ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSA

Palo Alto Networks PCNSA Practice Test - Questions Answers, Page 7

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which order of steps is the correct way to create a static route?
Which statement is true about Panorama managed devices?
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)
An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)

Question 61

Report
Export
Collapse

Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?

A.
DoS protection
A.
DoS protection
Answers
B.
URL filtering
B.
URL filtering
Answers
C.
packet buffering
C.
packet buffering
Answers
D.
anti-spyware
D.
anti-spyware
Answers
Suggested answer: A

Question 62

Report
Export
Collapse

Which path in PAN-OS 10.0 displays the list of port-based security policy rules?

A.
Policies> Security> Rule Usage> No App Specified
A.
Policies> Security> Rule Usage> No App Specified
Answers
B.
Policies> Security> Rule Usage> Port only specified
B.
Policies> Security> Rule Usage> Port only specified
Answers
C.
Policies> Security> Rule Usage> Port-based Rules
C.
Policies> Security> Rule Usage> Port-based Rules
Answers
D.
Policies> Security> Rule Usage> Unused Apps
D.
Policies> Security> Rule Usage> Unused Apps
Answers
Suggested answer: A

Explanation:

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/app-id/security-policy-ruleoptimization/migrate-port-based-to-app-id-based-security-policy-rules.html

Question 63

Report
Export
Collapse

Which two components are utilized within the Single-Pass Parallel Processing architecture on a Palo Alto Networks Firewall? (Choose two.)

A.
Layer-ID
A.
Layer-ID
Answers
B.
User-ID
B.
User-ID
Answers
C.
QoS-ID
C.
QoS-ID
Answers
D.
App-ID
D.
App-ID
Answers
Suggested answer: B, D

Question 64

Report
Export
Collapse

Which path is used to save and load a configuration with a Palo Alto Networks firewall?

A.
Device>Setup>Services
A.
Device>Setup>Services
Answers
B.
Device>Setup>Management
B.
Device>Setup>Management
Answers
C.
Device>Setup>Operations
C.
Device>Setup>Operations
Answers
D.
Device>Setup>Interfaces
D.
Device>Setup>Interfaces
Answers
Suggested answer: C

Question 65

Report
Export
Collapse

Which action related to App-ID updates will enable a security administrator to view the existing security policy rule that matches new application signatures?

A.
Review Policies
A.
Review Policies
Answers
B.
Review Apps
B.
Review Apps
Answers
C.
Pre-analyze
C.
Pre-analyze
Answers
D.
Review App Matches
D.
Review App Matches
Answers
Suggested answer: A

Explanation:

References:

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/app-id/manage-new-app-idsintroduced-incontent-releases/review-new-app-id-impact-on- existing-policy-rules

Question 66

Report
Export
Collapse

How is the hit count reset on a rule?

A.
select a security policy rule, right click Hit Count > Reset
A.
select a security policy rule, right click Hit Count > Reset
Answers
B.
with a dataplane reboot
B.
with a dataplane reboot
Answers
C.
Device > Setup > Logging and Reporting Settings > Reset Hit Count
C.
Device > Setup > Logging and Reporting Settings > Reset Hit Count
Answers
D.
in the CLI, type command reset hitcount <POLICY-NAME>
D.
in the CLI, type command reset hitcount <POLICY-NAME>
Answers
Suggested answer: A

Question 67

Report
Export
Collapse

Given the topology, which zone type should interface E1/1 be configured with?

A.
Tap
A.
Tap
Answers
B.
Tunnel
B.
Tunnel
Answers
C.
Virtual Wire
C.
Virtual Wire
Answers
D.
Layer3
D.
Layer3
Answers
Suggested answer: A

Question 68

Report
Export
Collapse

Which interface type is part of a Layer 3 zone with a Palo Alto Networks firewall?

A.
Management
A.
Management
Answers
B.
High Availability
B.
High Availability
Answers
C.
Aggregate
C.
Aggregate
Answers
D.
Aggregation
D.
Aggregation
Answers
Suggested answer: C

Question 69

Report
Export
Collapse

Which security policy rule would be needed to match traffic that passes between the Outside zone and Inside zone, but does not match traffic that passes within the zones?

A.
intrazone
A.
intrazone
Answers
B.
interzone
B.
interzone
Answers
C.
universal
C.
universal
Answers
D.
global
D.
global
Answers
Suggested answer: B

Question 70

Report
Export
Collapse

Based on the show security policy rule would match all FTP traffic from the inside zone to the outside zone?

A.
internal-inside-dmz
A.
internal-inside-dmz
Answers
B.
engress outside
B.
engress outside
Answers
C.
inside-portal
C.
inside-portal
Answers
D.
intercone-default
D.
intercone-default
Answers
Suggested answer: B
Total 362 questions
Go to page: of 37
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms