ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSA

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 6

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which order of steps is the correct way to create a static route?
Which statement is true about Panorama managed devices?
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)
An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)

Question 51

Report
Export
Collapse

Which update option is not available to administrators?

A.
New Spyware Notifications
A.
New Spyware Notifications
Answers
B.
New URLs
B.
New URLs
Answers
C.
New Application Signatures
C.
New Application Signatures
Answers
D.
New Malicious Domains
D.
New Malicious Domains
Answers
E.
New Antivirus Signatures
E.
New Antivirus Signatures
Answers
Suggested answer: B

Question 52

Report
Export
Collapse

A server-admin in the USERS-zone requires SSH-access to all possible servers in all current and future Public Cloud environments. All other required connections have already been enabled between the USERS- and the OUTSIDE-zone.

What configuration-changes should the Firewall-admin make?

A.
Create a custom-service-object called SERVICE-SSH for destination-port-TCP-22. Create a securityrule between zone USERS and OUTSIDE to allow traffic from any source IP-address to any destination IP-address for SERVICE-SSH
A.
Create a custom-service-object called SERVICE-SSH for destination-port-TCP-22. Create a securityrule between zone USERS and OUTSIDE to allow traffic from any source IP-address to any destination IP-address for SERVICE-SSH
Answers
B.
Create a security-rule that allows traffic from zone USERS to OUTSIDE to allow traffic from any source IP-address to any destination IP-address for application SSH
B.
Create a security-rule that allows traffic from zone USERS to OUTSIDE to allow traffic from any source IP-address to any destination IP-address for application SSH
Answers
C.
In addition to option a, a custom-service-object called SERVICE-SSH-RETURN that contains sourceport- TCP-22 should be created. A second security-rule is required that allows traffic from zone OUTSIDE to USERS for SERVICE-SSH-RETURN for any source-IP-address to any destination-Ip-address
C.
In addition to option a, a custom-service-object called SERVICE-SSH-RETURN that contains sourceport- TCP-22 should be created. A second security-rule is required that allows traffic from zone OUTSIDE to USERS for SERVICE-SSH-RETURN for any source-IP-address to any destination-Ip-address
Answers
D.
In addition to option c, an additional rule from zone OUTSIDE to USERS for application SSH from any source-IP-address to any destination-IP-address is required to allow the return-traffic from the SSH-servers to reach the server-admin
D.
In addition to option c, an additional rule from zone OUTSIDE to USERS for application SSH from any source-IP-address to any destination-IP-address is required to allow the return-traffic from the SSH-servers to reach the server-admin
Answers
Suggested answer: B

Question 53

Report
Export
Collapse

How often does WildFire release dynamic updates?

A.
every 5 minutes
A.
every 5 minutes
Answers
B.
every 15 minutes
B.
every 15 minutes
Answers
C.
every 60 minutes
C.
every 60 minutes
Answers
D.
every 30 minutes
D.
every 30 minutes
Answers
Suggested answer: A

Explanation:

References:

Question 54

Report
Export
Collapse

What is the minimum timeframe that can be set on the firewall to check for new WildFire signatures?

A.
every 30 minutes
A.
every 30 minutes
Answers
B.
every 5 minutes
B.
every 5 minutes
Answers
C.
once every 24 hours
C.
once every 24 hours
Answers
D.
every 1 minute
D.
every 1 minute
Answers
Suggested answer: D

Explanation:

Because new WildFire signatures are now available every five minutes, it is a best practice to use this setting to ensure the firewall retrieves these signatures within a minute of availability.

Question 55

Report
Export
Collapse

A network has 10 domain controllers, multiple WAN links, and a network infrastructure with bandwidth needed to support mission-critical applications. Given the scenario, which type of User-ID agent is considered a best practice by Palo Alto Networks?

A.
Windows-based agent on a domain controller
A.
Windows-based agent on a domain controller
Answers
B.
Captive Portal
B.
Captive Portal
Answers
C.
Citrix terminal server with adequate data-plane resources
C.
Citrix terminal server with adequate data-plane resources
Answers
D.
PAN-OS integrated agent
D.
PAN-OS integrated agent
Answers
Suggested answer: A

Question 56

Report
Export
Collapse

What must be configured for the firewall to access multiple authentication profiles for external services to authenticate a non-local account?

A.
authentication sequence
A.
authentication sequence
Answers
B.
LDAP server profile
B.
LDAP server profile
Answers
C.
authentication server list
C.
authentication server list
Answers
D.
authentication list profile
D.
authentication list profile
Answers
Suggested answer: A

Explanation:

References:

Question 57

Report
Export
Collapse

Which prevention technique will prevent attacks based on packet count?

A.
zone protection profile
A.
zone protection profile
Answers
B.
URL filtering profile
B.
URL filtering profile
Answers
C.
antivirus profile
C.
antivirus profile
Answers
D.
vulnerability profile
D.
vulnerability profile
Answers
Suggested answer: A

Question 58

Report
Export
Collapse

Which interface type can use virtual routers and routing protocols?

A.
Tap
A.
Tap
Answers
B.
Layer3
B.
Layer3
Answers
C.
Virtual Wire
C.
Virtual Wire
Answers
D.
Layer2
D.
Layer2
Answers
Suggested answer: B

Question 59

Report
Export
Collapse

Which URL profiling action does not generate a log entry when a user attempts to access that URL?

A.
Override
A.
Override
Answers
B.
Allow
B.
Allow
Answers
C.
Block
C.
Block
Answers
D.
Continue
D.
Continue
Answers
Suggested answer: B

Explanation:

References:

Question 60

Report
Export
Collapse

An internal host wants to connect to servers of the internet through using source NAT.

Which policy is required to enable source NAT on the firewall?

A.
NAT policy with source zone and destination zone specified
A.
NAT policy with source zone and destination zone specified
Answers
B.
post-NAT policy with external source and any destination address
B.
post-NAT policy with external source and any destination address
Answers
C.
NAT policy with no source of destination zone selected
C.
NAT policy with no source of destination zone selected
Answers
D.
pre-NAT policy with external source and any destination address
D.
pre-NAT policy with external source and any destination address
Answers
Suggested answer: A
Total 362 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms