ExamGecko
Login
Home / Palo Alto Networks / PCNSA / List of questions
Ask Question

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 2

Add to Whishlist

List of questions

Question 11

Report Export Collapse

Which statement is true regarding a Best Practice Assessment?

The BPA tool can be run only on firewalls
The BPA tool can be run only on firewalls
It provides a percentage of adoption for each assessment data
It provides a percentage of adoption for each assessment data
The assessment, guided by an experienced sales engineer, helps determine the areas of greatest risk where you should focus prevention activities
The assessment, guided by an experienced sales engineer, helps determine the areas of greatest risk where you should focus prevention activities
It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture
It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture
Suggested answer: C
asked 23/09/2024
Manuela Kays
39 questions

Question 12

Report Export Collapse

The firewall sends employees an application block page when they try to access Youtube.

Which Security policy rule is blocking the youtube application?

Palo Alto Networks PCNSA image Question 12 53827 09232024001155000000

intrazone-default
intrazone-default
Deny Google
Deny Google
allowed-security services
allowed-security services
interzone-default
interzone-default
Suggested answer: D
asked 23/09/2024
shylashri selvamani
50 questions

Question 13

Report Export Collapse

Complete the statement. A security profile can block or allow traffic____________

on unknown-tcp or unknown-udp traffic
on unknown-tcp or unknown-udp traffic
after it is matched by a security policy that allows traffic
after it is matched by a security policy that allows traffic
before it is matched by a security policy
before it is matched by a security policy
after it is matched by a security policy that allows or blocks traffic
after it is matched by a security policy that allows or blocks traffic
Suggested answer: B
Explanation:

Security profiles are objects added to policy rules that are configured with an action of allow.

asked 23/09/2024
james campbell
42 questions

Question 14

Report Export Collapse

When creating a Source NAT policy, which entry in the Translated Packet tab will display the options Dynamic IP and Port, Dynamic, Static IP, and None?

Palo Alto Networks PCNSA image Question 14 53829 09232024001155000000

Translation Type
Translation Type
Interface
Interface
Address Type
Address Type
IP Address
IP Address
Suggested answer: A
asked 23/09/2024
Velmurugan P
45 questions

Question 15

Report Export Collapse

Which interface does not require a MAC or IP address?

Virtual Wire
Virtual Wire
Layer3
Layer3
Layer2
Layer2
Loopback
Loopback
Suggested answer: A
asked 23/09/2024
Alexander Voronetsky
46 questions

Question 16

Report Export Collapse

A company moved its old port-based firewall to a new Palo Alto Networks NGFW 60 days ago. Which utility should the company use to identify out-of-date or unused rules on the firewall?

Rule Usage Filter > No App Specified
Rule Usage Filter > No App Specified
Rule Usage Filter >Hit Count > Unused in 30 days
Rule Usage Filter >Hit Count > Unused in 30 days
Rule Usage Filter > Unused Apps
Rule Usage Filter > Unused Apps
Rule Usage Filter > Hit Count > Unused in 90 days
Rule Usage Filter > Hit Count > Unused in 90 days
Suggested answer: D
asked 23/09/2024
Muhammad Gul
48 questions

Question 17

Report Export Collapse

What are two differences between an implicit dependency and an explicit dependency in App-ID?

(Choose two.)

An implicit dependency does not require the dependent application to be added in the security policy
An implicit dependency does not require the dependent application to be added in the security policy
An implicit dependency requires the dependent application to be added in the security policy
An implicit dependency requires the dependent application to be added in the security policy
An explicit dependency does not require the dependent application to be added in the security policy
An explicit dependency does not require the dependent application to be added in the security policy
An explicit dependency requires the dependent application to be added in the security policy
An explicit dependency requires the dependent application to be added in the security policy
Suggested answer: A, D
asked 23/09/2024
Maurizio Budicin
36 questions

Question 18

Report Export Collapse

Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping.

What is the quickest way to reset the hit counter to zero in all the security policy rules?

At the CLI enter the command reset rules and press Enter
At the CLI enter the command reset rules and press Enter
Highlight a rule and use the Reset Rule Hit Counter > Selected Rules for each rule
Highlight a rule and use the Reset Rule Hit Counter > Selected Rules for each rule
Reboot the firewall
Reboot the firewall
Use the Reset Rule Hit Counter > All Rules option
Use the Reset Rule Hit Counter > All Rules option
Suggested answer: D
Explanation:

References:

asked 23/09/2024
CHARLES ADAMA
39 questions

Question 19

Report Export Collapse

Which two App-ID applications will need to be allowed to use Facebook-chat? (Choose two.)

facebook
facebook
facebook-chat
facebook-chat
facebook-base
facebook-base
facebook-email
facebook-email
Suggested answer: B, C
asked 23/09/2024
Vadym Popov
43 questions

Question 20

Report Export Collapse

Which User-ID agent would be appropriate in a network with multiple WAN links, limited network bandwidth, and limited firewall management plane resources?

Windows-based agent deployed on the internal network
Windows-based agent deployed on the internal network
PAN-OS integrated agent deployed on the internal network
PAN-OS integrated agent deployed on the internal network
Citrix terminal server deployed on the internal network
Citrix terminal server deployed on the internal network
Windows-based agent deployed on each of the WAN Links
Windows-based agent deployed on each of the WAN Links
Suggested answer: A
Explanation:

Another reason to choose the Windows agent over the integrated PAN-OS agent is to save processing cycles on the firewall's management plane.

asked 23/09/2024
Arjen Vleugel
50 questions
Total 362 questions
Go to page: of 37
Open VPLUS File
Convert VPLUS to PDF

Related questions

An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_base. On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days. Based on the information, how is the SuperApp traffic affected after the 30 days have passed?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which firewall plane provides configuration, logging, and reporting functions on a separate processor?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which order of steps is the correct way to create a static route?
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)