Browse Exams Pricing

ExamsPCNSAQuestions

PCNSA Exam Questions

422 real PCNSA exam questions with expert-verified answers and explanations. Page 1 of 9.

Question #1Configure
Actions can be set for which two items in a URL filtering security profile? (Choose two.)
URL FilteringSecurity ProfilesPAN-DB URL CategoriesCustom URL Categories
Question #2Policy Evaluation and Management
Which two statements are correct about App-ID content updates? (Choose two.)
App-IDContent UpdatesSecurity PolicyApplication Identification
Question #3Configure
Which User-ID mapping method should be used for an environment with clients that do not authenticate to Windows Active Directory?
User-IDCaptive PortalAuthentication Methods
Question #4Configure
An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environm...
App-IDApplication FilterSecurity PolicyDynamic Environment
Question #5Manage
Which statement is true regarding a Best Practice Assessment?
Best Practice AssessmentBPASecurity PostureReporting
Question #6Policy Evaluation and Management
Employees are shown an application block page when they try to access YouTube. Which security policy is blocking the YouTube application?
Security PolicyPolicy EvaluationDefault DenyInterzone Traffic
Question #7Securing Traffic
Choose the option that correctly completes this statement. A Security Profile can block or allow traffic ____________.
Security ProfilesSecurity PolicyTraffic FlowPacket Processing
Question #8Configure
When creating a Source NAT policy, which entry in the Translated Packet tab will display the options Dynamic IP and Port, Dynamic, Static IP, and None?
Source NATNAT ConfigurationPalo Alto FirewallTranslation Type
Question #9Deploy
Which interface does not require a MAC or IP address?
Interface modesVirtual WireNetwork deployment
Question #10Policy Evaluation and Management
A company moved its old port-based firewall to a new Palo Alto Networks NGFW 60 days ago. Which utility should the company use to identify out-of-date or unused rules on the firewa...
Policy managementRule optimizationHit countFirewall rules
Question #11Policy Evaluation and Management
What are two differences between an implicit dependency and an explicit dependency in App-ID? (Choose two.)
App-IDApplication DependenciesSecurity Policy
Question #12Policy Evaluation and Management
Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping. What is the quickest way to reset the hit count...
Security PoliciesRule Hit CountersPolicy ManagementFirewall Monitoring
Question #13Securing Traffic
Which two App-ID applications will need to be allowed to use Facebook-chat? (Choose two.)
App-IDSecurity PoliciesApplication IdentificationFacebook
Question #14Deploy
Which User-ID agent would be appropriate in a network with multiple WAN links, limited network bandwidth, and limited firewall management plane resources?
User-IDUser-ID agentsDeploymentResource constraints
Question #15Device Management and Services
Your company requires positive username attribution of every IP address used by wireless devices to support a new compliance requirement. You must collect IP-to-user mappings as so...
User-IDSyslog IntegrationWireless Network SecurityIdentity Mapping
Question #16Securing Traffic
An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command-and-control (C2...
Security ProfilesMalware PreventionAnti-SpywareAntivirus
Question #17Plan
In which stage of the Cyber-Attack Lifecycle would the attacker inject a PDF file within an email?
Cyber-Attack LifecycleKill ChainWeaponizationMalware delivery
Question #18Configure
Identify the correct order to configure the PAN-OS integrated USER-ID agent. 3. add the service account to monitor the server(s) 2. define the address of the servers to be monitore...
User-IDConfiguration OrderActive Directory IntegrationUser Mapping
Question #19Securing Traffic
Users from the internal zone need to be allowed to Telnet into a server in the DMZ zone. Complete the security policy to ensure only Telnet is allowed. Security Policy: Source Zone...
Security PolicyApplication-IDTraffic FilteringPolicy Configuration
Question #20Policy Evaluation and Management
Based on the security policy rules shown, ssh will be allowed on which port?
SSHDefault PortsSecurity Policy RulesNetwork Protocols
Question #21Device Management and Services
Which license must an Administrator acquire prior to downloading Antivirus Updates for use with the firewall?
LicensingThreat PreventionAntivirus SignaturesSecurity Subscriptions
Question #22Securing Traffic
An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the admi...
East-West TrafficLateral MovementNetwork SegmentationTraffic Monitoring
Question #23Configure
Given the topology, which zone type should zone A and zone B to be configured with?
Zone TypesInterface ConfigurationSecurity ZonesNetwork Segmentation
Question #24Deploy
Which interface type is used to monitor traffic and cannot be used to perform traffic shaping?
Palo Alto Networks InterfacesTap ModeTraffic MonitoringInterface Capabilities
Question #25Device Management and Services
Which administrator type provides more granular options to determine what the administrator can view and modify when creating an administrator account?
Administrator accountsRole-based access controlGranular permissionsUser management
Question #26Device Management and Services
Which administrator type utilizes predefined roles for a local administrator account?
Administrator typesLocal accountsPredefined rolesPAN-OS administration
Question #27Configure
Which two security profile types can be attached to a security policy? (Choose two.)
Security PoliciesSecurity ProfilesAntivirusVulnerability Protection
Question #28Configure
Which user mapping method could be used to discover user IDs in an environment with multiple Windows domain controllers?
User-IDUser MappingDomain Controller MonitoringActive Directory
Question #29Policy Evaluation and Management
Given the image, which two options are true about the Security policy rules. (Choose two.)
Security Policy RulesApp-IDApplication FiltersApplication Groups
Question #30Securing Traffic
Which type of security rule will match traffic between the Inside zone and Outside zone, within the Inside zone, and within the Outside zone?
Security RulesRule TypesZonesTraffic Matching
Question #31Securing Traffic
Which Palo Alto Networks firewall security platform provides network security for mobile endpoints by inspecting traffic deployed as internet gateways?
GlobalProtectMobile Endpoint SecurityRemote Access VPNSecurity Platforms
Question #32Configure
Which two statements are correct regarding multiple static default routes when they are configured as shown in the image? (Choose two.)
Static RoutesDefault RoutesRouting MetricsPath Monitoring
Question #33Securing Traffic
Given the Cyber-Attack Lifecycle diagram, identify the stage in which the attacker can run malicious code against a targeted machine.
Cyber Attack LifecycleExploitation PhaseThreat PreventionAttack Stages
Question #34Device Management and Services
Which file is used to save the running configuration with a Palo Alto Networks firewall?
Configuration ManagementRunning ConfigurationFile ManagementDevice Operations
Question #35Policy Evaluation and Management
In the example security policy shown, which two websites would be blocked? (Choose two.)
Security PolicyApplication ControlTraffic BlockingPolicy Evaluation
Question #36Device Management and Services
Which Palo Alto Networks component provides consolidated policy creation and centralized management?
PanoramaCentralized ManagementPolicy ManagementPalo Alto Networks Components
Question #37Plan
Which statement is true regarding a Prevention Posture Assessment?
Security AssessmentPrevention PostureRisk PreventionGap Analysis
Question #38Securing Traffic
Which five Zero Trust concepts does a Palo Alto Networks firewall apply to achieve an integrated approach to prevent threats? (Choose five.)
Zero TrustThreat PreventionNext-Gen FirewallSecurity Features
Question #42Policy Evaluation and Management
The PowerBall Lottery has reached a high payout amount and a company has decided to help employee morale by allowing employees to check the number, but doesn't want to unblock the...
URL FilteringCustom URL CategoriesSecurity PolicyPolicy Exceptions
Question #43Manage
Which service protects cloud-based applications such as Dropbox and Salesforce by administering permissions and scanning files for sensitive information?
Cloud SecurityCASBApertureSaaS Security
Question #44Securing Traffic
An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact and command-and-control (...
Antivirus ProfileSecurity PoliciesCommand and Control (C2)Threat Prevention
Question #45Device Management and Services
Which update option is not available to administrators?
Dynamic UpdatesThreat PreventionApp-IDURL Filtering
Question #46Securing Traffic
A server-admin in the USERS-zone requires SSH-access to all possible servers in all current and future Public Cloud environments. All other required connections have already been e...
Security PoliciesZone-Based FilteringSSHPublic Cloud Access
Question #47Securing Traffic
How often does WildFire release dynamic updates?
WildFireDynamic UpdatesThreat Prevention
Question #48Configure
What is the minimum timeframe that can be set on the firewall to check for new WildFire signatures?
WildFire updatesSignature refresh rateSecurity profilesFirewall configuration
Question #49Deploy
A network has 10 domain controllers, multiple WAN links, and a network infrastructure with bandwidth needed to support mission-critical applications. Given the scenario, which type...
User-IDDeployment Best PracticesUser-ID AgentDomain Controller Integration
Question #50Device Management and Services
What must you configure to enable the firewall to access multiple Authentication Profiles to authenticate a non-local account?
AuthenticationAuthentication SequenceDevice ManagementExternal Authentication
Question #51Securing Traffic
Which prevention technique will prevent attacks based on packet count?
Zone ProtectionDoS PreventionFlood ProtectionSecurity Profiles
Question #52Configure
Which interface type can use virtual routers and routing protocols?
Interface TypesVirtual RoutersRouting ProtocolsLayer 3
Question #53Securing Traffic
Which URL profiling action does not generate a log entry when a user attempts to access that URL?
URL FilteringSecurity ProfilesLoggingPolicy Actions

Page 1 of 9Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.