ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSA

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 34

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which order of steps is the correct way to create a static route?
Which statement is true about Panorama managed devices?
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)
An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)

Question 331

Report
Export
Collapse

The administrator profile 'SYS01 Admin' is configured with authentication profile 'Authentication Sequence SYS01,' and the authentication sequence SYS01 has a profile list with four authentication profiles:

* Auth Profile LDAP

* Auth Profile Radius

* Auth Profile Local

* Auth Profile TACACS

After a network outage, the LDAP server is no longer reachable. The RADIUS server is still reachable but has lost the 'SYS01 Admin' username and password.

What is the 'SYS01 Admin' login capability after the outage?

A.
Auth KO because RADIUS server lost user and password for SYS01 Admin
A.
Auth KO because RADIUS server lost user and password for SYS01 Admin
Answers
B.
Auth KO because LDAP server is not reachable
B.
Auth KO because LDAP server is not reachable
Answers
C.
Auth OK because of the Auth Profile Local
C.
Auth OK because of the Auth Profile Local
Answers
D.
Auth OK because of the Auth Profile TACACS -
D.
Auth OK because of the Auth Profile TACACS -
Answers
Suggested answer: C

Explanation:

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/authentication/configure-an-authentication-profile-and-sequence

Question 332

Report
Export
Collapse

In which two Security Profiles can an action equal to the block IP feature be configured? (Choose two.)

A.
Antivirus
A.
Antivirus
Answers
B.
URL Filtering
B.
URL Filtering
Answers
C.
Vulnerability Protection
C.
Vulnerability Protection
Answers
D.
Anti-spyware
D.
Anti-spyware
Answers
Suggested answer: C, D

Explanation:

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/objects/objects-security-profiles/actions-in-security-profiles

Question 333

Report
Export
Collapse

What are two valid selections within an Anti-Spyware profile? (Choose two.)

A.
Default
A.
Default
Answers
B.
Deny
B.
Deny
Answers
C.
Random early drop
C.
Random early drop
Answers
D.
Drop
D.
Drop
Answers
Suggested answer: A, D

Explanation:

Deny is a policy action, random early drop is part of the inner workings of DoS protection

Question 334

Report
Export
Collapse

When is an event displayed under threat logs?

A.
When traffic matches a corresponding Security Profile
A.
When traffic matches a corresponding Security Profile
Answers
B.
When traffic matches any Security policy
B.
When traffic matches any Security policy
Answers
C.
Every time a session is blocked
C.
Every time a session is blocked
Answers
D.
Every time the firewall drops a connection
D.
Every time the firewall drops a connection
Answers
Suggested answer: A

Explanation:

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/monitoring/view-and-manage-logs/log-types-and-severity-levels/threat-logs#:~:text=Threat%20logs%20display%20entries%20when,security%20rule%20on%20the%20firewall.

Question 335

Report
Export
Collapse

Which Security profile should be applied in order to protect against illegal code execution?

A.
Vulnerability Protection profile on allowed traffic
A.
Vulnerability Protection profile on allowed traffic
Answers
B.
Antivirus profile on allowed traffic
B.
Antivirus profile on allowed traffic
Answers
C.
Antivirus profile on denied traffic
C.
Antivirus profile on denied traffic
Answers
D.
Vulnerability Protection profile on denied traffic
D.
Vulnerability Protection profile on denied traffic
Answers
Suggested answer: A

Explanation:

The Security profile that should be applied in order to protect against illegal code execution is the Vulnerability Protection profile on allowed traffic. The Vulnerability Protection profile defines the actions that the firewall takes to protect against exploits and vulnerabilities in applications and protocols. The firewall can block or alert on traffic that matches a specific threat signature or a group of threats.The Vulnerability Protection profile can prevent illegal code execution by detecting and blocking attempts to exploit buffer overflows, format string vulnerabilities, or other code injection techniques1. To apply the Vulnerability Protection profile on allowed traffic, you need to:

Create or modify a Vulnerability Protection profile on the firewall or Panorama and configure the rules and exceptions for the threats that you want to protect against2.

Attach the Vulnerability Protection profile to a Security policy rule that allows traffic that you want to scan for vulnerabilities3.

Commit the changes to the firewall or Panorama and the managed firewalls.

Question 336

Report
Export
Collapse

Which three types of Source NAT are available to users inside a NGFW? (Choose three.)

A.
Dynamic IP and Port (DIPP)
A.
Dynamic IP and Port (DIPP)
Answers
B.
Static IP
B.
Static IP
Answers
C.
Static Port
C.
Static Port
Answers
D.
Dynamic IP
D.
Dynamic IP
Answers
E.
Static IP and Port (SIPP)
E.
Static IP and Port (SIPP)
Answers
Suggested answer: A, B, E

Question 337

Report
Export
Collapse

Refer to the exhibit.

Based on the network diagram provided, which two statements apply to traffic between the User and Server networks? (Choose two.)

A.
Traffic is permitted through the default intrazone 'allow' rule.
A.
Traffic is permitted through the default intrazone 'allow' rule.
Answers
B.
Traffic restrictions are possible by modifying intrazone rules.
B.
Traffic restrictions are possible by modifying intrazone rules.
Answers
C.
Traffic restrictions are not possible, because the networks are in the same zone.
C.
Traffic restrictions are not possible, because the networks are in the same zone.
Answers
D.
Traffic is permitted through the default interzone 'allow' rule.
D.
Traffic is permitted through the default interzone 'allow' rule.
Answers
Suggested answer: A, B

Explanation:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail? id=kA10g000000ClTHCA0&lang=es

Question 338

Report
Export
Collapse

Which two types of profiles are needed to create an authentication sequence? (Choose two.)

A.
Server profile
A.
Server profile
Answers
B.
Authentication profile
B.
Authentication profile
Answers
C.
Security profile
C.
Security profile
Answers
D.
Interface Management profile
D.
Interface Management profile
Answers
Suggested answer: A, B

Explanation:

In the FW you define an Auth sequence which specifies the Auth Profile. If you click add on an Auth Profile and define one named TACACS for example, the Auth Profile calls in the TACACS+ Server Profile.

Question 339

Report
Export
Collapse

Which setting is available to edit when a tag is created on the local firewall?

A.
Location
A.
Location
Answers
B.
Color
B.
Color
Answers
C.
Order
C.
Order
Answers
D.
Priority
D.
Priority
Answers
Suggested answer: B

Explanation:

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/objects/objects-tags/create-tags

Question 340

Report
Export
Collapse

What is the best-practice approach to logging traffic that traverses the firewall?

A.
Enable both log at session start and log at session end.
A.
Enable both log at session start and log at session end.
Answers
B.
Enable log at session start only.
B.
Enable log at session start only.
Answers
C.
Enable log at session end only.
C.
Enable log at session end only.
Answers
D.
Disable all logging options.
D.
Disable all logging options.
Answers
Suggested answer: C

Explanation:

The best-practice approach to logging traffic that traverses the firewall is to enable log at session end only. This option allows the firewall to generate a log entry only when a session ends, which reduces the load on the firewall and the log storage. The log entry contains information such as the source and destination IP addresses, ports, zones, application, user, bytes, packets, and duration of the session.The log at session end option also provides more accurate information about the session, such as the final application and user, the total bytes and packets, and the session end reason1. To enable log at session end only, you need to:

Create or modify a Security policy rule that matches the traffic that you want to log.

Select the Actions tab in the policy rule and check the Log at Session End option.

Commit the changes to the firewall or Panorama and the managed firewalls.

Total 362 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms