Browse Exams Pricing

ExamsPCNSAQuestions

PCNSA Exam Questions

422 real PCNSA exam questions with expert-verified answers and explanations. Page 6 of 9.

Question #263Configure
An administrator is creating a NAT policy. Which combination of address and zone are used as match conditions? (Choose two.)
NAT policyMatch conditionsPre-NATSecurity zones
Question #265Device Management and Services
Which firewall feature do you need to configure to query Palo Alto Networks service updates over a data-plane interface instead of the management interface?
Service RoutesPalo Alto Networks UpdatesManagement InterfaceData Plane Interface
Question #266Device Management and Services
In order to fulfill the corporate requirement to backup the configuration of Panorama and the Panorama-managed firewalls securely, which protocol should you select when adding a ne...
Configuration ManagementSecure File TransferPanoramaSCP
Question #267Securing Traffic
All users from the internal zone must be allowed only HTTP access to a server in the DMZ zone. Complete the empty field in the Security policy using an application object to permit...
App-IDSecurity PolicyApplication ControlWeb Protocols
Question #268Securing Traffic
An administrator wants to prevent users from unintentionally accessing malicious domains where data can be exfiltrated through established connections to remote systems. From the P...
URL FilteringCommand and Control (C2)Data Exfiltration PreventionSecurity Profiles
Question #269Policy Evaluation and Management
An administrator would like to follow the best-practice approach to log the traffic that traverses the firewall. What action should they take?
LoggingSecurity PolicyBest PracticesSession Logging
Question #270Device Management and Services
Which two protocols are available on a Palo Alto Networks Firewall Interface Management Profile? (Choose two.)
Firewall ManagementInterface Management ProfileManagement ProtocolsNetwork Security
Question #271Securing Traffic
A network administrator created an intrazone Security policy rule on the firewall. The source zones were set to IT. Finance, and HR. Which two types of traffic will the rule apply...
Security PolicyZonesIntrazoneTraffic Flow
Question #272Policy Evaluation and Management
An administrator would like to override the default deny action for a given application, and instead would like to block the traffic. Which security policy action causes this?
Security PoliciesPolicy ActionsTraffic BlockingFirewall Rules
Question #273Managing Objects
Which syntax would match this?
Wildcard matchingFQDN objectsURL filtering syntax
Question #274Configure
What are two valid selections within an Anti-Spyware profile? (Choose two.)
Anti-SpywareSecurity ProfilesThreat PreventionPAN-OS Configuration
Question #275Policy Evaluation and Management
Which Security policy set should be used to ensure that a policy is applied first?
Policy OrderPanoramaRulebase HierarchyPolicy Management
Question #276Managing Objects
An administrator is trying to implement an exception to an external dynamic list manually. Some entries are shown underlined in red. What would cause this error?
External Dynamic ListsObject ManagementConfiguration ErrorsGUI Indicators
Question #277Managing Objects
What can be achieved by disabling the Share Unused Address and Service Objects with Devices setting on Panorama?
PanoramaObject ManagementConfiguration OptimizationDevice Groups
Question #278Securing Traffic
Which Security profile can be used to detect and block compromised hosts from trying to communicate with external command-and-control (C2) servers?
Security ProfilesAnti-SpywareCommand-and-Control (C2)Threat Prevention
Question #279Policy Evaluation and Management
An administrator is trying to enforce policy on some (but not all) of the entries in an external dynamic list. What is the maximum number of entries that they can be excluded?
External Dynamic ListsEDL ExclusionsSecurity PolicySystem Limits
Question #280Policy Evaluation and Management
A website is unexpectedly allowed due to miscategorization. What are two ways to resolve this issue for a proper response? (Choose two.)
URL FilteringSecurity PolicyTroubleshootingCustom URL Categories
Question #281Deploy
If the firewall interface E1/1 is connected to a SPAN or mirror port, which interface type should E1/1 be configured as?
Interface typesTap modeNetwork monitoringSPAN port
Question #282Configure
An administrator manages a network with 300 addresses that require translation. The administrator configured NAT with an address pool of 240 addresses and found that connections fr...
NATDynamic NATNAT Pool Exhaustion
Question #283Manage
The NetSec Manager asked to create a new EMEA Regional Panorama Administrator profile with customized privileges. In particular, the new EMEA Regional Panorama Administrator should...
Panorama AdministrationAdministrator ProfilesRole-Based Access Control (RBAC)Device GroupsTemplates
Question #284Managing Objects
An administrator would like to reference the same address object in Security policies on 100 Panorama managed firewalls, across 10 devices groups and five templates. Which configur...
PanoramaAddress ObjectsShared ObjectsObject Scope
Question #285Policy Evaluation and Management
Which type of policy allows an administrator to both enforce rules and take action?
Security policiesPolicy enforcementFirewall rules
Question #286Securing Traffic
With the DNS Security subscription, when will the cloud-based signature database provide users access to newly added DNS signatures?
DNS SecurityCloud-delivered securitySignature updatesThreat Prevention
Question #287Securing Traffic
Why should a company have a File Blocking profile that is attached to a Security policy?
File BlockingSecurity PolicyContent-IDData Filtering
Question #288Managing Objects
What can be used as match criteria for creating a dynamic address group?
Dynamic Address GroupsTagsAddress ObjectsSecurity Policy
Question #289Configure
In which threat profile object would you configure the DNS Security service?
DNS SecurityThreat ProfilesAnti-Spyware
Question #290Securing Traffic
An administrator would like to protect against inbound threats such as buffer overflows and illegal code execution. Which Security profile should be used?
Vulnerability protectionSecurity profilesExploit preventionInbound threat prevention
Question #291Managing Objects
An organization has some applications that are restricted for access by the Human Resources Department only, and other applications that are available for any known user in the org...
Application GroupSecurity PolicyObject ManagementApp-ID
Question #292Configure
Which two configurations does an administrator need to compare in order to see differences between the active configuration and potential changes if committed? (Choose two.)
Configuration managementRunning configurationCandidate configurationConfiguration comparison
Question #293Policy Evaluation and Management
An administrator configured a Security policy rule where the matching condition includes a single application and the action is set to deny. What deny action will the firewall perf...
Security PolicyApp-IDDeny ActionPolicy Enforcement
Question #294Securing Traffic
If users from the Trusted zone need to allow traffic to an SFTP server in the DMZ zone, how should a Security policy with App-ID be configured?
Security PolicyApp-IDZone-Based PolicySFTP
Question #295Securing Traffic
An administrator configured a Security policy rule with an Antivirus Security profile. The administrator did not change the action for the profile. If a virus gets detected, how wi...
Antivirus Security ProfileThreat PreventionSecurity Policy ConfigurationDefault Actions
Question #296Configure
An administrator needs to allow users to use only certain email applications. How should the administrator configure the firewall to restrict users to specific email applications?
Application ControlApplication GroupsSecurity PoliciesGranular Application Filtering
Question #297Securing Traffic
DNS exceptions can be set under which Security profile?
DNS exceptionsAnti-SpywareSecurity ProfilesThreat Prevention
Question #298Operate
An administrator is troubleshooting an issue with an accounts payable application. Which log setting could be temporarily configured to improve visibility?
LoggingTroubleshootingSession Logging
Question #299Securing Traffic
By default, which action is assigned to the interzone-default rule?
Default Security PolicySecurity ZonesInterzone TrafficFirewall Rules
Question #300Device Management and Services
What is the maximum volume of concurrent administrative account sessions?
Administrative SessionsConcurrent SessionsDevice ManagementSystem Limits
Question #301Policy Evaluation and Management
An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
Policy OptimizerSecurity PolicyApp-IDBest Practices
Question #302Managing Objects
Where within the firewall GUI can all existing tags be viewed?
TagsGUI NavigationObjects Management
Question #303Securing Traffic
What is the Anti-Spyware Security profile default action?
Anti-SpywareSecurity ProfilesDefault ActionsThreat Prevention
Question #304Securing Traffic
To enable DNS sinkholing, which two addresses should be reserved? (Choose two.)
DNS SinkholingSecurity ProfilesIPv4IPv6
Question #305Device Management and Services
A NetSec manager was asked to create a new firewall administrator profile with customized privileges. The new firewall administrator must be able to download TSF File and Starts Du...
Admin RolesRole-Based Access ControlOperational PrivilegesDevice Administration
Question #306Configure
What must exist in order for the firewall to route traffic between Layer 3 interfaces?
Virtual RouterLayer 3 RoutingNetwork Interfaces
Question #307Device Management and Services
Which path in PAN-OS 10.2 is used to schedule a content update to managed devices using Panorama?
PanoramaContent UpdatesSchedulingDevice Management
Question #308Managing Objects
In which threat profile object would you configure the DNS Security service?
DNS SecurityThreat ProfilesAnti-Spyware ProfileSecurity Services
Question #309Policy Evaluation and Management
Which rule type is appropriate for matching traffic occurring within a specified zone?
Firewall policiesSecurity rulesIntrazone trafficTraffic types
Question #310Policy Evaluation and Management
Which two matching criteria are used when creating a Security policy involving NAT? (Choose two.)
Security PolicyNATPolicy MatchingTraffic Flow
Question #311Policy Evaluation and Management
If a universal security rule was created for source zones A & B and destination zones A & B, to which traffic would the rule apply?
Security RulesZonesPolicy ScopeTraffic Matching
Question #312Securing Traffic
Which interface type requires no routing or switching but applies Security or NAT policy rules before passing allowed traffic?
Interface TypesVirtual WireSecurity PolicyNAT Policy
Question #313Configure
What is a valid Security Zone type in PAN-OS?
Security ZonesPAN-OSZone TypesNetwork Configuration

PreviousPage 6 of 9Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.