Browse Exams Pricing

ExamsPCNSAQuestions

PCNSA Exam Questions

422 real PCNSA exam questions with expert-verified answers and explanations. Page 5 of 9.

Question #211Securing Traffic
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this re...
Content-IDThreat PreventionMalware DomainsSecurity Engines
Question #212Configure
Which solution is a viable option to capture user identification when Active Directory is not in use?
User-IDAuthenticationCaptive PortalIdentity Management
Question #213Securing Traffic
You receive notification about a new malware that infects hosts. An infection results in the infected host attempting to contact a command-and-control server. Which Security Profil...
Security ProfilesAnti-SpywareCommand and ControlMalware Prevention
Question #214Securing Traffic
Which built-in IP address EDL would be useful for preventing traffic from IP addresses that are verified as unsafe based on WildFire analysis Unit 42 research and data gathered fro...
External Dynamic Lists (EDLs)Threat IntelligenceIP AddressesSecurity Policy
Question #215Securing Traffic
The compliance officer requests that all evasive applications need to be blocked on all perimeter firewalls out to the internet. The firewall is configured with two zones: 1. trust...
Security PolicyApp-IDApplication FilteringEvasive Applications
Question #216Configure
What must be configured before setting up Credential Phishing Prevention?
Credential Phishing PreventionUser-IDAnti-PhishingFeature Prerequisites
Question #217Policy Evaluation and Management
What allows a security administrator to preview the Security policy rules that match new application signatures?
Dynamic UpdatesSecurity PolicyApplication IdentificationPolicy Impact Analysis
Question #218Policy Evaluation and Management
Which statement best describes a common use of Policy Optimizer?
Policy OptimizerSecurity PoliciesPolicy ManagementPolicy Optimization
Question #219Policy Evaluation and Management
An address object of type IP Wildcard Mask can be referenced in which part of the configuration?
Address ObjectsWildcard MasksSecurity Policies
Question #220Managing Objects
An administrator would like to determine the default deny action for the application dns-over- https. Which action would yield the information?
Application IdentificationObject ManagementFirewall GUIApplication Details
Question #221Policy Evaluation and Management
An administrator needs to create a Security policy rule that matches DNS traffic within the LAN zone, and also needs to match DNS traffic within the DMZ zone. The administrator doe...
Security PolicyRule TypesIntrazoneZones
Question #222Device Management and Services
What are three valid ways to map an IP address to a username? (Choose three.)
User-IDIP-User MappingGlobalProtectXML API
Question #223Managing Objects
Which object would an administrator create to enable access to all applications in the office- programs subcategory?
Application FiltersApp-IDSecurity Policy ObjectsApplication Control
Question #224Securing Traffic
An administrator would like to create a URL Filtering log entry when users browse to any gambling website. What combination of Security policy and Security profile actions is corre...
URL FilteringSecurity ProfilesSecurity Policy ActionsLogging
Question #225Policy Evaluation and Management
Which statement is true regarding NAT rules?
NATRule ProcessingPolicy EvaluationFirewall Logic
Question #226Operate
After making multiple changes to the candidate configuration of a firewall, the administrator would like to start over with a candidate configuration that matches the running confi...
Configuration ManagementCandidate ConfigurationRunning ConfigurationDevice Operations
Question #227Policy Evaluation and Management
An administrator is reviewing the Security policy rules shown in the screenshot below. Which statement is correct about the information displayed?
Security PolicyRulebase ManagementGUI NavigationRule Groups
Question #228Policy Evaluation and Management
What are the two default behaviors for the intrazone-default policy? (Choose two.)
Intrazone policyDefault security policyPolicy behaviorTraffic logging
Question #229Securing Traffic
What are two valid selections within an Antivirus profile? (Choose two.)
Antivirus ProfileSecurity ProfilesThreat PreventionFirewall Configuration
Question #230Securing Traffic
An administrator wants to create a NAT policy to allow multiple source IP addresses to be translated to the same public IP address. What is the most appropriate NAT policy to achie...
NATSource NATPAT
Question #231Configure
Which action can be set in a URL Filtering Security profile to provide users temporary access to all websites in a given category using a provided password?
URL FilteringSecurity ProfilesOverrideTemporary Access
Question #232Policy Evaluation and Management
What is a function of application tags?
Application TagsSecurity PolicyPolicy Management
Question #233Securing Traffic
What are three Palo Alto Networks best practices when implementing the DNS Security Service? (Choose three.)
DNS Security ServiceBest PracticesThreat IntelligenceURL Filtering Integration
Question #234Operate
An administrator is investigating a log entry for a session that is allowed and has the end reason of aged-out. Which two fields could help in determining if this is normal? (Choos...
Log AnalysisSession ManagementTroubleshootingFirewall Logs
Question #235Managing Objects
What does an application filter help you to do?
Application FiltersApplication-IDSecurity Policy
Question #236Operate
Prior to a maintenance-window activity, the administrator would like to make a backup of only the running configuration to an external location. What command in Device > Setup > Op...
Configuration BackupDevice ManagementExport ConfigurationAdministrative Task
Question #237Securing Traffic
Your company is highly concerned with their Intellectual property being accessed by unauthorized resources. There is a mature process to store and include metadata tags for all con...
Data FilteringDLPSecurity ProfilesContent Inspection
Question #238Configure
An administrator wants to create a No-NAT rule to exempt a flow from the default NAT rule. What is the best way to do this?
NATNo-NATNAT Rule Configuration
Question #239Device Management and Services
When creating a Panorama administrator type of Device Group and Template Admin, which two things must you create first? (Choose two.)
Panorama AdministrationAdmin RolesAccess Domains
Question #240Policy Evaluation and Management
An administrator is troubleshooting traffic that should match the interzone-default rule. However, the administrator doesn't see this traffic in the traffic logs on the firewall. T...
Traffic LoggingDefault Security PoliciesTroubleshooting LogsPolicy Configuration
Question #241Configure
An administrator is configuring a NAT rule. At a minimum, which three forms of information are required? (Choose three.)
NAT configurationPalo Alto NetworksRule parametersSecurity Policy
Question #243Securing Traffic
What are three characteristics of the Palo Alto Networks DNS Security service? (Choose three.)
DNS SecurityPalo Alto Networks ServicesThreat PreventionMachine Learning
Question #244Device Management and Services
What are the requirements for using Palo Alto Networks EDL Hosting Sen/ice?
EDL Hosting ServiceExternal Dynamic ListsFirewall compatibilityPrisma Access
Question #245Policy Evaluation and Management
An administrator would like to block access to a web server, while also preserving resources and minimizing half-open sockets. What are two security policy actions the administrato...
Security PoliciesFirewall ActionsTCP ResetsResource Management
Question #246Managing Objects
An administrator would like to apply a more restrictive Security profile to traffic for file sharing applications. The administrator does not want to update the Security policy or...
Application FilterSecurity PolicyApp-IDDynamic Matching
Question #247Configure
A network administrator is required to use a dynamic routing protocol for network connectivity. Which three dynamic routing protocols are supported by the NGFW Virtual Router for t...
Dynamic RoutingVirtual RouterNGFW RoutingSupported Protocols
Question #248Operate
Which log type would be used to find commit entries for a firewall?
Firewall loggingCommit logsPalo Alto Networks logsLog types
Question #250Configure
To use Active Directory to authenticate administrators, which server profile is required in the authentication profile?
AuthenticationActive Directory IntegrationLDAPServer Profiles
Question #251Managing Objects
Which three filter columns are available when setting up an Application Filter? (Choose three.)
Application FilterApp-IDSecurity Policy Objects
Question #252Securing Traffic
A coworker found a USB labeled "confidential in the parking lot. They inserted the drive and it infected their corporate laptop with unknown malware The malware caused the laptop t...
Antivirus ProfileMalware DetectionSecurity ProfilesThreat Prevention
Question #253Operate
According to best practices, how frequently should WildFire updates he made to perimeter firewalls?
WildFireThreat PreventionSecurity UpdatesBest Practices
Question #254Securing Traffic
What are the three DNS Security categories available to control DNS traffic? (Choose three.)
DNS SecurityThreat PreventionSecurity ProfilesDomain Categories
Question #255Managing Objects
What are three valid information sources that can be used when tagging users to dynamic user groups? (Choose three.)
Dynamic User GroupsUser-IDIdentity-based PolicyIntegration
Question #256Configure
When an ethernet interface is configured with an IPv4 address, which type of zone is it a member of?
Interface typesSecurity zonesLayer 3 interfacesZone configuration
Question #257Managing Objects
How is an address object of type IP range correctly defined?
Address objectsIP rangeObject definitionPAN-OS syntax
Question #258Managing Objects
What do you configure if you want to set up a group of objects based on their ports alone?
Service GroupsPalo Alto ObjectsFirewall ConfigurationNetwork Services
Question #259Configure
What are two valid selections within a Vulnerability Protection profile? (Choose two.)
Vulnerability ProtectionSecurity ProfilesThreat PreventionConfiguration Actions
Question #260Device Management and Services
When creating an Admin Role profile, if no changes are made, which two administrative methods will you have full access to? (Choose two.)
Admin Role ProfileAdministrative MethodsDefault SettingsAccess Control
Question #261Configure
Which list of actions properly defines the order of steps needed to add a local database user account and create a new group to which this user will be assigned?
Local User DatabaseUser AccountsGUI NavigationAuthentication
Question #262Securing Traffic
An administrator wants to prevent hacking attacks through DNS queries to malicious domains. Which two DNS policy actions can the administrator choose in the Anti-Spyware Security P...
Anti-Spyware ProfileDNS SecurityThreat PreventionSecurity Policy Actions

PreviousPage 5 of 9Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.