ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSA

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 21

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which statement is true about Panorama managed devices?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)
Which order of steps is the correct way to create a static route?
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)
An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?
Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)

Question 201

Report
Export
Collapse

You receive notification about a new malware that infects hosts An infection results in the infected host attempting to contact a command-and-control server Which Security Profile when applied to outbound Security policy rules detects and prevents this threat from establishing a command-andcontrol connection?

A.
Antivirus Profile
A.
Antivirus Profile
Answers
B.
Data Filtering Profile
B.
Data Filtering Profile
Answers
C.
Vulnerability Protection Profile
C.
Vulnerability Protection Profile
Answers
D.
Anti-Spyware Profile
D.
Anti-Spyware Profile
Answers
Suggested answer: D

Explanation:

Anti-Spyware Security Profiles block spyware on compromised hosts from trying to communicate with external command-and-control (C2) servers, thus enabling you to detect malicious traffic leaving the network from infected clients.

Question 202

Report
Export
Collapse

Which built-in IP address EDL would be useful for preventing traffic from IP addresses that are verified as unsafe based on WildFire analysis Unit 42 research and data gathered from telemetry?

A.
Palo Alto Networks C&C IP Addresses
A.
Palo Alto Networks C&C IP Addresses
Answers
B.
Palo Alto Networks Bulletproof IP Addresses
B.
Palo Alto Networks Bulletproof IP Addresses
Answers
C.
Palo Alto Networks High-Risk IP Addresses
C.
Palo Alto Networks High-Risk IP Addresses
Answers
D.
Palo Alto Networks Known Malicious IP Addresses
D.
Palo Alto Networks Known Malicious IP Addresses
Answers
Suggested answer: D

Explanation:

Palo Alto Networks Known Malicious IP Addresses

—Contains IP addresses that are verified malicious based on WildFire analysis, Unit 42 research, and data gathered from telemetry (Share Threat Intelligence with Palo Alto Networks). Attackers use these IP addresses almost exclusively to distribute malware, initiate command-and-control activity, and launch attacks.

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/use-an-external-dynamic-listin-policy/built-in-edls

Question 203

Report
Export
Collapse

The compliance officer requests that all evasive applications need to be blocked on all perimeter firewalls out to the internet The firewall is configured with two zones; 1. trust for internal networks 2. untrust to the internet Based on the capabilities of the Palo Alto Networks NGFW, what are two ways to configure a security policy using App-ID to comply with this request? (Choose two )

A.
Create a deny rule at the top of the policy from trust to untrust over any service and select evasive as the application
A.
Create a deny rule at the top of the policy from trust to untrust over any service and select evasive as the application
Answers
B.
Create a deny rule at the top of the policy from trust to untrust with service application-default and select evasive as the application.
B.
Create a deny rule at the top of the policy from trust to untrust with service application-default and select evasive as the application.
Answers
C.
Create a deny rule at the top of the policy from trust to untrust over any service and add an application filter with the evasive characteristic.
C.
Create a deny rule at the top of the policy from trust to untrust over any service and add an application filter with the evasive characteristic.
Answers
D.
Create a deny rule at the top of the policy from trust to untrust with service application-default and add an application filter with the evasive characteristic
D.
Create a deny rule at the top of the policy from trust to untrust with service application-default and add an application filter with the evasive characteristic
Answers
Suggested answer: A, D

Question 204

Report
Export
Collapse

What must be configured before setting up Credential Phishing Prevention?

A.
Anti Phishing Block Page
A.
Anti Phishing Block Page
Answers
B.
Threat Prevention
B.
Threat Prevention
Answers
C.
Anti Phishing profiles
C.
Anti Phishing profiles
Answers
D.
User-ID
D.
User-ID
Answers
Suggested answer: B

Explanation:

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/threat-prevention/preventcredential-phishing/set-up-credential-phishing-prevention

Question 205

Report
Export
Collapse

What allows a security administrator to preview the Security policy rules that match new application signatures?

A.
Review Release Notes
A.
Review Release Notes
Answers
B.
Dynamic Updates-Review Policies
B.
Dynamic Updates-Review Policies
Answers
C.
Dynamic Updates-Review App
C.
Dynamic Updates-Review App
Answers
D.
Policy Optimizer-New App Viewer
D.
Policy Optimizer-New App Viewer
Answers
Suggested answer: B

Explanation:

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/app-id/manage-new-app-idsintroduced-in-content-releases/review-new-app-id-impact-on-existing-policy-rules

Question 206

Report
Export
Collapse

Which statement best describes the use of Policy Optimizer?

A.
Policy Optimizer can display which Security policies have not been used in the last 90 days
A.
Policy Optimizer can display which Security policies have not been used in the last 90 days
Answers
B.
Policy Optimizer on a VM-50 firewall can display which Layer 7 App-ID Security policies have unused applications
B.
Policy Optimizer on a VM-50 firewall can display which Layer 7 App-ID Security policies have unused applications
Answers
C.
Policy Optimizer can add or change a Log Forwarding profile for each Secunty policy selected
C.
Policy Optimizer can add or change a Log Forwarding profile for each Secunty policy selected
Answers
D.
Policy Optimizer can be used on a schedule to automatically create a disabled Layer 7 App-ID Security policy for every Layer 4 policy that exists Admins can then manually enable policies they want to keep and delete ones they want to remove
D.
Policy Optimizer can be used on a schedule to automatically create a disabled Layer 7 App-ID Security policy for every Layer 4 policy that exists Admins can then manually enable policies they want to keep and delete ones they want to remove
Answers
Suggested answer: B

Question 207

Report
Export
Collapse

An address object of type IP Wildcard Mask can be referenced in which part of the configuration?

A.
Security policy rule
A.
Security policy rule
Answers
B.
ACC global filter
B.
ACC global filter
Answers
C.
external dynamic list
C.
external dynamic list
Answers
D.
NAT address pool
D.
NAT address pool
Answers
Suggested answer: A

Explanation:

You can use an address object of type IP Wildcard Mask only in a Security policy rule.

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-web-interface-help/objects/objectsaddressesIP Wildcard MaskóEnter an IP wildcard address in the format of an IPv4 address followed by a slash and a mask (which must begin with a zero); for example, 10.182.1.1/0.127.248.0. In the wildcard mask, a zero (0) bit indicates that the bit being compared must match the bit in the IP address that is covered by the 0. A one (1) bit in the mask is a wildcard bit, meaning the bit being compared need not match the bit in the IP address that is covered by the 1. Convert the IP address and the wildcard mask to binary. To illustrate the matching: on binary snippet 0011, a wildcard mask of 1010 results in four matches (0001, 0011, 1001, and 1011).

Question 208

Report
Export
Collapse

An administrator would like to determine the default deny action for the application dns-over-httpsWhich action would yield the information?

A.
View the application details in beacon paloaltonetworks.com
A.
View the application details in beacon paloaltonetworks.com
Answers
B.
Check the action for the Security policy matching that traffic
B.
Check the action for the Security policy matching that traffic
Answers
C.
Check the action for the decoder in the antivirus profile
C.
Check the action for the decoder in the antivirus profile
Answers
D.
View the application details in Objects > Applications
D.
View the application details in Objects > Applications
Answers
Suggested answer: C

Question 209

Report
Export
Collapse

An administrator needs to create a Security policy rule that matches DNS traffic within the LAN zone, and also needs to match DNS traffic within the DMZ zone The administrator does not want to allow traffic between the DMZ and LAN zones.

Which Security policy rule type should they use?

A.
default
A.
default
Answers
B.
universal
B.
universal
Answers
C.
intrazone
C.
intrazone
Answers
D.
interzone
D.
interzone
Answers
Suggested answer: C

Question 210

Report
Export
Collapse

DRAG DROP

Match the Palo Alto Networks Security Operating Platform architecture to its description.


Question 210
Correct answer: Question 210
Total 362 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms