Browse Exams Pricing

ExamsPCNSAQuestions

PCNSA Exam Questions

422 real PCNSA exam questions with expert-verified answers and explanations. Page 2 of 9.

Question #54Policy Evaluation and Management
An internal host wants to connect to servers of the internet through using source NAT. Which policy is required to enable source NAT on the firewall?
NAT policySource NATSecurity ZonesFirewall Configuration
Question #55Securing Traffic
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?
DoS protectionSecurity profilesICMP floodDenial of Service
Question #56Policy Evaluation and Management
Which path in PAN-OS 10.0 displays the list of port-based security policy rules?
PAN-OS NavigationSecurity PoliciesPort-based RulesRule Usage
Question #57Securing Traffic
Which two components are utilized within the Single-Pass Parallel Processing architecture on a Palo Alto Networks Firewall? (Choose two.)
Single-Pass Parallel ProcessingFirewall ArchitectureApp-IDUser-ID
Question #58Device Management and Services
Which path is used to save and load a configuration with a Palo Alto Networks firewall?
Configuration managementGUI navigationDevice operationsSave/load configuration
Question #59Policy Evaluation and Management
Which action related to App-ID updates will enable a security administrator to view the existing security policy rule that matches new application signatures?
App-ID updatesSecurity policyPolicy reviewApplication identification
Question #60Policy Evaluation and Management
How do you reset the hit count on a Security policy rule?
Security PoliciesRule ManagementHit CountGUI Administration
Question #61Deploy
Given the topology, which zone type should you configure for firewall interface E1/1?
Interface typesZone configurationTap mode
Question #62Configure
Which interface type is part of a Layer 3 zone with a Palo Alto Networks firewall?
Firewall InterfacesLayer 3 ZonesAggregate InterfaceNetwork Configuration
Question #65Device Management and Services
Which firewall plane provides configuration, logging, and reporting functions on a separate processor?
firewall architecturecontrol planemanagement functions
Question #66Policy Evaluation and Management
A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_...
App-IDSecurity PolicyContent UpdatesApplication Control
Question #67Configure
How many zones can an interface be assigned with a Palo Alto Networks firewall?
ZonesInterfacesNetwork ConfigurationSecurity Zones
Question #68Device Management and Services
Which two configuration settings shown are not the default? (Choose two.)
Default SettingsServer MonitoringDevice ServicesSystem Configuration
Question #69Securing Traffic
Which data-plane processor layer of the graphic shown provides uniform matching for spyware and vulnerability exploits on a Palo Alto Networks Firewall?
Palo Alto Firewall ArchitectureData PlaneThreat PreventionSignature Matching
Question #70Securing Traffic
Which option shows the attributes that are selectable when setting up application filters?
Application FiltersApp-IDSecurity PolicyFirewall Configuration
Question #71Policy Evaluation and Management
Four configuration choices are listed, and each could be used to block access to a specific URL. If you configured each choice to block the same URL then which choice would be the...
URL FilteringPolicy PrecedenceSecurity ProfilesExternal Dynamic Lists
Question #72Securing Traffic
Which data flow direction is protected in a zero-trust firewall deployment that is not protected in a perimeter-only firewall deployment?
Zero TrustNetwork SegmentationTraffic FlowFirewall Deployment
Question #73Plan
Which definition describes the guiding principle of the zero-trust architecture?
Zero TrustSecurity PrinciplesNetwork Security Architecture
Question #74Securing Traffic
All users from the internal zone must be allowed only Telnet access to a server in the DMZ zone. Complete the two empty fields in the Security policy rules that permits only this t...
Security PolicyApplication Identification (App-ID)Service ConfigurationZone-based Security
Question #75Securing Traffic
In which profile should you configure the DNS Security feature?
DNS SecuritySecurity ProfilesAnti-Spyware ProfileThreat Prevention
Question #76Securing Traffic
Which two statements are true for the DNS Security service introduced in PAN-OS version 10.0? (Choose two.)
DNS SecurityPAN-OS 10.0Threat PreventionCloud Security Services
Question #77Configure
Which two features can be used to tag a username so that it is included in a dynamic user group? (Choose two.)
Dynamic User GroupsUser-ID TaggingXML APILog Forwarding
Question #78Securing Traffic
The CFO found a malware infected USB drive in the parking lot, which when inserted infected their corporate laptop. The malware contacted a known command- and-control server, which...
Anti-Spyware ProfileDNS SinkholeCommand and Control (C2)Malware Prevention
Question #79Device Management and Services
You must configure which firewall feature to enable a data-plane interface to submit DNS queries on behalf of the control plane?
Service routesControl planeDNSInterface configuration
Question #80Securing Traffic
Which component provides network security for mobile endpoints by inspecting traffic routed through gateways?
GlobalProtectMobile endpoint securityRemote access VPNTraffic inspection
Question #81Configure
For the firewall to use Active Directory to authenticate users, which Server Profile is required in the Authentication Profile?
Active Directory IntegrationUser AuthenticationLDAPAuthentication Profiles
Question #82Managing Objects
Which operations are allowed when working with App-ID application tags?
App-IDApplication TagsObject ManagementPolicy Configuration
Question #83Deploy
Your company occupies one floor in a single building. You have two Active Directory domain controllers on a single network. The firewall's management plane is only slightly utilize...
User-IDAgent TypesDeployment StrategyActive Directory Integration
Question #84Device Management and Services
Which type of administrative role must you assign to a firewall administrator account, if the account must include a custom set of firewall permissions?
Role-based Access ControlAdministrator accountsPermissionsUser management
Question #85Manage
Which statement is true regarding a Heatmap report?
Heatmap reportSecurity assessmentReportingBest Practices
Question #86Policy Evaluation and Management
Based on the screenshot presented, which column contains the link that when clicked, opens a window to display all applications matched to the policy rule?
Firewall UI NavigationSecurity Policy MonitoringApplication Identification
Question #87Securing Traffic
Access to which feature requires the PAN-OS Filtering license?
URL FilteringLicensingPAN-DBSubscriptions
Question #88Configure
Based on the screenshot, what is the purpose of the Included Groups?
User-IDGroup MappingIdentity-based PoliciesLDAP Integration
Question #89Operate
Based on the graphic, which statement accurately describes the output shown in the Server Monitoring panel?
User-IDServer MonitoringDomain ControllersAgent Connectivity
Question #90Securing Traffic
Which action results in the firewall blocking network traffic without notifying the sender?
Firewall ActionsSecurity PolicyDrop ActionTraffic Blocking
Question #91Securing Traffic
What do Dynamic User Groups help you to do?
Dynamic User GroupsSecurity PolicyUser-IDAutomated Remediation
Question #92Securing Traffic
Which security policy rule would be needed to match traffic that passes between the Outside zone and Inside zone, but does not match traffic that passes within the zones?
Security PolicyZonesInterzone Policy
Question #93Securing Traffic
You notice that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would you need to monitor an...
Lateral MovementEast-West TrafficNetwork SecurityThreat Mitigation
Question #94Policy Evaluation and Management
Based on the shown security policy, which Security policy rule would match all FTP traffic from the inside zone to the outside zone?
Security PolicyPolicy MatchingZonesApplication Filtering
Question #95Device Management and Services
Which plane on a Palo Alto Networks Firewall provides configuration, logging, and reporting functions on a separate processor?
Firewall ArchitectureManagement PlanePlanes of OperationDevice Administration
Question #96Policy Evaluation and Management
Which Palo Alto network security operating platform component provides consolidated policy creation and centralized management?
PanoramaCentralized ManagementPolicy ManagementPalo Alto Networks Components
Question #97Device Management and Services
Which type of firewall configuration contains in-progress configuration changes?
Firewall ConfigurationConfiguration ManagementCandidate ConfigurationPAN-OS
Question #98Policy Evaluation and Management
Which link in the web interface enables a security administrator to view the security policy rules that match new application signatures?
Security PoliciesApp-IDApplication SignaturesPolicy Review
Question #99Securing Traffic
At which stage of the cyber-attack lifecycle would the attacker attach an infected PDF file to an email?
Cyber Kill ChainAttack StagesDeliveryEmail Threats
Question #100Configure
How frequently can wildfire updates be made available to firewalls?
WildFireThreat PreventionSecurity UpdatesFirewall Configuration
Question #101Securing Traffic
Which data flow direction is protected in a zero trust firewall deployment that is not protected in a perimeter-only firewall deployment?
Zero TrustFirewall DeploymentNetwork SegmentationEast-West Traffic
Question #102Configure
Which protocol is used to map usernames to user groups when User-ID is configured?
User-IDLDAPDirectory ServicesUser Group Mapping
Question #103Device Management and Services
Which Palo Alto networks security operating platform service protects cloud-based application such as Dropbox and salesforce by monitoring permissions and shared and scanning files...
Prisma SaaSSaaS SecurityCASBData Loss Prevention
Question #104Deploy
Which three interface deployment methods can be used to block traffic flowing through the Palo Alto Networks firewall? (Choose three.)
Interface deploymentFirewall modesTraffic blocking
Question #105Securing Traffic
Which three statements describe the operation of Security policy rules and Security Profiles? (Choose three.)
Security PolicySecurity ProfilesTraffic FlowPolicy Action

PreviousPage 2 of 9Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.