ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSA

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 25

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which statement is true about Panorama managed devices?
Which order of steps is the correct way to create a static route?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)
An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?

Question 241

Report
Export
Collapse

An administrator would like to block access to a web server, while also preserving resources and minimizing half-open sockets. What are two security policy actions the administrator can select?

(Choose two.)

A.
Reset server
A.
Reset server
Answers
B.
Reset both
B.
Reset both
Answers
C.
Drop
C.
Drop
Answers
D.
Deny
D.
Deny
Answers
Suggested answer: A, C

Question 242

Report
Export
Collapse

An administrator would like to apply a more restrictive Security profile to traffic for file sharing applications. The administrator does not want to update the Security policy or object when new applications are released.

Which object should the administrator use as a match condition in the Security policy?

A.
the Content Delivery Networks URL category
A.
the Content Delivery Networks URL category
Answers
B.
the Online Storage and Backup URL category
B.
the Online Storage and Backup URL category
Answers
C.
an application group containing all of the file-sharing App-IDs reported in the traffic logs
C.
an application group containing all of the file-sharing App-IDs reported in the traffic logs
Answers
D.
an application filter for applications whose subcategory is file-sharing
D.
an application filter for applications whose subcategory is file-sharing
Answers
Suggested answer: D

Question 243

Report
Export
Collapse

A network administrator is required to use a dynamic routing protocol for network connectivity.

Which three dynamic routing protocols are supported by the NGFW Virtual Router for this purpose?

(Choose three.)

A.
RIP
A.
RIP
Answers
B.
OSPF
B.
OSPF
Answers
C.
IS-IS
C.
IS-IS
Answers
D.
EIGRP
D.
EIGRP
Answers
E.
BGP
E.
BGP
Answers
Suggested answer: A, B, E

Question 244

Report
Export
Collapse

Given the detailed log information above, what was the result of the firewall traffic inspection?

A.
It was blocked by the Vulnerability Protection profile action.
A.
It was blocked by the Vulnerability Protection profile action.
Answers
B.
It was blocked by the Anti-Virus Security profile action.
B.
It was blocked by the Anti-Virus Security profile action.
Answers
C.
It was blocked by the Anti-Spyware Profile action.
C.
It was blocked by the Anti-Spyware Profile action.
Answers
D.
It was blocked by the Security policy action.
D.
It was blocked by the Security policy action.
Answers
Suggested answer: C

Question 245

Report
Export
Collapse

Which three interface deployment methods can be used to block traffic flowing through the Palo Alto Networks firewall? (Choose three.)

A.
Layer 2
A.
Layer 2
Answers
B.
Virtual Wire
B.
Virtual Wire
Answers
C.
Tap
C.
Tap
Answers
D.
Layer 3
D.
Layer 3
Answers
E.
HA
E.
HA
Answers
Suggested answer: B, D, E

Question 246

Report
Export
Collapse

DRAG DROP

Match each rule type with its example


Question 246
Correct answer: Question 246

Question 247

Report
Export
Collapse

An administrator configured a Security policy rule where the matching condition includes a single application and the action is set to deny. What deny action will the firewall perform?

A.
Drop the traffic silently
A.
Drop the traffic silently
Answers
B.
Perform the default deny action as defined in the App-ID database for the application
B.
Perform the default deny action as defined in the App-ID database for the application
Answers
C.
Send a TCP reset packet to the client- and server-side devices
C.
Send a TCP reset packet to the client- and server-side devices
Answers
D.
Discard the session's packets and send a TCP reset packet to let the client know the session has been terminated
D.
Discard the session's packets and send a TCP reset packet to let the client know the session has been terminated
Answers
Suggested answer: D

Question 248

Report
Export
Collapse

Which object would an administrator create to enable access to all applications in the officeprograms subcategory?

A.
HIP profile
A.
HIP profile
Answers
B.
Application group
B.
Application group
Answers
C.
URL category
C.
URL category
Answers
D.
Application filter
D.
Application filter
Answers
Suggested answer: C

Question 249

Report
Export
Collapse

What do you configure if you want to set up a group of objects based on their ports alone?

A.
Application groups
A.
Application groups
Answers
B.
Service groups
B.
Service groups
Answers
C.
Address groups
C.
Address groups
Answers
D.
Custom objects
D.
Custom objects
Answers
Suggested answer: B

Question 250

Report
Export
Collapse

View the diagram. What is the most restrictive, yet fully functional rule, to allow general Internet and SSH traffic into both the DMZ and Untrust/lnternet zones from each of the lOT/Guest and Trust Zones?

A.
A.
Answers
B.
B.
Answers
C.
C.
Answers
D.
D.
Answers
Suggested answer: C
Total 362 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms