ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSA

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 19

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which statement is true about Panorama managed devices?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)
Which order of steps is the correct way to create a static route?
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)
An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?
Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)

Question 181

Report
Export
Collapse

What two authentication methods on the Palo Alto Networks firewalls support authentication and authorization for role-based access control? (Choose two.)

A.
SAML
A.
SAML
Answers
B.
TACACS+
B.
TACACS+
Answers
C.
LDAP
C.
LDAP
Answers
D.
Kerberos
D.
Kerberos
Answers
Suggested answer: A, B

Explanation:

Reference: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/firewalladministration/manage-firewall-administrators/administrative-authentication.html

Question 182

Report
Export
Collapse

Choose the option that correctly completes this statement. A Security Profile can block or allow traffic ____________.

A.
on either the data place or the management plane.
A.
on either the data place or the management plane.
Answers
B.
after it is matched by a security policy rule that allows traffic.
B.
after it is matched by a security policy rule that allows traffic.
Answers
C.
before it is matched to a Security policy rule.
C.
before it is matched to a Security policy rule.
Answers
D.
after it is matched by a security policy rule that allows or blocks traffic.
D.
after it is matched by a security policy rule that allows or blocks traffic.
Answers
Suggested answer: B

Explanation:

Reference:

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/policy/security-policy.html

Question 183

Report
Export
Collapse

Given the topology, which zone type should you configure for firewall interface E1/1?

A.
Tap
A.
Tap
Answers
B.
Tunnel
B.
Tunnel
Answers
C.
Virtual Wire
C.
Virtual Wire
Answers
D.
Layer3
D.
Layer3
Answers
Suggested answer: A

Question 184

Report
Export
Collapse

Which two features can be used to tag a username so that it is included in a dynamic user group?

(Choose two.)

A.
GlobalProtect agent
A.
GlobalProtect agent
Answers
B.
XML API
B.
XML API
Answers
C.
User-ID Windows-based agent
C.
User-ID Windows-based agent
Answers
D.
log forwarding auto-tagging
D.
log forwarding auto-tagging
Answers
Suggested answer: B, C

Question 185

Report
Export
Collapse

For the firewall to use Active Directory to authenticate users, which Server Profile is required in the Authentication Profile?

A.
TACACS+
A.
TACACS+
Answers
B.
RADIUS
B.
RADIUS
Answers
C.
LDAP
C.
LDAP
Answers
D.
SAML
D.
SAML
Answers
Suggested answer: C

Explanation:

Reference:

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/authentication/configure-anauthenticationprofile-and-sequence

Question 186

Report
Export
Collapse

Which type of security policy rule will match traffic that flows between the Outside zone and inside zone, but would not match traffic that flows within the zones?

A.
global
A.
global
Answers
B.
intrazone
B.
intrazone
Answers
C.
interzone
C.
interzone
Answers
D.
universal
D.
universal
Answers
Suggested answer: C

Explanation:

Reference:

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/software-and-contentupdates/dynamiccontentupdates.html#:~:text=WildFire%20signature%20updates%20are%20made,within%20a%20minute%20of%20availability

Question 187

Report
Export
Collapse

Which license is required to use the Palo Alto Networks built-in IP address EDLs?

A.
DNS Security
A.
DNS Security
Answers
B.
Threat Prevention
B.
Threat Prevention
Answers
C.
WildFire
C.
WildFire
Answers
D.
SD-Wan
D.
SD-Wan
Answers
Suggested answer: B

Explanation:

Reference:

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/policy/use-an-external-dynamic-listin-policy/builtin-edls.html#:~:text=With%20an%

Question 188

Report
Export
Collapse

Which component is a building block in a Security policy rule?

A.
decryption profile
A.
decryption profile
Answers
B.
destination interface
B.
destination interface
Answers
C.
timeout (min)
C.
timeout (min)
Answers
D.
application
D.
application
Answers
Suggested answer: D

Explanation:

Reference:

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-web-interface-help/policies/policiessecurity/buildingblocks-in-a-security-policy-rule.html

Question 189

Report
Export
Collapse

An administrator would like to use App-ID's deny action for an application and would like that action updated with dynamic updates as new content becomes available.

Which security policy action causes this?

A.
Reset server
A.
Reset server
Answers
B.
Reset both
B.
Reset both
Answers
C.
Deny
C.
Deny
Answers
D.
Drop
D.
Drop
Answers
Suggested answer: C

Explanation:

Reference:

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall-administration/manageconfigurationbackups/revert-firewall-configuration- changes.html

Question 190

Report
Export
Collapse

Which DNS Query action is recommended for traffic that is allowed by Security policy and matches Palo Alto Networks Content DNS Signatures?

A.
block
A.
block
Answers
B.
sinkhole
B.
sinkhole
Answers
C.
alert
C.
alert
Answers
D.
allow
D.
allow
Answers
Suggested answer: B

Explanation:

To enable DNS sinkholing for domain queries using DNS security, you must activate your DNS Security subscription, create (or modify) an Anti-Spyware policy to reference the DNS Security service, configure the log severity and policy settings for each DNS signature category, and then attach the profile to a security policy rule.

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/threat-prevention/dnssecurity/enable-dns-security

Total 362 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms