ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSA

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 18

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which statement is true about Panorama managed devices?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)
Which order of steps is the correct way to create a static route?
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)
An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?
Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)

Question 171

Report
Export
Collapse

Starting with PAN-OS version 9.1, application dependency information is now reported in which two locations? (Choose two.)

A.
on the App Dependency tab in the Commit Status window
A.
on the App Dependency tab in the Commit Status window
Answers
B.
on the Policy Optimizer's Rule Usage page
B.
on the Policy Optimizer's Rule Usage page
Answers
C.
on the Application tab in the Security Policy Rule creation window
C.
on the Application tab in the Security Policy Rule creation window
Answers
D.
on the Objects > Applications browser pages
D.
on the Objects > Applications browser pages
Answers
Suggested answer: A, C

Explanation:

Reference: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/app-id/use-applicationobjects-in-policy/resolve-application-dependencies.html

Question 172

Report
Export
Collapse

What action will inform end users when their access to Internet content is being restricted?

A.
Create a custom 'URL Category' object with notifications enabled.
A.
Create a custom 'URL Category' object with notifications enabled.
Answers
B.
Publish monitoring data for Security policy deny logs.
B.
Publish monitoring data for Security policy deny logs.
Answers
C.
Ensure that the 'site access" setting for all URL sites is set to 'alert'.
C.
Ensure that the 'site access" setting for all URL sites is set to 'alert'.
Answers
D.
Enable 'Response Pages' on the interface providing Internet access.
D.
Enable 'Response Pages' on the interface providing Internet access.
Answers
Suggested answer: D

Explanation:

Reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interfacehelp/device/device-response-pages.html

Question 173

Report
Export
Collapse

What is a recommended consideration when deploying content updates to the firewall from Panorama?

A.
Before deploying content updates, always check content release version compatibility.
A.
Before deploying content updates, always check content release version compatibility.
Answers
B.
Content updates for firewall A/P HA pairs can only be pushed to the active firewall.
B.
Content updates for firewall A/P HA pairs can only be pushed to the active firewall.
Answers
C.
Content updates for firewall A/A HA pairs need a defined master device.
C.
Content updates for firewall A/A HA pairs need a defined master device.
Answers
D.
After deploying content updates, perform a commit and push to Panorama.
D.
After deploying content updates, perform a commit and push to Panorama.
Answers
Suggested answer: D

Explanation:

Reference: https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/manage-licensesand-updates/deploy-updates-to-firewalls-log-collectors-and-wildfire-appliances-usingpanorama/schedule-a-content-update-using-panorama.html

Question 174

Report
Export
Collapse

Which information is included in device state other than the local configuration?

A.
uncommitted changes
A.
uncommitted changes
Answers
B.
audit logs to provide information of administrative account changes
B.
audit logs to provide information of administrative account changes
Answers
C.
system logs to provide information of PAN-OS changes
C.
system logs to provide information of PAN-OS changes
Answers
D.
device group and template settings pushed from Panorama
D.
device group and template settings pushed from Panorama
Answers
Suggested answer: D

Explanation:

Reference: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interfacehelp/device/device-setup-operations.html

Question 175

Report
Export
Collapse

Based on the graphic, what is the purpose of the SSL/TLS Service profile configuration option?

A.
It defines the SSUTLS encryption strength used to protect the management interface.
A.
It defines the SSUTLS encryption strength used to protect the management interface.
Answers
B.
It defines the CA certificate used to verify the client's browser.
B.
It defines the CA certificate used to verify the client's browser.
Answers
C.
It defines the certificate to send to the client's browser from the management interface.
C.
It defines the certificate to send to the client's browser from the management interface.
Answers
D.
It defines the firewall's global SSL/TLS timeout values.
D.
It defines the firewall's global SSL/TLS timeout values.
Answers
Suggested answer: C

Explanation:

Reference:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFGCA0

Question 176

Report
Export
Collapse

An administrator is troubleshooting an issue with traffic that matches the intrazone-default rule, which is set to default configuration.

What should the administrator do?

A.
change the logging action on the rule
A.
change the logging action on the rule
Answers
B.
review the System Log
B.
review the System Log
Answers
C.
refresh the Traffic Log
C.
refresh the Traffic Log
Answers
D.
tune your Traffic Log filter to include the dates
D.
tune your Traffic Log filter to include the dates
Answers
Suggested answer: A

Question 177

Report
Export
Collapse

When is the content inspection performed in the packet flow process?

A.
after the application has been identified
A.
after the application has been identified
Answers
B.
after the SSL Proxy re-encrypts the packet
B.
after the SSL Proxy re-encrypts the packet
Answers
C.
before the packet forwarding process
C.
before the packet forwarding process
Answers
D.
before session lookup
D.
before session lookup
Answers
Suggested answer: A

Explanation:

Reference:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVHCA0

Question 178

Report
Export
Collapse

During the App-ID update process, what should you click on to confirm whether an existing policy rule is affected by an App-ID update?

A.
check now
A.
check now
Answers
B.
review policies
B.
review policies
Answers
C.
test policy match
C.
test policy match
Answers
D.
download
D.
download
Answers
Suggested answer: B

Explanation:

Reference: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/app-id/manage-new-appids-introduced-in-content-releases/review-new-app-id-impact-on-existing-policy-rules

Question 179

Report
Export
Collapse

When creating a custom URL category object, which is a valid type?

A.
domain match
A.
domain match
Answers
B.
host names
B.
host names
Answers
C.
wildcard
C.
wildcard
Answers
D.
category match
D.
category match
Answers
Suggested answer: D

Explanation:

Reference: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-web-interfacehelp/objects/objects-custom-objects-url-category.html

Question 180

Report
Export
Collapse

When HTTPS for management and GlobalProtect are enabled on the same interface, which TCP portis used for management access?

A.
80
A.
80
Answers
B.
8443
B.
8443
Answers
C.
4443
C.
4443
Answers
D.
443
D.
443
Answers
Suggested answer: C

Explanation:

Reference:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm8SCAS#:~:text=Details,using%20https%20on%20port%204443

Total 362 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms