ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSA

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 23

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which statement is true about Panorama managed devices?
Which order of steps is the correct way to create a static route?
An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)
Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?

Question 221

Report
Export
Collapse

Which statement is true regarding NAT rules?

A.
Static NAT rules have precedence over other forms of NAT.
A.
Static NAT rules have precedence over other forms of NAT.
Answers
B.
Translation of the IP address and port occurs before security processing.
B.
Translation of the IP address and port occurs before security processing.
Answers
C.
NAT rules are processed in order from top to bottom.
C.
NAT rules are processed in order from top to bottom.
Answers
D.
Firewall supports NAT on Layer 3 interfaces only.
D.
Firewall supports NAT on Layer 3 interfaces only.
Answers
Suggested answer: C

Explanation:

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/networking/nat/nat-policy-rules/nat-policy-overview

Question 222

Report
Export
Collapse

After making multiple changes to the candidate configuration of a firewall, the administrator would like to start over with a candidate configuration that matches the running configuration.

Which command in Device > Setup > Operations would provide the most operationally efficient way to accomplish this?

A.
Import named config snapshot
A.
Import named config snapshot
Answers
B.
Load named configuration snapshot
B.
Load named configuration snapshot
Answers
C.
Revert to running configuration
C.
Revert to running configuration
Answers
D.
Revert to last saved configuration
D.
Revert to last saved configuration
Answers
Suggested answer: C

Question 223

Report
Export
Collapse

An administrator is reviewing the Security policy rules shown in the screenshot below.

Which statement is correct about the information displayed?

A.
Eleven rules use the "Infrastructure* tag.
A.
Eleven rules use the "Infrastructure* tag.
Answers
B.
The view Rulebase as Groups is checked.
B.
The view Rulebase as Groups is checked.
Answers
C.
There are seven Security policy rules on this firewall.
C.
There are seven Security policy rules on this firewall.
Answers
D.
Highlight Unused Rules is checked.
D.
Highlight Unused Rules is checked.
Answers
Suggested answer: B

Question 224

Report
Export
Collapse

What are the two default behaviors for the intrazone-default policy? (Choose two.)

A.
Allow
A.
Allow
Answers
B.
Logging disabled
B.
Logging disabled
Answers
C.
Log at Session End
C.
Log at Session End
Answers
D.
Deny
D.
Deny
Answers
Suggested answer: A, B

Question 225

Report
Export
Collapse

What are two valid selections within an Antivirus profile? (Choose two.)

A.
deny
A.
deny
Answers
B.
drop
B.
drop
Answers
C.
default
C.
default
Answers
D.
block-ip
D.
block-ip
Answers
Suggested answer: B, C

Question 226

Report
Export
Collapse

An administrator wants to create a NAT policy to allow multiple source IP addresses to be translated to the same public IP address. What is the most appropriate NAT policy to achieve this?

A.
Dynamic IP and Port
A.
Dynamic IP and Port
Answers
B.
Dynamic IP
B.
Dynamic IP
Answers
C.
Static IP
C.
Static IP
Answers
D.
Destination
D.
Destination
Answers
Suggested answer: A

Question 227

Report
Export
Collapse

Which action can be set in a URL Filtering Security profile to provide users temporary access to all websites in a given category using a provided password?

A.
exclude
A.
exclude
Answers
B.
continue
B.
continue
Answers
C.
hold
C.
hold
Answers
D.
override
D.
override
Answers
Suggested answer: D

Explanation:

The user will see a response page indicating that a password is required to allow access to websites inthe given category. With this option, the security administrator or help-desk person would provide apassword granting temporary access to all websites in the given category. A log entry is generated in theURL Filtering log. The Override webpage doesn't display properly on client systems configured to use aproxy server.

Question 228

Report
Export
Collapse

What is a function of application tags?

A.
creation of new zones
A.
creation of new zones
Answers
B.
application prioritization
B.
application prioritization
Answers
C.
automated referenced applications in a policy
C.
automated referenced applications in a policy
Answers
D.
IP address allocations in DHCP
D.
IP address allocations in DHCP
Answers
Suggested answer: C

Question 229

Report
Export
Collapse

What are three Palo Alto Networks best practices when implementing the DNS Security Service?

(Choose three.)

A.
Implement a threat intel program.
A.
Implement a threat intel program.
Answers
B.
Configure a URL Filtering profile.
B.
Configure a URL Filtering profile.
Answers
C.
Train your staff to be security aware.
C.
Train your staff to be security aware.
Answers
D.
Rely on a DNS resolver.
D.
Rely on a DNS resolver.
Answers
E.
Plan for mobile-employee risk
E.
Plan for mobile-employee risk
Answers
Suggested answer: A, B, D

Question 230

Report
Export
Collapse

An administrator is investigating a log entry for a session that is allowed and has the end reason of aged-out. Which two fields could help in determining if this is normal? (Choose two.)

A.
Packets sent/received
A.
Packets sent/received
Answers
B.
IP Protocol
B.
IP Protocol
Answers
C.
Action
C.
Action
Answers
D.
Decrypted
D.
Decrypted
Answers
Suggested answer: B, D
Total 362 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms