ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSA

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 2

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which order of steps is the correct way to create a static route?
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)
An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
Which statement is true about Panorama managed devices?
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)
Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)

Question 11

Report
Export
Collapse

Which statement is true regarding a Best Practice Assessment?

A.
The BPA tool can be run only on firewalls
A.
The BPA tool can be run only on firewalls
Answers
B.
It provides a percentage of adoption for each assessment data
B.
It provides a percentage of adoption for each assessment data
Answers
C.
The assessment, guided by an experienced sales engineer, helps determine the areas of greatest risk where you should focus prevention activities
C.
The assessment, guided by an experienced sales engineer, helps determine the areas of greatest risk where you should focus prevention activities
Answers
D.
It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture
D.
It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture
Answers
Suggested answer: C

Question 12

Report
Export
Collapse

The firewall sends employees an application block page when they try to access Youtube.

Which Security policy rule is blocking the youtube application?

A.
intrazone-default
A.
intrazone-default
Answers
B.
Deny Google
B.
Deny Google
Answers
C.
allowed-security services
C.
allowed-security services
Answers
D.
interzone-default
D.
interzone-default
Answers
Suggested answer: D

Question 13

Report
Export
Collapse

Complete the statement. A security profile can block or allow traffic____________

A.
on unknown-tcp or unknown-udp traffic
A.
on unknown-tcp or unknown-udp traffic
Answers
B.
after it is matched by a security policy that allows traffic
B.
after it is matched by a security policy that allows traffic
Answers
C.
before it is matched by a security policy
C.
before it is matched by a security policy
Answers
D.
after it is matched by a security policy that allows or blocks traffic
D.
after it is matched by a security policy that allows or blocks traffic
Answers
Suggested answer: B

Explanation:

Security profiles are objects added to policy rules that are configured with an action of allow.

Question 14

Report
Export
Collapse

When creating a Source NAT policy, which entry in the Translated Packet tab will display the options Dynamic IP and Port, Dynamic, Static IP, and None?

A.
Translation Type
A.
Translation Type
Answers
B.
Interface
B.
Interface
Answers
C.
Address Type
C.
Address Type
Answers
D.
IP Address
D.
IP Address
Answers
Suggested answer: A

Question 15

Report
Export
Collapse

Which interface does not require a MAC or IP address?

A.
Virtual Wire
A.
Virtual Wire
Answers
B.
Layer3
B.
Layer3
Answers
C.
Layer2
C.
Layer2
Answers
D.
Loopback
D.
Loopback
Answers
Suggested answer: A

Question 16

Report
Export
Collapse

A company moved its old port-based firewall to a new Palo Alto Networks NGFW 60 days ago. Which utility should the company use to identify out-of-date or unused rules on the firewall?

A.
Rule Usage Filter > No App Specified
A.
Rule Usage Filter > No App Specified
Answers
B.
Rule Usage Filter >Hit Count > Unused in 30 days
B.
Rule Usage Filter >Hit Count > Unused in 30 days
Answers
C.
Rule Usage Filter > Unused Apps
C.
Rule Usage Filter > Unused Apps
Answers
D.
Rule Usage Filter > Hit Count > Unused in 90 days
D.
Rule Usage Filter > Hit Count > Unused in 90 days
Answers
Suggested answer: D

Question 17

Report
Export
Collapse

What are two differences between an implicit dependency and an explicit dependency in App-ID?

(Choose two.)

A.
An implicit dependency does not require the dependent application to be added in the security policy
A.
An implicit dependency does not require the dependent application to be added in the security policy
Answers
B.
An implicit dependency requires the dependent application to be added in the security policy
B.
An implicit dependency requires the dependent application to be added in the security policy
Answers
C.
An explicit dependency does not require the dependent application to be added in the security policy
C.
An explicit dependency does not require the dependent application to be added in the security policy
Answers
D.
An explicit dependency requires the dependent application to be added in the security policy
D.
An explicit dependency requires the dependent application to be added in the security policy
Answers
Suggested answer: A, D

Question 18

Report
Export
Collapse

Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping.

What is the quickest way to reset the hit counter to zero in all the security policy rules?

A.
At the CLI enter the command reset rules and press Enter
A.
At the CLI enter the command reset rules and press Enter
Answers
B.
Highlight a rule and use the Reset Rule Hit Counter > Selected Rules for each rule
B.
Highlight a rule and use the Reset Rule Hit Counter > Selected Rules for each rule
Answers
C.
Reboot the firewall
C.
Reboot the firewall
Answers
D.
Use the Reset Rule Hit Counter > All Rules option
D.
Use the Reset Rule Hit Counter > All Rules option
Answers
Suggested answer: D

Explanation:

References:

Question 19

Report
Export
Collapse

Which two App-ID applications will need to be allowed to use Facebook-chat? (Choose two.)

A.
facebook
A.
facebook
Answers
B.
facebook-chat
B.
facebook-chat
Answers
C.
facebook-base
C.
facebook-base
Answers
D.
facebook-email
D.
facebook-email
Answers
Suggested answer: B, C

Question 20

Report
Export
Collapse

Which User-ID agent would be appropriate in a network with multiple WAN links, limited network bandwidth, and limited firewall management plane resources?

A.
Windows-based agent deployed on the internal network
A.
Windows-based agent deployed on the internal network
Answers
B.
PAN-OS integrated agent deployed on the internal network
B.
PAN-OS integrated agent deployed on the internal network
Answers
C.
Citrix terminal server deployed on the internal network
C.
Citrix terminal server deployed on the internal network
Answers
D.
Windows-based agent deployed on each of the WAN Links
D.
Windows-based agent deployed on each of the WAN Links
Answers
Suggested answer: A

Explanation:

Another reason to choose the Windows agent over the integrated PAN-OS agent is to save processing cycles on the firewall's management plane.

Total 362 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms