ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSA

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 29

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which order of steps is the correct way to create a static route?
Which statement is true about Panorama managed devices?
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)
An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)

Question 281

Report
Export
Collapse

Which User Credential Detection method should be applied within a URL Filtering Security profile to check for the submission of a valid corporate username and the associated password?

A.
Domain Credential
A.
Domain Credential
Answers
B.
IP User
B.
IP User
Answers
C.
Group Mapping
C.
Group Mapping
Answers
D.
Valid Username Detected Log Severity
D.
Valid Username Detected Log Severity
Answers
Suggested answer: C

Question 282

Report
Export
Collapse

Which interface type requires no routing or switching but applies Security or NAT policy rules before passing allowed traffic?

A.
Layer 3
A.
Layer 3
Answers
B.
Virtual Wire
B.
Virtual Wire
Answers
C.
Tap
C.
Tap
Answers
D.
Layer 2
D.
Layer 2
Answers
Suggested answer: A

Question 283

Report
Export
Collapse

If users from the Trusted zone need to allow traffic to an SFTP server in the DMZ zone, how should a Security policy with App-ID be configured?

A.
A.
Answers
B.
B.
Answers
C.
C.
Answers
D.
D.
Answers
Suggested answer: D

Question 284

Report
Export
Collapse

All users from the internal zone must be allowed only HTTP access to a server in the DMZ zone.

Complete the empty field in the Security policy using an application object to permit only this type of access.

Source Zone: Internal -

Destination Zone: DMZ Zone -

Application: __________

Service: application-default -

Action: allow

A.
Application = "any"
A.
Application = "any"
Answers
B.
Application = "web-browsing"
B.
Application = "web-browsing"
Answers
C.
Application = "ssl"
C.
Application = "ssl"
Answers
D.
Application = "http"
D.
Application = "http"
Answers
Suggested answer: B

Question 285

Report
Export
Collapse

A network administrator created an intrazone Security policy rule on the firewall. The source zones were set to IT. Finance, and HR.

Which two types of traffic will the rule apply to? (Choose two)

A.
traffic between zone IT and zone Finance
A.
traffic between zone IT and zone Finance
Answers
B.
traffic between zone Finance and zone HR
B.
traffic between zone Finance and zone HR
Answers
C.
traffic within zone IT
C.
traffic within zone IT
Answers
D.
traffic within zone HR
D.
traffic within zone HR
Answers
Suggested answer: C, D

Question 286

Report
Export
Collapse

Which three filter columns are available when setting up an Application Filter? (Choose three.)

A.
Parent App
A.
Parent App
Answers
B.
Category
B.
Category
Answers
C.
Risk
C.
Risk
Answers
D.
Standard Ports
D.
Standard Ports
Answers
E.
Subcategory
E.
Subcategory
Answers
Suggested answer: B, C, E

Explanation:

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/objects/objectsapplication-filters


Question 287

Report
Export
Collapse

What are three ways application characteristics are used? (Choose three.)

A.
As an attribute to define an application group
A.
As an attribute to define an application group
Answers
B.
As a setting to define a new custom application
B.
As a setting to define a new custom application
Answers
C.
As an Object to define Security policies
C.
As an Object to define Security policies
Answers
D.
As an attribute to define an application filter
D.
As an attribute to define an application filter
Answers
E.
As a global filter in the Application Command Center (ACC)
E.
As a global filter in the Application Command Center (ACC)
Answers
Suggested answer: A, B, D

Question 288

Report
Export
Collapse

Files are sent to the WildFire cloud service via the WildFire Analysis Profile. How are these files used?

A.
WildFire signature updates
A.
WildFire signature updates
Answers
B.
Malware analysis
B.
Malware analysis
Answers
C.
Domain Generation Algorithm (DGA) learning
C.
Domain Generation Algorithm (DGA) learning
Answers
D.
Spyware analysis
D.
Spyware analysis
Answers
Suggested answer: B

Question 289

Report
Export
Collapse

In which section of the PAN-OS GUI does an administrator configure URL Filtering profiles?

A.
Policies
A.
Policies
Answers
B.
Network
B.
Network
Answers
C.
Objects
C.
Objects
Answers
D.
Device
D.
Device
Answers
Suggested answer: C

Explanation:

An administrator can configure URL Filtering profiles in the Objects section of the PAN-OS GUI.A URL Filtering profile is a collection of URL filtering controls that you can apply to individual Security policy rules that allow access to the internet1.You can set site access for URL categories, allow or disallow user credential submissions, enable safe search enforcement, and various other settings1.

To create a URL Filtering profile, go to Objects > Security Profiles > URL Filtering and click Add.You can then specify the profile name, description, and settings for each URL category and action2.You can also configure other options such as User Credential Detection, HTTP Header Insertion, and URL Filtering Inline ML2.After creating the profile, you can attach it to a Security policy rule that allows web traffic2.

Question 290

Report
Export
Collapse

By default, what is the maximum number of templates that can be added to a template stack?

A.
6
A.
6
Answers
B.
8
B.
8
Answers
C.
10
C.
10
Answers
D.
12
D.
12
Answers
Suggested answer: B

Explanation:

By default, the maximum number of templates that can be added to a template stack is 8. This is the recommended limit for performance reasons, as adding more templates may result in sluggish responses on the user interface. However, starting from PAN-OS 8.1.10 and 9.0.4, you can use a debug command to increase the maximum number of templates per stack to 16. This command requires a commit operation to take effect.

A template stack is a collection of templates that you can use to push common settings to multiple firewalls or Panorama managed collectors. A template contains the network and device settings that you want to share across devices, such as interfaces, zones, virtual routers, DNS, NTP, and login banners. You can create multiple templates for different device groups or locations and add them to a template stack in a hierarchical order. The settings in the lower templates override the settings in the higher templates if there are any conflicts. You can then assign a template stack to one or more devices and push the configuration changes.

Total 362 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms