ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSA

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 24

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which statement is true about Panorama managed devices?
Which order of steps is the correct way to create a static route?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)
An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?

Question 231

Report
Export
Collapse

What does an application filter help you to do?

A.
It dynamically provides application statistics based on network, threat, and blocked activity,
A.
It dynamically provides application statistics based on network, threat, and blocked activity,
Answers
B.
It dynamically filters applications based on critical, high, medium, low. or informational severity.
B.
It dynamically filters applications based on critical, high, medium, low. or informational severity.
Answers
C.
It dynamically groups applications based on application attributes such as category and subcategory.
C.
It dynamically groups applications based on application attributes such as category and subcategory.
Answers
D.
It dynamically shapes defined application traffic based on active sessions and bandwidth usage.
D.
It dynamically shapes defined application traffic based on active sessions and bandwidth usage.
Answers
Suggested answer: C

Question 232

Report
Export
Collapse

Prior to a maintenance-window activity, the administrator would like to make a backup of only the running configuration to an external location. What command in Device > Setup > Operations would provide the most operationally efficient way to achieve this outcome?

A.
save named configuration snapshot
A.
save named configuration snapshot
Answers
B.
export device state
B.
export device state
Answers
C.
export named configuration snapshot
C.
export named configuration snapshot
Answers
D.
save candidate config
D.
save candidate config
Answers
Suggested answer: A

Question 233

Report
Export
Collapse

Your company is highly concerned with their Intellectual property being accessed by unauthorized resources. There is a mature process to store and include metadata tags for all confidential documents.

Which Security profile can further ensure that these documents do not exit the corporate network?

A.
File Blocking
A.
File Blocking
Answers
B.
Data Filtering
B.
Data Filtering
Answers
C.
Anti-Spyware
C.
Anti-Spyware
Answers
D.
URL Filtering
D.
URL Filtering
Answers
Suggested answer: B

Question 234

Report
Export
Collapse

An administrator wants to create a No-NAT rule to exempt a flow from the default NAT rule. What is the best way to do this?

A.
Create a Security policy rule to allow the traffic.
A.
Create a Security policy rule to allow the traffic.
Answers
B.
Create a new NAT rule with the correct parameters and leave the translation type as None
B.
Create a new NAT rule with the correct parameters and leave the translation type as None
Answers
C.
Create a static NAT rule with an application override.
C.
Create a static NAT rule with an application override.
Answers
D.
Create a static NAT rule translating to the destination interface.
D.
Create a static NAT rule translating to the destination interface.
Answers
Suggested answer: B

Question 235

Report
Export
Collapse

When creating a Panorama administrator type of Device Group and Template Admin, which two things must you create first? (Choose two.)

A.
password profile
A.
password profile
Answers
B.
access domain
B.
access domain
Answers
C.
admin rote
C.
admin rote
Answers
D.
server profile
D.
server profile
Answers
Suggested answer: C, D

Question 236

Report
Export
Collapse

An administrator is troubleshooting traffic that should match the interzone-default rule. However, the administrator doesn't see this traffic in the traffic logs on the firewall. The interzone-default was never changed from its default configuration.

Why doesn't the administrator see the traffic?

A.
Traffic is being denied on the interzone-default policy.
A.
Traffic is being denied on the interzone-default policy.
Answers
B.
The Log Forwarding profile is not configured on the policy.
B.
The Log Forwarding profile is not configured on the policy.
Answers
C.
The interzone-default policy is disabled by default
C.
The interzone-default policy is disabled by default
Answers
D.
Logging on the interzone-default policy is disabled
D.
Logging on the interzone-default policy is disabled
Answers
Suggested answer: D

Question 237

Report
Export
Collapse

An administrator is configuring a NAT rule

At a minimum, which three forms of information are required? (Choose three.)

A.
name
A.
name
Answers
B.
source zone
B.
source zone
Answers
C.
destination interface
C.
destination interface
Answers
D.
destination address
D.
destination address
Answers
E.
destination zone
E.
destination zone
Answers
Suggested answer: B, D, E

Question 238

Report
Export
Collapse

Which type of address object is www.paloaltonetworks.com?

A.
IP range
A.
IP range
Answers
B.
IP netmask
B.
IP netmask
Answers
C.
named address
C.
named address
Answers
D.
FQDN
D.
FQDN
Answers
Suggested answer: D

Question 239

Report
Export
Collapse

What are three characteristics of the Palo Alto Networks DNS Security service? (Choose three.)

A.
It uses techniques such as DGA.DNS tunneling detection and machine learning.
A.
It uses techniques such as DGA.DNS tunneling detection and machine learning.
Answers
B.
It requires a valid Threat Prevention license.
B.
It requires a valid Threat Prevention license.
Answers
C.
It enables users to access real-time protections using advanced predictive analytics.
C.
It enables users to access real-time protections using advanced predictive analytics.
Answers
D.
It requires a valid URL Filtering license.
D.
It requires a valid URL Filtering license.
Answers
E.
It requires an active subscription to a third-party DNS Security service.
E.
It requires an active subscription to a third-party DNS Security service.
Answers
Suggested answer: A, B, C

Question 240

Report
Export
Collapse

What are the requirements for using Palo Alto Networks EDL Hosting Sen/ice?

A.
any supported Palo Alto Networks firewall or Prisma Access firewall
A.
any supported Palo Alto Networks firewall or Prisma Access firewall
Answers
B.
an additional subscription free of charge
B.
an additional subscription free of charge
Answers
C.
a firewall device running with a minimum version of PAN-OS 10.1
C.
a firewall device running with a minimum version of PAN-OS 10.1
Answers
D.
an additional paid subscription
D.
an additional paid subscription
Answers
Suggested answer: A
Total 362 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms