ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSA

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 4

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which order of steps is the correct way to create a static route?
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)
An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)
Which statement is true about Panorama managed devices?
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)

Question 31

Report
Export
Collapse

Which interface type is used to monitor traffic and cannot be used to perform traffic shaping?

A.
Layer 2
A.
Layer 2
Answers
B.
Tap
B.
Tap
Answers
C.
Layer 3
C.
Layer 3
Answers
D.
Virtual Wire
D.
Virtual Wire
Answers
Suggested answer: B

Question 32

Report
Export
Collapse

Which administrator type provides more granular options to determine what the administrator can view and modify when creating an administrator account?

A.
Root
A.
Root
Answers
B.
Dynamic
B.
Dynamic
Answers
C.
Role-based
C.
Role-based
Answers
D.
Superuser
D.
Superuser
Answers
Suggested answer: C

Question 33

Report
Export
Collapse

Which administrator type utilizes predefined roles for a local administrator account?

A.
Superuser
A.
Superuser
Answers
B.
Role-based
B.
Role-based
Answers
C.
Dynamic
C.
Dynamic
Answers
D.
Device administrator
D.
Device administrator
Answers
Suggested answer: C

Explanation:

References:

Question 34

Report
Export
Collapse

Which two security profile types can be attached to a security policy? (Choose two.)

A.
antivirus
A.
antivirus
Answers
B.
DDoS protection
B.
DDoS protection
Answers
C.
threat
C.
threat
Answers
D.
vulnerability
D.
vulnerability
Answers
Suggested answer: A, D

Explanation:

References:

Question 35

Report
Export
Collapse

The CFO found a USB drive in the parking lot and decide to plug it into their corporate laptop. The USB drive had malware on it that loaded onto their computer and then contacted a known command and control (CnC) server, which ordered the infected machine to begin Exfiltrating data from the laptop.

Which security profile feature could have been used to prevent the communication with the CnC server?

A.
Create an anti-spyware profile and enable DNS Sinkhole
A.
Create an anti-spyware profile and enable DNS Sinkhole
Answers
B.
Create an antivirus profile and enable DNS Sinkhole
B.
Create an antivirus profile and enable DNS Sinkhole
Answers
C.
Create a URL filtering profile and block the DNS Sinkhole category
C.
Create a URL filtering profile and block the DNS Sinkhole category
Answers
D.
Create a security policy and enable DNS Sinkhole
D.
Create a security policy and enable DNS Sinkhole
Answers
Suggested answer: A

Explanation:

References:

Question 36

Report
Export
Collapse

Which user mapping method could be used to discover user IDs in an environment with multiple Windows domain controllers?

A.
Active Directory monitoring
A.
Active Directory monitoring
Answers
B.
Windows session monitoring
B.
Windows session monitoring
Answers
C.
Windows client probing
C.
Windows client probing
Answers
D.
domain controller monitoring
D.
domain controller monitoring
Answers
Suggested answer: A

Question 37

Report
Export
Collapse

What are three differences between security policies and security profiles? (Choose three.)

A.
Security policies are attached to security profiles
A.
Security policies are attached to security profiles
Answers
B.
Security profiles are attached to security policies
B.
Security profiles are attached to security policies
Answers
C.
Security profiles should only be used on allowed traffic
C.
Security profiles should only be used on allowed traffic
Answers
D.
Security profiles are used to block traffic by themselves
D.
Security profiles are used to block traffic by themselves
Answers
E.
Security policies can block or allow traffic
E.
Security policies can block or allow traffic
Answers
Suggested answer: B, C, E

Question 38

Report
Export
Collapse

Given the image, which two options are true about the Security policy rules. (Choose two.)

A.
The Allow Office Programs rule is using an Application Filter
A.
The Allow Office Programs rule is using an Application Filter
Answers
B.
In the Allow FTP to web server rule, FTP is allowed using App-ID
B.
In the Allow FTP to web server rule, FTP is allowed using App-ID
Answers
C.
The Allow Office Programs rule is using an Application Group
C.
The Allow Office Programs rule is using an Application Group
Answers
D.
In the Allow Social Networking rule, allows all of Facebook's functions
D.
In the Allow Social Networking rule, allows all of Facebook's functions
Answers
Suggested answer: A, D

Explanation:

In the Allow FTP to web server rule, FTP is allowed using port based rule and not APP-ID.

Question 39

Report
Export
Collapse

Which type of security rule will match traffic between the Inside zone and Outside zone, within the Inside zone, and within the Outside zone?

A.
global
A.
global
Answers
B.
intrazone
B.
intrazone
Answers
C.
interzone
C.
interzone
Answers
D.
universal
D.
universal
Answers
Suggested answer: D

Explanation:

References:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClomCAC

Question 40

Report
Export
Collapse

Which Palo Alto Networks firewall security platform provides network security for mobile endpoints by inspecting traffic deployed as internet gateways?

A.
GlobalProtect
A.
GlobalProtect
Answers
B.
AutoFocus
B.
AutoFocus
Answers
C.
Aperture
C.
Aperture
Answers
D.
Panorama
D.
Panorama
Answers
Suggested answer: A
Total 362 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms