ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSA

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 16

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which statement is true about Panorama managed devices?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)
Which order of steps is the correct way to create a static route?
An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)
Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?

Question 151

Report
Export
Collapse

Which URL Filtering profile action would you set to allow users the option to access a site only if they provide a URL admin password?

A.
override
A.
override
Answers
B.
authorization
B.
authorization
Answers
C.
authentication
C.
authentication
Answers
D.
continue
D.
continue
Answers
Suggested answer: B

Explanation:

Reference:

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/url-filtering/url-filtering-concepts/urlfilteringprofile-actions.html


Question 152

Report
Export
Collapse

Selecting the option to revert firewall changes will replace what settings?

A.
the running configuration with settings from the candidate configuration
A.
the running configuration with settings from the candidate configuration
Answers
B.
the device state with settings from another configuration
B.
the device state with settings from another configuration
Answers
C.
the candidate configuration with settings from the running configuration
C.
the candidate configuration with settings from the running configuration
Answers
D.
dynamic update scheduler settings
D.
dynamic update scheduler settings
Answers
Suggested answer: C

Question 153

Report
Export
Collapse

What is considered best practice with regards to committing configuration changes?

A.
Disable the automatic commit feature that prioritizes content database installations before committing
A.
Disable the automatic commit feature that prioritizes content database installations before committing
Answers
B.
Validate configuration changes prior to committing
B.
Validate configuration changes prior to committing
Answers
C.
Wait until all running and pending jobs are finished before committing
C.
Wait until all running and pending jobs are finished before committing
Answers
D.
Export configuration after each single configuration change performed
D.
Export configuration after each single configuration change performed
Answers
Suggested answer: A

Question 154

Report
Export
Collapse

An administrator wants to prevent users from submitting corporate credentials in a phishing attack.

Which Security profile should be applied?

A.
antivirus
A.
antivirus
Answers
B.
anti-spyware
B.
anti-spyware
Answers
C.
URL filtering
C.
URL filtering
Answers
D.
vulnerability protection
D.
vulnerability protection
Answers
Suggested answer: B

Question 155

Report
Export
Collapse

Which Security profile would you apply to identify infected hosts on the protected network using DNS traffic?

A.
URL traffic
A.
URL traffic
Answers
B.
vulnerability protection
B.
vulnerability protection
Answers
C.
anti-spyware
C.
anti-spyware
Answers
D.
antivirus
D.
antivirus
Answers
Suggested answer: C

Question 156

Report
Export
Collapse

Which two firewall components enable you to configure SYN flood protection thresholds? (Choose two.)

A.
QoS profile
A.
QoS profile
Answers
B.
DoS Protection profile
B.
DoS Protection profile
Answers
C.
Zone Protection profile
C.
Zone Protection profile
Answers
D.
DoS Protection policy
D.
DoS Protection policy
Answers
Suggested answer: B, C

Explanation:

Reference:

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/policy/security-profiles

Question 157

Report
Export
Collapse

What is the main function of Policy Optimizer?

A.
reduce load on the management plane by highlighting combinable security rules
A.
reduce load on the management plane by highlighting combinable security rules
Answers
B.
migrate other firewall vendors' security rules to Palo Alto Networks configuration
B.
migrate other firewall vendors' security rules to Palo Alto Networks configuration
Answers
C.
eliminate "Log at Session Start" security rules
C.
eliminate "Log at Session Start" security rules
Answers
D.
convert port-based security rules to application-based security rules
D.
convert port-based security rules to application-based security rules
Answers
Suggested answer: D

Explanation:

Reference:

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/app-id-features/policyoptimizer.html

Question 158

Report
Export
Collapse

How does an administrator schedule an Applications and Threats dynamic update while delaying installation of the update for a certain amount of time?

A.
Disable automatic updates during weekdays
A.
Disable automatic updates during weekdays
Answers
B.
Automatically "download and install" but with the "disable new applications" option used
B.
Automatically "download and install" but with the "disable new applications" option used
Answers
C.
Automatically "download only" and then install Applications and Threats later, after the administrator approves the update
C.
Automatically "download only" and then install Applications and Threats later, after the administrator approves the update
Answers
D.
Configure the option for "Threshold"
D.
Configure the option for "Threshold"
Answers
Suggested answer: D

Question 159

Report
Export
Collapse

You receive notification about new malware that infects hosts through malicious files transferred by FTP.

Which Security profile detects and protects your internal networks from this threat after you update your firewall's threat signature database?

A.
URL Filtering profile applied to inbound Security policy rules.
A.
URL Filtering profile applied to inbound Security policy rules.
Answers
B.
Data Filtering profile applied to outbound Security policy rules.
B.
Data Filtering profile applied to outbound Security policy rules.
Answers
C.
Antivirus profile applied to inbound Security policy rules.
C.
Antivirus profile applied to inbound Security policy rules.
Answers
D.
Vulnerability Prote ction profile applied to outbound Security policy rules.
D.
Vulnerability Prote ction profile applied to outbound Security policy rules.
Answers
Suggested answer: C

Explanation:

Reference:

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/policy/security-profiles

Question 160

Report
Export
Collapse

Which rule type is appropriate for matching traffic both within and between the source and destination zones?

A.
interzone
A.
interzone
Answers
B.
shadowed
B.
shadowed
Answers
C.
intrazone
C.
intrazone
Answers
D.
universal
D.
universal
Answers
Suggested answer: A
Total 362 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms