PCNSA Exam Questions
422 real PCNSA exam questions with expert-verified answers and explanations. Page 3 of 9.
- Question #106Policy Evaluation and Management
What is an advantage for using application tags?
Application TagsSecurity PolicyContent UpdatesPolicy Automation - Question #107Configure
What are two predefined AntiSpyware profiles? (Choose two.)
Anti-Spyware ProfilesSecurity ProfilesThreat PreventionPredefined Objects - Question #108Configure
What are three methods of mapping usernames to IP addresses? (Choose three.)
User-IDIP-to-User MappingAuthentication Methods - Question #109Device Management and Services
Config logs display entries for which kind of firewall changes?
LoggingConfiguration logsFirewall managementAudit trail - Question #110Policy Evaluation and Management
A Heatmap provides an adoption rate for which three features? (Choose three.)
Feature AdoptionSecurity ServicesWildFireUser-ID - Question #111Securing Traffic
The data plane provides which two data processing features of the firewall? (Choose two.)
Firewall architectureData plane functionsPacket processingThreat prevention - Question #112Device Management and Services
In path monitoring, what is used to monitor remote network devices?
Path MonitoringPingICMPNetwork Monitoring - Question #113Manage
How often are new and modified threat signatures and modified applications signatures published?
Threat SignaturesApplication SignaturesContent UpdatesSecurity Subscriptions - Question #114Device Management and Services
The External zone type is used to pass traffic between which type of objects?
Virtual SystemsExternal ZoneMulti-VSYSInter-VSYS Communication - Question #115Configure
What is the default metric value of static routes?
Static RoutingRouting MetricNetwork ConfigurationDefault Values - Question #116Configure
The Port Mapping user mapping method can monitor which two types of environments? (Choose two.)
User-IDPort MappingTerminal ServicesVDI - Question #117Securing Traffic
Which Security profile can you apply to protect against malware such as worms and Trojans?
security profilesantivirusmalware protectionthreat prevention - Question #118Device Management and Services
Which two settings allow you to restrict access to the management interface? (Choose two )
Management InterfaceAccess ControlApp-IDContent-ID - Question #119Device Management and Services
What is a prerequisite before enabling an administrative account which relies on a local firewall user database?
Authentication profilesAdministrative accountsLocal user databaseDevice management - Question #120Policy Evaluation and Management
What can be achieved by selecting a policy target prior to pushing policy rules from Panorama?
PanoramaPolicy ManagementDevice GroupsConfiguration Push - Question #121Managing Objects
What is the correct process tor creating a custom URL category?
Custom URL CategoryGUI NavigationSecurity Objects - Question #122Securing Traffic
An administrator would like to silently drop traffic from the internet to a ftp server. Which Security policy action should the administrator select?
Security PolicyPolicy ActionsTraffic ControlSilent Drop - Question #123Policy Evaluation and Management
What is the main function of the Test Policy Match function?
Security PoliciesPolicy EvaluationTraffic MatchingTroubleshooting Tools - Question #124Managing Objects
Which objects would be useful for combining several services that are often defined together?
Service groupsPolicy objectsFirewall configurationNetwork services - Question #125Managing Objects
Which type of address object is `10.5.1.1/0.127.248.2`?
Address ObjectsWildcard MasksIP Addressing - Question #126Securing Traffic
A Security Profile can block or allow traffic at which point?
Security ProfilesTraffic ProcessingPacket FlowSecurity Policy - Question #127Securing Traffic
Which three types of authentication services can be used to authenticate user traffic flowing through the firewalls data plane? (Choose three )
User AuthenticationData Plane SecurityAuthentication ProtocolsIdentity Management - Question #128Device Management and Services
Which dynamic update type includes updated anti-spyware signatures?
Dynamic UpdatesThreat PreventionAnti-SpywareContent Updates - Question #129Securing Traffic
Which URL Filtering Profile action does not generate a log entry when a user attempts to access a URL?
URL FilteringLoggingSecurity ProfilesPolicy Actions - Question #130Policy Evaluation and Management
An administrator is reviewing another administrator s Security policy log settings. Which log setting configuration is consistent with best practices tor normal traffic?
LoggingSecurity PolicyLog ManagementBest Practices - Question #131Device Management and Services
What is considered best practice with regards to committing configuration changes?
Configuration ManagementCommit ValidationBest PracticesOperational Procedures - Question #132Securing Traffic
An administrator wants to prevent users from submitting corporate credentials in a phishing attack. Which Security profile should be applied?
URL FilteringPhishing PreventionCredential ProtectionSecurity Profiles - Question #133Securing Traffic
Which type of administrator account cannot be used to authenticate user traffic flowing through the firewall's data plane?
User AuthenticationAdministrator AccountsData PlaneManagement Plane - Question #134Managing Objects
Starting with PAN-OS version 9.1, which new type of object is supported for use within the User field of a Security policy rule?
PAN-OS 9.1Dynamic User GroupsSecurity PolicyUser-ID - Question #135Configure
How does an administrator schedule an Applications and Threats dynamic update while delaying installation of the update for a certain amount of time?
Dynamic UpdatesApplication and Threat UpdatesUpdate SchedulingConfiguration Management - Question #136Device Management and Services
Which three configuration settings are required on a Palo Alto Network firewall management interface? (Choose three.)
Management InterfaceIP AddressingNetworking FundamentalsFirewall Configuration - Question #137Policy Evaluation and Management
At which point in the App-ID update process can you determine if an existing policy rule is affected by an App-ID update?
App-IDDynamic UpdatesPolicy ManagementUpdate Impact - Question #138Securing Traffic
You receive notification about a new malware that infects hosts. An infection results in the infected host attempting to contact a command-and-control server. Which Security Profil...
Anti-Spyware ProfileCommand and Control (C2)Threat PreventionSecurity Profiles - Question #139Operate
Which statement is true regarding a Best Practice Assessment?
Best Practice Assessment (BPA)Configuration assessmentSecurity best practicesPalo Alto Networks recommendations - Question #140Policy Evaluation and Management
The PowerBall Lottery has reached an unusually high value this week. Your company has decided to raise morale by allowing employees to access the PowerBall Lottery website access a...
URL FilteringCustom URL CategoriesSecurity Policy ExceptionsPolicy Management - Question #141Policy Evaluation and Management
In a Security policy, what is the quickest way to reset all policy rule hit counters to zero?
Security PolicyRule Hit CountersGUI AdministrationPolicy Management - Question #142Policy Evaluation and Management
Based on the Security policy rules shown, SSH will be allowed on which port?
Security PolicyApplication IdentificationDefault PortsServices - Question #143Securing Traffic
You receive notification about new malware that is being used to attack hosts. The malware exploits a software bug in common application. Which Security Profile detects and blocks...
Vulnerability ProtectionSecurity ProfilesExploit PreventionInbound Traffic Security - Question #144Securing Traffic
Palo Alto Networks firewall architecture accelerates content inspection performance while minimizing latency using which two components? (Choose two.)
Firewall ArchitectureContent InspectionPerformanceSP3 - Question #145Policy Evaluation and Management
An administrator is reviewing another administrator's Security policy log settings. Which log setting configuration is consistent with best practices for normal traffic?
Security PolicyLoggingSession LoggingBest Practices - Question #146Securing Traffic
Which Security profile would you apply to identify infected hosts on the protected network using DNS traffic?
Security ProfilesAnti-SpywareDNS SecurityThreat Detection - Question #147Configure
Given the topology, which zone type should zone A and zone B to be configured with?
Firewall ZonesNetwork SegmentationPalo Alto Configuration - Question #148Configure
Assume a custom URL Category Object of "NO-FILES" has been created to identify a specific website? How can file uploading/downloading be restricted for the website while permitting...
URL FilteringSecurity PoliciesCustom URL CategoriesFile Blocking - Question #149Configure
Which URL Filtering profile action would you set to allow users the option to access a site only if they provide a URL admin password?
URL FilteringOverride ActionSecurity PolicyPalo Alto Networks - Question #150Managing Objects
How are Application Filters or Application Groups used in firewall policy?
Application FiltersApplication GroupsPolicy ObjectsDynamic Grouping - Question #151Managing Objects
Which tab would an administrator click to create an address object?
Address ObjectsGUI NavigationObjects TabFirewall Configuration - Question #152Configure
An administrator wishes to follow best practices for logging traffic that traverses the firewall. Which log setting is correct?
Logging Best PracticesSession MonitoringPolicy ConfigurationTraffic Visibility - Question #153Configure
Which two firewall components enable you to configure SYN flood protection thresholds? (Choose two.)
SYN Flood ProtectionDoS ProtectionZone ProtectionSecurity Profiles - Question #154Policy Evaluation and Management
An administrator would like to see the traffic that matches the interzone-default rule in the traffic logs. What is the correct process to enable this logging?
Traffic LoggingSecurity PolicyRule ManagementDefault Rules - Question #155Configure
The Palo Alto Networks NGFW was configured with a single virtual router named VR-1. What changes are required on VR-1 to route traffic between two interfaces on the NGFW?
Virtual RouterInterfacesRoutingNetwork Configuration