ExamGecko
Login
Home / Palo Alto Networks / PCNSA / List of questions
Ask Question

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 17

List of questions

Question 161

Report Export Collapse

What must be considered with regards to content updates deployed from Panorama?

Content update schedulers need to be configured separately per device group.
Content update schedulers need to be configured separately per device group.
Panorama can only install up to five content versions of the same type for potential rollback scenarios.
Panorama can only install up to five content versions of the same type for potential rollback scenarios.
A PAN-OS upgrade resets all scheduler configurations for content updates.
A PAN-OS upgrade resets all scheduler configurations for content updates.
Panorama can only download one content update at a time for content updates of the same type.
Panorama can only download one content update at a time for content updates of the same type.
Suggested answer: D
Explanation:

Reference: https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/manage-licensesand-updates/deploy-updates-to-firewalls-log-collectors-and-wildfire-appliances-usingpanorama/schedule-a-content-update-using-panorama.html

asked 23/09/2024
Liusel Herrera Garcia
49 questions

Question 162

Report Export Collapse

During the packet flow process, which two processes are performed in application identification?

(Choose two.)

pattern based application identification
pattern based application identification
application override policy match
application override policy match
session application identified
session application identified
application changed from content inspection
application changed from content inspection
Suggested answer: A, B
Explanation:

Reference: http://live.paloaltonetworks.com//t5/image/serverpage/imageid/12862i950F549C7D4E6309

asked 23/09/2024
Jonathan Steeman
37 questions

Question 163

Report Export Collapse

Refer to the exhibit. A web server in the DMZ is being mapped to a public address through DNAT.

Palo Alto Networks PCNSA image Question 163 53978 09232024001155000000

Palo Alto Networks PCNSA image Question 163 53978 09232024001155000000

Which Security policy rule will allow traffic to flow to the web server?

Untrust (any) to DMZ (10.1.1.100), web browsing -Allow
Untrust (any) to DMZ (10.1.1.100), web browsing -Allow
Untrust (any) to Untrust (1.1.1.100), web browsing - Allow
Untrust (any) to Untrust (1.1.1.100), web browsing - Allow
Untrust (any) to Untrust (10.1.1.100), web browsing -Allow
Untrust (any) to Untrust (10.1.1.100), web browsing -Allow
Untrust (any) to DMZ (1.1.1.100), web browsing - Allow
Untrust (any) to DMZ (1.1.1.100), web browsing - Allow
Suggested answer: D
Explanation:

Reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/networking/nat/natconfiguration-examples/destination-nat-exampleone-to-one-mapping

asked 23/09/2024
christopher patrick
33 questions

Question 164

Report Export Collapse

What does an administrator use to validate whether a session is matching an expected NAT policy?

system log
system log
test command
test command
threat log
threat log
config audit
config audit
Suggested answer: B
Explanation:

Reference:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClQSCA0

asked 23/09/2024
Friedrich Spies
32 questions

Question 165

Report Export Collapse

What is the purpose of the automated commit recovery feature?

It reverts the Panorama configuration.
It reverts the Panorama configuration.
It causes HA synchronization to occur automatically between the HA peers after a push from Panorama.
It causes HA synchronization to occur automatically between the HA peers after a push from Panorama.
It reverts the firewall configuration if the firewall recognizes a loss of connectivity to Panorama after the change.
It reverts the firewall configuration if the firewall recognizes a loss of connectivity to Panorama after the change.
It generates a config log after the Panorama configuration successfully reverts to the last running configuration.
It generates a config log after the Panorama configuration successfully reverts to the last running configuration.
Suggested answer: C
Explanation:

Reference: https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/administerpanorama/enable-automated-commit-recovery.html

asked 23/09/2024
Igor Vasiliev
50 questions

Question 166

Report Export Collapse

According to the best practices for mission critical devices, what is the recommended interval for antivirus updates?

by minute
by minute
hourly
hourly
daily
daily
weekly
weekly
Suggested answer: C
Explanation:

Reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/threat-prevention/bestpractices-for-content-and-threat-content-updates/best-practices-mission-critical.html

asked 23/09/2024
Noor Amy
44 questions

Question 167

Report Export Collapse

Which Security policy match condition would an administrator use to block traffic from IP addresses on the Palo Alto Networks EDL of Known Malicious IP Addresses list?

destination address
destination address
source address
source address
destination zone
destination zone
source zone
source zone
Suggested answer: B
Explanation:

Reference: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/policy/use-an-externaldynamic-list-in-policy/external-dynamic-list.html

asked 23/09/2024
Joe Moore
45 questions

Question 168

Report Export Collapse

URL categories can be used as match criteria on which two policy types? (Choose two.)

authentication
authentication
decryption
decryption
application override
application override
NAT
NAT
Suggested answer: A, B
Explanation:

Reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/url-filtering/url-filteringconcepts/url-category-as-policy-match-criteria.html

asked 23/09/2024
William Kerr
44 questions

Question 169

Report Export Collapse

Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)

Palo Alto Networks PCNSA image Question 169 53984 09232024001155000000

The web session was unsuccessfully decrypted.
The web session was unsuccessfully decrypted.
The traffic was denied by security profile.
The traffic was denied by security profile.
The traffic was denied by URL filtering.
The traffic was denied by URL filtering.
The web session was decrypted.
The web session was decrypted.
Suggested answer: C, D
asked 23/09/2024
Jarrell John Garcia
46 questions

Question 170

Report Export Collapse

Refer to the exhibit. An administrator is using DNAT to map two servers to a single public IP address.

Traffic will be steered to the specific server based on the application, where Host A (10.1.1.100) receives HTTP traffic and Host B (10.1.1.101) receives SSH traffic.

Palo Alto Networks PCNSA image Question 170 53985 09232024001155000000

Which two Security policy rules will accomplish this configuration? (Choose two.)

Untrust (Any) to DMZ (1.1.1.100), ssh - Allow
Untrust (Any) to DMZ (1.1.1.100), ssh - Allow
Untrust (Any) to Untrust (10.1.1.1), web-browsing -Allow
Untrust (Any) to Untrust (10.1.1.1), web-browsing -Allow
Untrust (Any) to Untrust (10.1.1.1), ssh -Allow
Untrust (Any) to Untrust (10.1.1.1), ssh -Allow
Untrust (Any)to DMZ (10.1.1.100. 10.1.1.101), ssh, web-browsing-Allow
Untrust (Any)to DMZ (10.1.1.100. 10.1.1.101), ssh, web-browsing-Allow
Untrust (Any) to DMZ (1.1.1.100), web-browsing - Allow
Untrust (Any) to DMZ (1.1.1.100), web-browsing - Allow
Suggested answer: A, E
asked 23/09/2024
Muath Ahmed Saleh AlShuwaer
43 questions
Total 362 questions
Go to page: of 37
Open VPLUS File
Convert VPLUS to PDF

Related questions

An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_base. On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days. Based on the information, how is the SuperApp traffic affected after the 30 days have passed?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which firewall plane provides configuration, logging, and reporting functions on a separate processor?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which order of steps is the correct way to create a static route?
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)