ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSA

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 36

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which order of steps is the correct way to create a static route?
Which statement is true about Panorama managed devices?
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)
An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)

Question 351

Report
Export
Collapse

Which System log severity level would be displayed as a result of a user password change?

A.
High
A.
High
Answers
B.
Critical
B.
Critical
Answers
C.
Medium
C.
Medium
Answers
D.
Low
D.
Low
Answers
Suggested answer: D

Explanation:

System logs display entries for each system event on the firewall.

1. Critical - Hardware failures, including high availability (HA) failover and link failures.

2. High - Serious issues, including dropped connections with external devices, such as LDAP and RADIUS servers.

3. Medium - Mid-level notifications, such as antivirus package upgrades.

4. Low - Minor severity notifications, such as user password changes.

5. Informational - Log in/log off, administrator name or password change, any configuration change, and all other events not covered by the other severity levels.

https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/view-and-manage-logs/log-types-and-severity-levels/system-logs#id8edbfdae-ed92-4d8e-ab76-6a38f96e8cb1

Question 352

Report
Export
Collapse

Which situation is recorded as a system log?

A.
An attempt to access a spoofed website has been blocked.
A.
An attempt to access a spoofed website has been blocked.
Answers
B.
A connection with an authentication server has been dropped.
B.
A connection with an authentication server has been dropped.
Answers
C.
A file that has been analyzed is potentially dangerous for the system.
C.
A file that has been analyzed is potentially dangerous for the system.
Answers
D.
A new asset has been discovered on the network.
D.
A new asset has been discovered on the network.
Answers
Suggested answer: B

Question 353

Report
Export
Collapse

Where within the URL Filtering security profile must a user configure the action to prevent credential submissions?

A.
URL Filtering > Inline Categorization
A.
URL Filtering > Inline Categorization
Answers
B.
URL Filtering > Categories
B.
URL Filtering > Categories
Answers
C.
URL Filtering > URL Filtering Settings
C.
URL Filtering > URL Filtering Settings
Answers
D.
URL Filtering > HTTP Header Insertion
D.
URL Filtering > HTTP Header Insertion
Answers
Suggested answer: B

Explanation:

URL filtering technology protects users from web-based threats by providing granular control over user access and interaction with content on the Internet. You can develop a URL filtering policy that limits access to sites based on URL categories, users, and groups. For example, you can block access to sites known to host malware and prevent end users from entering corporate credentials to sites in certain categories.

Question 354

Report
Export
Collapse

Which two features implement one-to-one translation of a source IP address while allowing the source port to change? (Choose two.)

A.
Static IP
A.
Static IP
Answers
B.
Dynamic IP / Port Fallback
B.
Dynamic IP / Port Fallback
Answers
C.
Dynamic IP
C.
Dynamic IP
Answers
D.
Dynamic IP and Port (DIPP)
D.
Dynamic IP and Port (DIPP)
Answers
Suggested answer: A, D

Explanation:

Static IP and Dynamic IP and Port (DIPP) are two features that implement one-to-one translation of a source IP address while allowing the source port to change.Static IP translates a single source address to a specific public address, and allows the source port to change dynamically1.Dynamic IP and Port (DIPP) translates the source IP address or range to a single IP address, and uses the source port to differentiate between multiple source IPs that share the same translated address2. Both of these features provide a one-to-one translation of IP addresses, but do not restrict the source port.Reference:

Static IP - Palo Alto Networks

Dynamic IP and Port - Palo Alto Networks

Question 355

Report
Export
Collapse

A network administrator creates an intrazone security policy rule on a NGFW. The source zones are set to IT. Finance, and HR.

To which two types of traffic will the rule apply? (Choose two.)

A.
Within zone HR
A.
Within zone HR
Answers
B.
Within zone IT
B.
Within zone IT
Answers
C.
Between zone IT and zone HR
C.
Between zone IT and zone HR
Answers
D.
Between zone IT and zone Finance
D.
Between zone IT and zone Finance
Answers
Suggested answer: A, B

Explanation:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClTHCA0

Question 356

Report
Export
Collapse

An organization has some applications that are restricted for access by the Human Resources Department only, and other applications that are available for any known user in the organization.

What object is best suited for this configuration?

A.
Application Group
A.
Application Group
Answers
B.
Tag
B.
Tag
Answers
C.
External Dynamic List
C.
External Dynamic List
Answers
D.
Application Filter
D.
Application Filter
Answers
Suggested answer: A

Question 357

Report
Export
Collapse

Which order of steps is the correct way to create a static route?

A.
1) Enter the route and netmask 2) Enter the IP address for the specific next hop 3) Specify the outgoing interface for packets to use to go to the next hop 4) Add an IPv4 or IPv6 route by name
A.
1) Enter the route and netmask 2) Enter the IP address for the specific next hop 3) Specify the outgoing interface for packets to use to go to the next hop 4) Add an IPv4 or IPv6 route by name
Answers
B.
1) Enter the route and netmask 2) Specify the outgoing interface for packets to use to go to the next hop 3) Enter the IP address for the specific next hop 4) Add an IPv4 or IPv6 route by name
B.
1) Enter the route and netmask 2) Specify the outgoing interface for packets to use to go to the next hop 3) Enter the IP address for the specific next hop 4) Add an IPv4 or IPv6 route by name
Answers
C.
1) Enter the IP address for the specific next hop 2) Enter the route and netmask 3) Add an IPv4 or IPv6 route by name 4) Specify the outgoing interface for packets to use to go to the next hop
C.
1) Enter the IP address for the specific next hop 2) Enter the route and netmask 3) Add an IPv4 or IPv6 route by name 4) Specify the outgoing interface for packets to use to go to the next hop
Answers
D.
1) Enter the IP address for the specific next hop 2) Add an IPv4 or IPv6 route by name 3) Enter the route and netmask 4) Specify the outgoing interface for packets to use to go to the next hop
D.
1) Enter the IP address for the specific next hop 2) Add an IPv4 or IPv6 route by name 3) Enter the route and netmask 4) Specify the outgoing interface for packets to use to go to the next hop
Answers
Suggested answer: A

Explanation:

Enter the route and netmask

Enter the IP address for the specific next hop

Specify the outgoing interface for packets to use to go to the next hop

Add an IPv4 or IPv6 route by nameComprehensive This is the correct order of steps to create a static route in a virtual router on the firewall. The first step is to enter the route and netmask for the destination network, such as 192.168.2.2/24 for an IPv4 address or 2001:db8:123:1::1/64 for an IPv6 address. The second step is to enter the IP address for the specific next hop, such as 192.168.56.1 or 2001:db8:49e:1::1. The third step is to specify the outgoing interface for packets to use to go to the next hop, such as ethernet1/1.The fourth step is to add an IPv4 or IPv6 route by name, such as route11.Reference:

Configure a Static Route - Palo Alto Networks

Question 358

Report
Export
Collapse

Which two actions are needed for an administrator to get real-time WildFire signatures? (Choose two.)

A.
Obtain a Threat Prevention subscription.
A.
Obtain a Threat Prevention subscription.
Answers
B.
Enable Dynamic Updates.
B.
Enable Dynamic Updates.
Answers
C.
Move within the WildFire public cloud region.
C.
Move within the WildFire public cloud region.
Answers
D.
Obtain a WildFire subscription.
D.
Obtain a WildFire subscription.
Answers
Suggested answer: B, D

Explanation:

https://docs.paloaltonetworks.com/wildfire/u-v/wildfire-whats-new/wildfire-features-in-panos-100/wildfire-real-time-signature-updates

Question 359

Report
Export
Collapse

In the PAN-OS Web Interface, which is a session distribution method offered under NAT Translated Packet Tab to choose how the firewall assigns sessions?

A.
Destination IP Hash b
A.
Destination IP Hash b
Answers
B.
Concurrent Sessions
B.
Concurrent Sessions
Answers
C.
Max Sessions
C.
Max Sessions
Answers
D.
IP Modulo
D.
IP Modulo
Answers
Suggested answer: D

Explanation:

The IP Modulo session distribution method assigns sessions to dataplane processors (DPs) based on the modulo of the source and destination IP addresses. This method is suitable for environments that use NAT with a large number of translated IP addresses and ports. It ensures that sessions with the same source and destination IP addresses are processed by the same DP, regardless of the port numbers.This can improve performance and avoid out-of-order packets.

Question 360

Report
Export
Collapse

Review the Screenshot:

Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the

SERVER zone to the DMZ on SSH only.

Which rule group enables the required traffic?

A)

B)

C)

D)

A.
Option A
A.
Option A
Answers
B.
Option B
B.
Option B
Answers
C.
Option C
C.
Option C
Answers
D.
Option D
D.
Option D
Answers
Suggested answer: B

Explanation:

Option B enables the required traffic by allowing SSL and web-browsing from UNTRUST to DMZ, denying SSH from UNTRUST to DMZ, allowing MYSQL from DMZ to SERVER, and allowing SSH from SERVER to DMZ. Option A allows SSH from UNTRUST to DMZ, which is not required. Option C denies all the required traffic.Option D denies all traffic from UNTRUST to TRUST, which is irrelevant to the question

https://www.paloaltonetworks.com/services/education/palo-alto-networks-certified-network-security-administrator


Total 362 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms