ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSA

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 17

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which statement is true about Panorama managed devices?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)
Which order of steps is the correct way to create a static route?
An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)
Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?

Question 161

Report
Export
Collapse

What must be considered with regards to content updates deployed from Panorama?

A.
Content update schedulers need to be configured separately per device group.
A.
Content update schedulers need to be configured separately per device group.
Answers
B.
Panorama can only install up to five content versions of the same type for potential rollback scenarios.
B.
Panorama can only install up to five content versions of the same type for potential rollback scenarios.
Answers
C.
A PAN-OS upgrade resets all scheduler configurations for content updates.
C.
A PAN-OS upgrade resets all scheduler configurations for content updates.
Answers
D.
Panorama can only download one content update at a time for content updates of the same type.
D.
Panorama can only download one content update at a time for content updates of the same type.
Answers
Suggested answer: D

Explanation:

Reference: https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/manage-licensesand-updates/deploy-updates-to-firewalls-log-collectors-and-wildfire-appliances-usingpanorama/schedule-a-content-update-using-panorama.html

Question 162

Report
Export
Collapse

During the packet flow process, which two processes are performed in application identification?

(Choose two.)

A.
pattern based application identification
A.
pattern based application identification
Answers
B.
application override policy match
B.
application override policy match
Answers
C.
session application identified
C.
session application identified
Answers
D.
application changed from content inspection
D.
application changed from content inspection
Answers
Suggested answer: A, B

Explanation:

Reference: http://live.paloaltonetworks.com//t5/image/serverpage/imageid/12862i950F549C7D4E6309

Question 163

Report
Export
Collapse

Refer to the exhibit. A web server in the DMZ is being mapped to a public address through DNAT.

Which Security policy rule will allow traffic to flow to the web server?

A.
Untrust (any) to DMZ (10.1.1.100), web browsing -Allow
A.
Untrust (any) to DMZ (10.1.1.100), web browsing -Allow
Answers
B.
Untrust (any) to Untrust (1.1.1.100), web browsing - Allow
B.
Untrust (any) to Untrust (1.1.1.100), web browsing - Allow
Answers
C.
Untrust (any) to Untrust (10.1.1.100), web browsing -Allow
C.
Untrust (any) to Untrust (10.1.1.100), web browsing -Allow
Answers
D.
Untrust (any) to DMZ (1.1.1.100), web browsing - Allow
D.
Untrust (any) to DMZ (1.1.1.100), web browsing - Allow
Answers
Suggested answer: D

Explanation:

Reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/networking/nat/natconfiguration-examples/destination-nat-exampleone-to-one-mapping

Question 164

Report
Export
Collapse

What does an administrator use to validate whether a session is matching an expected NAT policy?

A.
system log
A.
system log
Answers
B.
test command
B.
test command
Answers
C.
threat log
C.
threat log
Answers
D.
config audit
D.
config audit
Answers
Suggested answer: B

Explanation:

Reference:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClQSCA0

Question 165

Report
Export
Collapse

What is the purpose of the automated commit recovery feature?

A.
It reverts the Panorama configuration.
A.
It reverts the Panorama configuration.
Answers
B.
It causes HA synchronization to occur automatically between the HA peers after a push from Panorama.
B.
It causes HA synchronization to occur automatically between the HA peers after a push from Panorama.
Answers
C.
It reverts the firewall configuration if the firewall recognizes a loss of connectivity to Panorama after the change.
C.
It reverts the firewall configuration if the firewall recognizes a loss of connectivity to Panorama after the change.
Answers
D.
It generates a config log after the Panorama configuration successfully reverts to the last running configuration.
D.
It generates a config log after the Panorama configuration successfully reverts to the last running configuration.
Answers
Suggested answer: C

Explanation:

Reference: https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/administerpanorama/enable-automated-commit-recovery.html

Question 166

Report
Export
Collapse

According to the best practices for mission critical devices, what is the recommended interval for antivirus updates?

A.
by minute
A.
by minute
Answers
B.
hourly
B.
hourly
Answers
C.
daily
C.
daily
Answers
D.
weekly
D.
weekly
Answers
Suggested answer: C

Explanation:

Reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/threat-prevention/bestpractices-for-content-and-threat-content-updates/best-practices-mission-critical.html

Question 167

Report
Export
Collapse

Which Security policy match condition would an administrator use to block traffic from IP addresses on the Palo Alto Networks EDL of Known Malicious IP Addresses list?

A.
destination address
A.
destination address
Answers
B.
source address
B.
source address
Answers
C.
destination zone
C.
destination zone
Answers
D.
source zone
D.
source zone
Answers
Suggested answer: B

Explanation:

Reference: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/policy/use-an-externaldynamic-list-in-policy/external-dynamic-list.html

Question 168

Report
Export
Collapse

URL categories can be used as match criteria on which two policy types? (Choose two.)

A.
authentication
A.
authentication
Answers
B.
decryption
B.
decryption
Answers
C.
application override
C.
application override
Answers
D.
NAT
D.
NAT
Answers
Suggested answer: A, B

Explanation:

Reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/url-filtering/url-filteringconcepts/url-category-as-policy-match-criteria.html

Question 169

Report
Export
Collapse

Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)

A.
The web session was unsuccessfully decrypted.
A.
The web session was unsuccessfully decrypted.
Answers
B.
The traffic was denied by security profile.
B.
The traffic was denied by security profile.
Answers
C.
The traffic was denied by URL filtering.
C.
The traffic was denied by URL filtering.
Answers
D.
The web session was decrypted.
D.
The web session was decrypted.
Answers
Suggested answer: C, D

Question 170

Report
Export
Collapse

Refer to the exhibit. An administrator is using DNAT to map two servers to a single public IP address.

Traffic will be steered to the specific server based on the application, where Host A (10.1.1.100) receives HTTP traffic and Host B (10.1.1.101) receives SSH traffic.

Which two Security policy rules will accomplish this configuration? (Choose two.)

A.
Untrust (Any) to DMZ (1.1.1.100), ssh - Allow
A.
Untrust (Any) to DMZ (1.1.1.100), ssh - Allow
Answers
B.
Untrust (Any) to Untrust (10.1.1.1), web-browsing -Allow
B.
Untrust (Any) to Untrust (10.1.1.1), web-browsing -Allow
Answers
C.
Untrust (Any) to Untrust (10.1.1.1), ssh -Allow
C.
Untrust (Any) to Untrust (10.1.1.1), ssh -Allow
Answers
D.
Untrust (Any)to DMZ (10.1.1.100. 10.1.1.101), ssh, web-browsing-Allow
D.
Untrust (Any)to DMZ (10.1.1.100. 10.1.1.101), ssh, web-browsing-Allow
Answers
E.
Untrust (Any) to DMZ (1.1.1.100), web-browsing - Allow
E.
Untrust (Any) to DMZ (1.1.1.100), web-browsing - Allow
Answers
Suggested answer: A, E
Total 362 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms