FILES as a URL Category qualifier, with an appropriate Data Filtering profile
C.
Create a Security policy that references NO-FILES as a URL Category qualifier, with an appropriate Data Filtering profile
Answers
D.
Create a Security policy that references NO-FILES as a URL Category qualifier, with an appropriate File Blocking profile
D.
Create a Security policy that references NO-FILES as a URL Category qualifier, with an appropriate File Blocking profile
Answers
Suggested answer: B

Question 142

Report
Export
Collapse

Which three types of authentication services can be used to authenticate user traffic flowing through the firewalls data plane? (Choose three )

A.
TACACS
A.
TACACS
Answers
B.
SAML2
B.
SAML2
Answers
C.
SAML10
C.
SAML10
Answers
D.
Kerberos
D.
Kerberos
Answers
E.
TACACS+
E.
TACACS+
Answers
Suggested answer: A, B, D

Question 143

Report
Export
Collapse

Given the screenshot what two types of route is the administrator configuring? (Choose two )

A.
default route
A.
default route
Answers
B.
OSPF
B.
OSPF
Answers
C.
BGP
C.
BGP
Answers
D.
static route
D.
static route
Answers
Suggested answer: A

Question 144

Report
Export
Collapse

Based on the screenshot what is the purpose of the group in User labelled "it"?

A.
Allows users to access IT applications on all ports
A.
Allows users to access IT applications on all ports
Answers
B.
Allows users in group "DMZ" lo access IT applications
B.
Allows users in group "DMZ" lo access IT applications
Answers
C.
Allows "any" users to access servers in the DMZ zone
C.
Allows "any" users to access servers in the DMZ zone
Answers
D.
Allows users in group "it" to access IT applications
D.
Allows users in group "it" to access IT applications
Answers
Suggested answer: D

Question 145

Report
Export
Collapse

Which dynamic update type includes updated anti-spyware signatures?

A.
Applications and Threats
A.
Applications and Threats
Answers
B.
GlobalProtect Data File
B.
GlobalProtect Data File
Answers
C.
Antivirus
C.
Antivirus
Answers
D.
PAN-DB
D.
PAN-DB
Answers
Suggested answer: A

Question 146

Report
Export
Collapse

Which URL Filtering Profile action does not generate a log entry when a user attempts to access a URL?

A.
override
A.
override
Answers
B.
allow
B.
allow
Answers
C.
block
C.
block
Answers
D.
continue
D.
continue
Answers
Suggested answer: B

Question 147

Report
Export
Collapse

Given the network diagram, traffic should be permitted for both Trusted and Guest users to access general Internet and DMZ servers using SSH. web-browsing and SSL applications Which policy achieves the desired results?

A.
A.
Answers
B.
B.
Answers
C.
C.
Answers
D.
D.
Answers
Suggested answer: B

Question 148

Report
Export
Collapse

Which action results in the firewall blocking network traffic without notifying the sender?

A.
Deny
A.
Deny
Answers
B.
No notification
B.
No notification
Answers
C.
Drop
C.
Drop
Answers
D.
Reset Client
D.
Reset Client
Answers
Suggested answer: C

Question 149

Report
Export
Collapse

Which type of profile must be applied to the Security policy rule to protect against buffer overflows illegal code execution and other attempts to exploit system flaws''

A.
anti-spyware
A.
anti-spyware
Answers
B.
URL filtering
B.
URL filtering
Answers
C.
vulnerability protection
C.
vulnerability protection
Answers
D.
file blocking
D.
file blocking
Answers
Suggested answer: C

Explanation:

Reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interfacehelp/objects/objects-security-profiles-vulnerability-protection.html

Question 150

Report
Export
Collapse

An administrator is reviewing another administrator s Security policy log settings Which log setting configuration is consistent with best practices tor normal traffic?

A.
Log at Session Start and Log at Session End both enabled
A.
Log at Session Start and Log at Session End both enabled
Answers
B.
Log at Session Start disabled Log at Session End enabled
B.
Log at Session Start disabled Log at Session End enabled
Answers
C.
Log at Session Start enabled Log at Session End disabled
C.
Log at Session Start enabled Log at Session End disabled
Answers
D.
Log at Session Start and Log at Session End both disabled
D.
Log at Session Start and Log at Session End both disabled
Answers
Suggested answer: B
Total 362 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms