ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSA

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 26

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which statement is true about Panorama managed devices?
Which order of steps is the correct way to create a static route?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)
An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?

Question 251

Report
Export
Collapse

A website is unexpectedly allowed due to miscategorization.

What are two ways to resolve this issue for a proper response? (Choose two.)

A.
Identify the URL category being assigned to the website.Edit the active URL Filtering profile and update that category's site access settings to block.
A.
Identify the URL category being assigned to the website.Edit the active URL Filtering profile and update that category's site access settings to block.
Answers
B.
Create a URL category and assign the affected URL.Update the active URL Filtering profile site access setting for the custom URL category to block.
B.
Create a URL category and assign the affected URL.Update the active URL Filtering profile site access setting for the custom URL category to block.
Answers
C.
Review the categorization of the website on https://urlfiltering.paloaltonetworks.com.Submit for "request change*, identifying the appropriate categorization, and wait for confirmation before testing again.
C.
Review the categorization of the website on https://urlfiltering.paloaltonetworks.com.Submit for "request change*, identifying the appropriate categorization, and wait for confirmation before testing again.
Answers
D.
Create a URL category and assign the affected URL.Add a Security policy with a URL category qualifier of the custom URL category below the original policy. Set the policy action to Deny.
D.
Create a URL category and assign the affected URL.Add a Security policy with a URL category qualifier of the custom URL category below the original policy. Set the policy action to Deny.
Answers
Suggested answer: C, D

Question 252

Report
Export
Collapse

Why should a company have a File Blocking profile that is attached to a Security policy?

A.
To block uploading and downloading of specific types of files
A.
To block uploading and downloading of specific types of files
Answers
B.
To detonate files in a sandbox environment
B.
To detonate files in a sandbox environment
Answers
C.
To analyze file types
C.
To analyze file types
Answers
D.
To block uploading and downloading of any type of files
D.
To block uploading and downloading of any type of files
Answers
Suggested answer: A

Question 253

Report
Export
Collapse

An administrator is troubleshooting traffic that should match the interzone-default rule. However, the administrator doesn't see this traffic in the traffic logs on the firewall. The interzone-default was never changed from its default configuration.

Why doesn't the administrator see the traffic?

A.
Logging on the interzone-default policy is disabled.
A.
Logging on the interzone-default policy is disabled.
Answers
B.
Traffic is being denied on the interzone-default policy.
B.
Traffic is being denied on the interzone-default policy.
Answers
C.
The Log Forwarding profile is not configured on the policy.
C.
The Log Forwarding profile is not configured on the policy.
Answers
D.
The interzone-default policy is disabled by default.
D.
The interzone-default policy is disabled by default.
Answers
Suggested answer: A

Question 254

Report
Export
Collapse

Given the detailed log information above, what was the result of the firewall traffic inspection?

A.
It was blocked by the Anti-Virus Security profile action.
A.
It was blocked by the Anti-Virus Security profile action.
Answers
B.
It was blocked by the Anti-Spyware Profile action.
B.
It was blocked by the Anti-Spyware Profile action.
Answers
C.
It was blocked by the Vulnerability Protection profile action.
C.
It was blocked by the Vulnerability Protection profile action.
Answers
D.
It was blocked by the Security policy action.
D.
It was blocked by the Security policy action.
Answers
Suggested answer: B

Question 255

Report
Export
Collapse

An administrator would like to protect against inbound threats such as buffer overflows and illegal code execution.

Which Security profile should be used?

A.
Antivirus
A.
Antivirus
Answers
B.
URL filtering
B.
URL filtering
Answers
C.
Anti-spyware
C.
Anti-spyware
Answers
D.
Vulnerability protection
D.
Vulnerability protection
Answers
Suggested answer: C

Question 256

Report
Export
Collapse

Which statement best describes a common use of Policy Optimizer?

A.
Policy Optimizer on a VM-50 firewall can display which Layer 7 App-ID Security policies have unused applications.
A.
Policy Optimizer on a VM-50 firewall can display which Layer 7 App-ID Security policies have unused applications.
Answers
B.
Policy Optimizer can add or change a Log Forwarding profile for each Security policy selected.
B.
Policy Optimizer can add or change a Log Forwarding profile for each Security policy selected.
Answers
C.
Policy Optimizer can display which Security policies have not been used in the last 90 days.
C.
Policy Optimizer can display which Security policies have not been used in the last 90 days.
Answers
D.
Policy Optimizer can be used on a schedule to automatically create a disabled Layer 7 App-ID Security policy for every Layer 4 policy that exists. Admins can then manually enable policies they want to keep and delete ones they want to remove.
D.
Policy Optimizer can be used on a schedule to automatically create a disabled Layer 7 App-ID Security policy for every Layer 4 policy that exists. Admins can then manually enable policies they want to keep and delete ones they want to remove.
Answers
Suggested answer: C

Question 257

Report
Export
Collapse

Which rule type is appropriate for matching traffic occurring within a specified zone?

A.
Interzone
A.
Interzone
Answers
B.
Universal
B.
Universal
Answers
C.
Intrazone
C.
Intrazone
Answers
D.
Shadowed
D.
Shadowed
Answers
Suggested answer: C

Question 258

Report
Export
Collapse

What is a recommended consideration when deploying content updates to the firewall from Panorama?

A.
Content updates for firewall A/P HA pairs can only be pushed to the active firewall.
A.
Content updates for firewall A/P HA pairs can only be pushed to the active firewall.
Answers
B.
Content updates for firewall A/A HA pairs need a defined master device.
B.
Content updates for firewall A/A HA pairs need a defined master device.
Answers
C.
Before deploying content updates, always check content release version compatibility.
C.
Before deploying content updates, always check content release version compatibility.
Answers
D.
After deploying content updates, perform a commit and push to Panorama.
D.
After deploying content updates, perform a commit and push to Panorama.
Answers
Suggested answer: C

Question 259

Report
Export
Collapse

Which Security policy action will message a user's browser thai their web session has been terminated?

A.
Reset server
A.
Reset server
Answers
B.
Deny
B.
Deny
Answers
C.
Drop
C.
Drop
Answers
D.
Reset client
D.
Reset client
Answers
Suggested answer: B

Question 260

Report
Export
Collapse

An administrator configured a Security policy rule with an Antivirus Security profile. The administrator did not change the action (or the profile. If a virus gets detected, how wilt the firewall handle the traffic?

A.
It allows the traffic because the profile was not set to explicitly deny the traffic.
A.
It allows the traffic because the profile was not set to explicitly deny the traffic.
Answers
B.
It drops the traffic because the profile was not set to explicitly allow the traffic.
B.
It drops the traffic because the profile was not set to explicitly allow the traffic.
Answers
C.
It uses the default action assigned to the virus signature.
C.
It uses the default action assigned to the virus signature.
Answers
D.
It allows the traffic but generates an entry in the Threat logs.
D.
It allows the traffic but generates an entry in the Threat logs.
Answers
Suggested answer: B
Total 362 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms