ExamGecko
Login
Home / Palo Alto Networks / PCNSA / List of questions
Ask Question

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 18

List of questions

Question 171

Report Export Collapse

Starting with PAN-OS version 9.1, application dependency information is now reported in which two locations? (Choose two.)

on the App Dependency tab in the Commit Status window
on the App Dependency tab in the Commit Status window
on the Policy Optimizer's Rule Usage page
on the Policy Optimizer's Rule Usage page
on the Application tab in the Security Policy Rule creation window
on the Application tab in the Security Policy Rule creation window
on the Objects > Applications browser pages
on the Objects > Applications browser pages
Suggested answer: A, C
Explanation:

Reference: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/app-id/use-applicationobjects-in-policy/resolve-application-dependencies.html

asked 23/09/2024
Amol Wani
48 questions

Question 172

Report Export Collapse

What action will inform end users when their access to Internet content is being restricted?

Create a custom 'URL Category' object with notifications enabled.
Create a custom 'URL Category' object with notifications enabled.
Publish monitoring data for Security policy deny logs.
Publish monitoring data for Security policy deny logs.
Ensure that the 'site access" setting for all URL sites is set to 'alert'.
Ensure that the 'site access" setting for all URL sites is set to 'alert'.
Enable 'Response Pages' on the interface providing Internet access.
Enable 'Response Pages' on the interface providing Internet access.
Suggested answer: D
Explanation:

Reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interfacehelp/device/device-response-pages.html

asked 23/09/2024
thanh nguyen
46 questions

Question 173

Report Export Collapse

What is a recommended consideration when deploying content updates to the firewall from Panorama?

Before deploying content updates, always check content release version compatibility.
Before deploying content updates, always check content release version compatibility.
Content updates for firewall A/P HA pairs can only be pushed to the active firewall.
Content updates for firewall A/P HA pairs can only be pushed to the active firewall.
Content updates for firewall A/A HA pairs need a defined master device.
Content updates for firewall A/A HA pairs need a defined master device.
After deploying content updates, perform a commit and push to Panorama.
After deploying content updates, perform a commit and push to Panorama.
Suggested answer: D
Explanation:

Reference: https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/manage-licensesand-updates/deploy-updates-to-firewalls-log-collectors-and-wildfire-appliances-usingpanorama/schedule-a-content-update-using-panorama.html

asked 23/09/2024
Jason Evans
50 questions

Question 174

Report Export Collapse

Which information is included in device state other than the local configuration?

uncommitted changes
uncommitted changes
audit logs to provide information of administrative account changes
audit logs to provide information of administrative account changes
system logs to provide information of PAN-OS changes
system logs to provide information of PAN-OS changes
device group and template settings pushed from Panorama
device group and template settings pushed from Panorama
Suggested answer: D
Explanation:

Reference: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interfacehelp/device/device-setup-operations.html

asked 23/09/2024
Bamidele Ariwodola
42 questions

Question 175

Report Export Collapse

Based on the graphic, what is the purpose of the SSL/TLS Service profile configuration option?

Palo Alto Networks PCNSA image Question 175 53990 09232024001155000000

It defines the SSUTLS encryption strength used to protect the management interface.
It defines the SSUTLS encryption strength used to protect the management interface.
It defines the CA certificate used to verify the client's browser.
It defines the CA certificate used to verify the client's browser.
It defines the certificate to send to the client's browser from the management interface.
It defines the certificate to send to the client's browser from the management interface.
It defines the firewall's global SSL/TLS timeout values.
It defines the firewall's global SSL/TLS timeout values.
Suggested answer: C
Explanation:

Reference:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFGCA0

asked 23/09/2024
Christophe RUIZ
38 questions

Question 176

Report Export Collapse

An administrator is troubleshooting an issue with traffic that matches the intrazone-default rule, which is set to default configuration.

What should the administrator do?

change the logging action on the rule
change the logging action on the rule
review the System Log
review the System Log
refresh the Traffic Log
refresh the Traffic Log
tune your Traffic Log filter to include the dates
tune your Traffic Log filter to include the dates
Suggested answer: A
asked 23/09/2024
David Miller
34 questions

Question 177

Report Export Collapse

When is the content inspection performed in the packet flow process?

after the application has been identified
after the application has been identified
after the SSL Proxy re-encrypts the packet
after the SSL Proxy re-encrypts the packet
before the packet forwarding process
before the packet forwarding process
before session lookup
before session lookup
Suggested answer: A
Explanation:

Reference:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVHCA0

asked 23/09/2024
Robinson Santos
42 questions

Question 178

Report Export Collapse

During the App-ID update process, what should you click on to confirm whether an existing policy rule is affected by an App-ID update?

check now
check now
review policies
review policies
test policy match
test policy match
download
download
Suggested answer: B
Explanation:

Reference: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/app-id/manage-new-appids-introduced-in-content-releases/review-new-app-id-impact-on-existing-policy-rules

asked 23/09/2024
Chia Yung Hee
41 questions

Question 179

Report Export Collapse

When creating a custom URL category object, which is a valid type?

domain match
domain match
host names
host names
wildcard
wildcard
category match
category match
Suggested answer: D
Explanation:

Reference: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-web-interfacehelp/objects/objects-custom-objects-url-category.html

asked 23/09/2024
Justin Schowalter
40 questions

Question 180

Report Export Collapse

When HTTPS for management and GlobalProtect are enabled on the same interface, which TCP portis used for management access?

80
80
8443
8443
4443
4443
443
443
Suggested answer: C
Explanation:

Reference:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm8SCAS#:~:text=Details,using%20https%20on%20port%204443

asked 23/09/2024
Aung Nyi Nyi Win
32 questions
Total 362 questions
Go to page: of 37
Open VPLUS File
Convert VPLUS to PDF

Related questions

An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_base. On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days. Based on the information, how is the SuperApp traffic affected after the 30 days have passed?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which firewall plane provides configuration, logging, and reporting functions on a separate processor?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which order of steps is the correct way to create a static route?
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)