Browse Exams Pricing

ExamsPCNSAQuestions

PCNSA Exam Questions

422 real PCNSA exam questions with expert-verified answers and explanations. Page 7 of 9.

Question #314Configure
An administrator is creating a Security policy rule and sees that the destination zone is grayed out. While creating the rule, which option was selected to cause this?
Security PolicyIntrazone PolicyPolicy ConfigurationPalo Alto Firewall
Question #315Device Management and Services
How many levels can there be in a device-group hierarchy, below the shared level?
Device GroupsPanorama HierarchyConfiguration Limits
Question #316Configure
Where in Panorama would Zone Protection profiles be configured?
PanoramaZone ProtectionTemplatesConfiguration Management
Question #317Policy Evaluation and Management
Which parameter is used to view the Security policy rulebase as groups?
Security PolicyRulebase ManagementTagsPolicy Organization
Question #318Configure
When a security rule is configured as Intrazone, which field cannot be changed?
Security PolicyIntrazoneRule ConfigurationSecurity Zones
Question #319Policy Evaluation and Management
An administrator is trying to understand which NAT policy is being matched. In what order does the firewall evaluate NAT policies?
NAT policy evaluationFirewall rulesPolicy order
Question #320Policy Evaluation and Management
Which policy set should be used to ensure that a policy is applied just before the default security rules?
Policy evaluation orderSecurity policy hierarchyDevice groupsPost-rulebase
Question #321Configure
Which rule type is appropriate for matching traffic occurring within a specified zone? How should the administrator configure the firewall to restrict users to specific email appli...
Application ControlSecurity PolicyApplication GroupTraffic Restriction
Question #322Securing Traffic
Review the screenshot below. Based on the information it contains, which protocol decoder will detect a machine-learning match, create a Threat log entry, and permit the traffic?
Threat PreventionApplication IdentificationLoggingMachine Learning Security
Question #323Configure
An interface can belong to how many Security Zones?
Security ZonesInterfacesZone configuration
Question #324Device Management and Services
What are the two types of Administrator accounts? (Choose two.)
Administrator AccountsRole-Based Access ControlAuthenticationDynamic Role Mapping
Question #325Device Management and Services
The Net Sec Manager asked to create a new Firewall Operator profile with customized privileges. In particular, the new firewall operator should be able to: Check the configuration...
Administrator RolesWeb UI PermissionsServer ProfilesAuthentication Profiles
Question #326Configure
Within the WildFire Analysis profile, which three items are configurable? (Choose three.)
WildFireSecurity ProfilesThreat Prevention
Question #327Configure
Which Security profile can be used to configure sinkhole IPs m the DNS Sinkhole settings?
Security ProfilesDNS SinkholeAnti-Spyware
Question #328Device Management and Services
Which three management interface settings must be configured for functional dynamic updates and administrative access on a Palo Alto Networks firewall? (Choose three.)
Management InterfaceInitial ConfigurationDynamic UpdatesNetwork Services
Question #329Policy Evaluation and Management
How does the Policy Optimizer policy view differ from the Security policy view?
Policy OptimizerSecurity PolicyRule ManagementGUI Features
Question #330Policy Evaluation and Management
An administrator creates a new Security policy rule to allow DNS traffic from the LAN to the DMZ zones. The administrator does not change the rule type from its default value. What...
Security PolicyRule TypesDefault SettingsFirewall Configuration
Question #331Securing Traffic
What do application filters help provide access to?
Application FiltersApplication ControlSecurity PolicyAccess Control
Question #332Managing Objects
What is the function of an application group object?
Application GroupsPolicy ObjectsApp-IDSecurity Policy
Question #333Securing Traffic
How would a Security policy need to be written to allow outbound traffic using Secure Shell (SSH) to destination ports tcp/22 and tcp/4422?
Security PolicyCustom Service ObjectsApp-IDNetwork Services
Question #334Securing Traffic
Which type of DNS signatures are used by the firewall to identify malicious and command-and- control domains?
DNS SecurityCommand and ControlThreat PreventionPalo Alto Firewall Features
Question #335Securing Traffic
Which Security policy action will message a user's browser that their web session has been terminated?
Security Policy ActionsTCP ResetSession TerminationPalo Alto Firewall Policies
Question #336Securing Traffic
In order to protect users against exploit kits that exploit a vulnerability and then automatically download malicious payloads, which Security profile should be configured?
Security ProfilesVulnerability ProtectionExploit KitsThreat Prevention
Question #337Securing Traffic
Which verdict may be assigned to a WildFire sample?
WildFireThreat PreventionSecurity VerdictsPhishing
Question #338Securing Traffic
To protect against illegal code execution, which Security profile should be applied?
Vulnerability ProtectionSecurity ProfilesExploit preventionIllegal code execution
Question #339Managing Objects
Which three types of entries can be excluded from an external dynamic list? (Choose three.)
External Dynamic ListsEDLExclusion listsAddress Objects
Question #340Device Management and Services
The Administrator profile "PCNSA Admin" is configured with an Authentication profile "Authentication Sequence PCNSA". The Authentication Sequence PCNSA has a profile list with four...
Authentication SequenceAdmin AuthenticationLocal AuthenticationExternal Authentication
Question #341Securing Traffic
By default, which action is assigned to the intrazone-default rule?
intrazone-default ruledefault security policyfirewall policysecurity zones
Question #342Managing Objects
A Panorama administrator would like to create an address object for the DNS server located in the New York City office, but does not want this object added to the other Panorama ma...
PanoramaAddress ObjectsObject ScopeDevice Groups
Question #343Policy Evaluation and Management
An administrator is troubleshooting an issue with traffic that matches the interzone-default rule, which is set to default configuration. What should the administrator do?
TroubleshootingLoggingSecurity PolicyDefault Rules
Question #344Configure
What is the default action for the SYN Flood option within the DoS Protection profile?
DoS ProtectionSYN FloodSecurity ProfilesDefault Configuration
Question #345Securing Traffic
Application groups enable access to what?
Application GroupsApp-IDSecurity PolicyTraffic Control
Question #346Policy Evaluation and Management
Where does a user assign a tag group to a policy rule in the policy creation window?
Policy creationTagsSecurity Policy UI
Question #347Policy Evaluation and Management
What is used to monitor Security policy applications and usage?
Policy OptimizerSecurity PoliciesPolicy UsageMonitoring
Question #348Operate
What is considered best practice with regards to committing configuration changes?
Configuration validationCommit best practicesChange management
Question #349Configure
Which Security profile generates an alert based on a threshold when the action is set to Alert?
DoS ProtectionSecurity ProfilesAlert Thresholds
Question #350Securing Traffic
Given the network diagram, which two statements are true about traffic between the User and Server networks? (Choose two.)
Security ZonesSecurity PolicyIntrazone TrafficDefault Rules
Question #351Managing Objects
Which setting is available to edit when a tag is created on the local firewall?
TagsObject ManagementFirewall ConfigurationGUI Features
Question #352Securing Traffic
With the PAN-OS 11.0 Nova release, which two attack options can new inline deep learning analysis engines detect and prevent? (Choose two.)
PAN-OS 11.0 NovaDeep LearningAttack PreventionInjection Attacks
Question #353Securing Traffic
Which profile must be applied to the Security policy rule to block spyware on compromised hosts from trying to phone-home or beacon out to external command-and-control (C2) servers...
Security ProfilesAnti-spywareThreat PreventionC2 Blocking
Question #354Securing Traffic
Which feature dynamically analyzes and detects malicious content by evaluating various web page details using a series of machine learning (ML) models?
URL FilteringMachine LearningThreat PreventionWeb Security
Question #355Policy Evaluation and Management
An administrator is troubleshooting an issue with Office365 and expects that this traffic traverses the firewall. When reviewing Traffic Log entries, there are no logs matching tra...
TroubleshootingTraffic LoggingSecurity PolicyDefault Rules
Question #356Managing Objects
When creating an address object, which option is available to select from the Type drop-down menu?
Address ObjectsNetwork ConfigurationSecurity Policy Objects
Question #357Configure
Ethernet 2/1 has an IP Address of 10.0.1.2 in Zone 'trust' (LAN). If both interfaces are connected to the same virtual router, which IP address information will an administrator ne...
Default RoutingStatic RoutesVirtual RouterInternet Access
Question #358Configure
Where within the URL Filtering security profile must a user configure the action to prevent credential submissions?
URL FilteringCredential Phishing PreventionSecurity ProfilesPolicy Configuration
Question #359Securing Traffic
Which Security profile must be added to Security policies to enable DNS Signatures to be checked?
Anti-Spyware ProfileDNS SignaturesSecurity ProfilesSecurity Policies
Question #360Securing Traffic
Which two Security profile actions can only be applied to DoS Protection profiles? (Choose two.)
DoS ProtectionSecurity ProfilesSYN CookiesRandom Early Drop
Question #361Configure
Where can you apply URL Filtering policy in a Security policy rule?
Security PolicyURL FilteringPolicy Rule ConfigurationActions Tab
Question #362Configure
Which interface types are assigned to IEEE 802.1Q VLANs?
VLANsInterfacesSubinterfacesNetwork Configuration
Question #363Securing Traffic
Which three factors can be used to create malware based on domain generation algorithms? (Choose three.)
MalwareDomain Generation AlgorithmsThreat IntelligenceCommand and Control

PreviousPage 7 of 9Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.