ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSA

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 27

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which statement is true about Panorama managed devices?
Which order of steps is the correct way to create a static route?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)
An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?

Question 261

Report
Export
Collapse

Selecting the option to revert firewall changes will replace what settings?

A.
The running configuration with settings from the candidate configuration
A.
The running configuration with settings from the candidate configuration
Answers
B.
The candidate configuration with settings from the running configuration
B.
The candidate configuration with settings from the running configuration
Answers
C.
The device state with settings from another configuration
C.
The device state with settings from another configuration
Answers
D.
Dynamic update scheduler settings
D.
Dynamic update scheduler settings
Answers
Suggested answer: A

Question 262

Report
Export
Collapse

What can be used as match criteria for creating a dynamic address group?

A.
Usernames
A.
Usernames
Answers
B.
IP addresses
B.
IP addresses
Answers
C.
Tags
C.
Tags
Answers
D.
MAC addresses
D.
MAC addresses
Answers
Suggested answer: C

Question 263

Report
Export
Collapse

An administrator needs to allow users to use only certain email applications.

How should the administrator configure the firewall to restrict users to specific email applications?

A.
Create an application filter and filter it on the collaboration category, email subcategory.
A.
Create an application filter and filter it on the collaboration category, email subcategory.
Answers
B.
Create an application group and add the email applications to it.
B.
Create an application group and add the email applications to it.
Answers
C.
Create an application filter and filter it on the collaboration category.
C.
Create an application filter and filter it on the collaboration category.
Answers
D.
Create an application group and add the email category to it.
D.
Create an application group and add the email category to it.
Answers
Suggested answer: B

Question 264

Report
Export
Collapse

An administrator has an IP address range in the external dynamic list and wants to create an exception for one specific IP address in this address range.

Which steps should the administrator take?

A.
Add the address range to the Manual Exceptions list and exclude the IP address by selecting the entry.
A.
Add the address range to the Manual Exceptions list and exclude the IP address by selecting the entry.
Answers
B.
Add each IP address in the range as a list entry and then exclude the IP address by adding it to the Manual Exceptions list.
B.
Add each IP address in the range as a list entry and then exclude the IP address by adding it to the Manual Exceptions list.
Answers
C.
Select the address range in the List Entries list. A column will open with the IP addresses. Select the entry to exclude.
C.
Select the address range in the List Entries list. A column will open with the IP addresses. Select the entry to exclude.
Answers
D.
Add the specific IP address from the address range to the Manual Exceptions list by using regular expressions to define the entry.
D.
Add the specific IP address from the address range to the Manual Exceptions list by using regular expressions to define the entry.
Answers
Suggested answer: D

Question 265

Report
Export
Collapse

An administrator is implementing an exception to an external dynamic list by adding an entry to the list manually. The administrator wants to save the changes, but the OK button is grayed out.

What are two possible reasons the OK button is grayed out? (Choose two.)

A.
The entry contains wildcards.
A.
The entry contains wildcards.
Answers
B.
The entry is duplicated.
B.
The entry is duplicated.
Answers
C.
The entry doesn't match a list entry.
C.
The entry doesn't match a list entry.
Answers
D.
The entry matches a list entry.
D.
The entry matches a list entry.
Answers
Suggested answer: B, C

Question 266

Report
Export
Collapse

An administrator is updating Security policy to align with best practices.

Which Policy Optimizer feature is shown in the screenshot below?

A.
Rules without App Controls
A.
Rules without App Controls
Answers
B.
New App Viewer
B.
New App Viewer
Answers
C.
Rule Usage
C.
Rule Usage
Answers
D.
Unused Unused Apps
D.
Unused Unused Apps
Answers
Suggested answer: C

Question 267

Report
Export
Collapse

By default, which action is assigned to the interzone-default rule?

A.
Reset-client
A.
Reset-client
Answers
B.
Reset-server
B.
Reset-server
Answers
C.
Deny
C.
Deny
Answers
D.
Allow
D.
Allow
Answers
Suggested answer: C

Question 268

Report
Export
Collapse

Which two matching criteria are used when creating a Security policy involving NAT? (Choose two.)

A.
Post-NAT address
A.
Post-NAT address
Answers
B.
Post-NAT zone
B.
Post-NAT zone
Answers
C.
Pre-NAT zone
C.
Pre-NAT zone
Answers
D.
Pre-NAT address
D.
Pre-NAT address
Answers
Suggested answer: B, D

Question 269

Report
Export
Collapse

What are three valid information sources that can be used when tagging users to dynamic user groups? (Choose three.)

A.
Blometric scanning results from iOS devices
A.
Blometric scanning results from iOS devices
Answers
B.
Firewall logs
B.
Firewall logs
Answers
C.
Custom API scripts
C.
Custom API scripts
Answers
D.
Security Information and Event Management Systems (SIEMS), such as Splun
D.
Security Information and Event Management Systems (SIEMS), such as Splun
Answers
E.
DNS Security service
E.
DNS Security service
Answers
Suggested answer: B, C, E

Question 270

Report
Export
Collapse

What is the maximum volume of concurrent administrative account sessions?

A.
Unlimited
A.
Unlimited
Answers
B.
2
B.
2
Answers
C.
10
C.
10
Answers
D.
1
D.
1
Answers
Suggested answer: C
Total 362 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms