ExamGecko
Login
Home / Palo Alto Networks / PCNSA / List of questions
Ask Question

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 6

Add to Whishlist

List of questions

Question 51

Report Export Collapse

Which update option is not available to administrators?

New Spyware Notifications
New Spyware Notifications
New URLs
New URLs
New Application Signatures
New Application Signatures
New Malicious Domains
New Malicious Domains
New Antivirus Signatures
New Antivirus Signatures
Suggested answer: B
asked 23/09/2024
Ages Handriyanto
34 questions

Question 52

Report Export Collapse

A server-admin in the USERS-zone requires SSH-access to all possible servers in all current and future Public Cloud environments. All other required connections have already been enabled between the USERS- and the OUTSIDE-zone.

What configuration-changes should the Firewall-admin make?

Create a custom-service-object called SERVICE-SSH for destination-port-TCP-22. Create a securityrule between zone USERS and OUTSIDE to allow traffic from any source IP-address to any destination IP-address for SERVICE-SSH
Create a custom-service-object called SERVICE-SSH for destination-port-TCP-22. Create a securityrule between zone USERS and OUTSIDE to allow traffic from any source IP-address to any destination IP-address for SERVICE-SSH
Create a security-rule that allows traffic from zone USERS to OUTSIDE to allow traffic from any source IP-address to any destination IP-address for application SSH
Create a security-rule that allows traffic from zone USERS to OUTSIDE to allow traffic from any source IP-address to any destination IP-address for application SSH
In addition to option a, a custom-service-object called SERVICE-SSH-RETURN that contains sourceport- TCP-22 should be created. A second security-rule is required that allows traffic from zone OUTSIDE to USERS for SERVICE-SSH-RETURN for any source-IP-address to any destination-Ip-address
In addition to option a, a custom-service-object called SERVICE-SSH-RETURN that contains sourceport- TCP-22 should be created. A second security-rule is required that allows traffic from zone OUTSIDE to USERS for SERVICE-SSH-RETURN for any source-IP-address to any destination-Ip-address
In addition to option c, an additional rule from zone OUTSIDE to USERS for application SSH from any source-IP-address to any destination-IP-address is required to allow the return-traffic from the SSH-servers to reach the server-admin
In addition to option c, an additional rule from zone OUTSIDE to USERS for application SSH from any source-IP-address to any destination-IP-address is required to allow the return-traffic from the SSH-servers to reach the server-admin
Suggested answer: B
asked 23/09/2024
Sunila Chugh
41 questions

Question 53

Report Export Collapse

How often does WildFire release dynamic updates?

every 5 minutes
every 5 minutes
every 15 minutes
every 15 minutes
every 60 minutes
every 60 minutes
every 30 minutes
every 30 minutes
Suggested answer: A
Explanation:

References:

asked 23/09/2024
Jaap van Veldhuizen
51 questions

Question 54

Report Export Collapse

What is the minimum timeframe that can be set on the firewall to check for new WildFire signatures?

every 30 minutes
every 30 minutes
every 5 minutes
every 5 minutes
once every 24 hours
once every 24 hours
every 1 minute
every 1 minute
Suggested answer: D
Explanation:

Because new WildFire signatures are now available every five minutes, it is a best practice to use this setting to ensure the firewall retrieves these signatures within a minute of availability.

asked 23/09/2024
Nisanka Mandara
43 questions

Question 55

Report Export Collapse

A network has 10 domain controllers, multiple WAN links, and a network infrastructure with bandwidth needed to support mission-critical applications. Given the scenario, which type of User-ID agent is considered a best practice by Palo Alto Networks?

Windows-based agent on a domain controller
Windows-based agent on a domain controller
Captive Portal
Captive Portal
Citrix terminal server with adequate data-plane resources
Citrix terminal server with adequate data-plane resources
PAN-OS integrated agent
PAN-OS integrated agent
Suggested answer: A
asked 23/09/2024
Massimiliano Parisi
44 questions

Question 56

Report Export Collapse

What must be configured for the firewall to access multiple authentication profiles for external services to authenticate a non-local account?

authentication sequence
authentication sequence
LDAP server profile
LDAP server profile
authentication server list
authentication server list
authentication list profile
authentication list profile
Suggested answer: A
Explanation:

References:

asked 23/09/2024
Adlian Akbar
42 questions

Question 57

Report Export Collapse

Which prevention technique will prevent attacks based on packet count?

zone protection profile
zone protection profile
URL filtering profile
URL filtering profile
antivirus profile
antivirus profile
vulnerability profile
vulnerability profile
Suggested answer: A
asked 23/09/2024
An Khang Nguyen
51 questions

Question 58

Report Export Collapse

Which interface type can use virtual routers and routing protocols?

Tap
Tap
Layer3
Layer3
Virtual Wire
Virtual Wire
Layer2
Layer2
Suggested answer: B
asked 23/09/2024
Carlotta Agape
47 questions

Question 59

Report Export Collapse

Which URL profiling action does not generate a log entry when a user attempts to access that URL?

Override
Override
Allow
Allow
Block
Block
Continue
Continue
Suggested answer: B
Explanation:

References:

asked 23/09/2024
Jonathan Correa
48 questions

Question 60

Report Export Collapse

An internal host wants to connect to servers of the internet through using source NAT.

Which policy is required to enable source NAT on the firewall?

NAT policy with source zone and destination zone specified
NAT policy with source zone and destination zone specified
post-NAT policy with external source and any destination address
post-NAT policy with external source and any destination address
NAT policy with no source of destination zone selected
NAT policy with no source of destination zone selected
pre-NAT policy with external source and any destination address
pre-NAT policy with external source and any destination address
Suggested answer: A
asked 23/09/2024
Vito Ranieri
52 questions
Total 362 questions
Go to page: of 37
Open VPLUS File
Convert VPLUS to PDF

Related questions

An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_base. On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days. Based on the information, how is the SuperApp traffic affected after the 30 days have passed?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which firewall plane provides configuration, logging, and reporting functions on a separate processor?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which order of steps is the correct way to create a static route?
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)