PCNSA Exam Questions
422 real PCNSA exam questions with expert-verified answers and explanations. Page 9 of 9.
- Question #415Securing Traffic
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)
Security Policy ConfigurationPolicy QualifiersSource Destination ConditionsPolicy Elements - Question #416Policy Evaluation and Management
Which path in PAN-OS 11.x would you follow to see how new and modified App-IDs impact a Security policy?
PAN-OS GUI NavigationApp-ID UpdatesSecurity Policy ImpactDynamic Updates - Question #417Configure
What are three configurable interface types for a data-plane ethernet interface? (Choose three.)
Interface TypesData PlaneFirewall ConfigurationNetworking Fundamentals - Question #418Managing Objects
all other sites in the same category. Which object should the administrator create to use as a match condition for the security policy
URL FilteringSecurity PolicyPolicy Objects - Question #419Securing Traffic
Files are sent to the WildFire cloud service via the WildFire Analysis Profile. How are these files used?
WildFireMalware analysisThreat preventionCloud security - Question #420Policy Evaluation and Management
Which feature enables an administrator to review the Security policy rule base for unused rules?
Policy OptimizerSecurity PolicyRule Base OptimizationUnused Rules - Question #421Configure
What is a default setting for NAT Translated Packets when the destination NAT translation is selected as Dynamic IP (with session distribution)?
NATDestination NATSession DistributionDynamic IP - Question #422Policy Evaluation and Management
Which table for NAT and NPTv6 (IPv6-to-IPv6 Network Prefix Translation) settings is available only on Panorama?
PanoramaNATCentralized ManagementPolicy Configuration - Question #423Policy Evaluation and Management
Which action can be performed when grouping rules by group tags?
Rule TaggingPolicy ManagementSecurity PoliciesRule Grouping - Question #424Securing Traffic
Which two DNS policy actions in the anti-spyware security profile can prevent hacking attacks through DNS queries to malicious domains? (Choose two.)
DNS SecurityAnti-Spyware ProfileThreat Prevention ActionsMalicious Domains - Question #425Configure
What is the best-practice approach to logging traffic that traverses the firewall?
LoggingBest PracticesSession LoggingTraffic Monitoring - Question #426Configure
In which two types of NAT can oversubscription be used? (Choose two.)
NAT TypesOversubscriptionSource NATPAT - Question #427Policy Evaluation and Management
Where in the PAN-OS GUI can an administrator monitor the rule usage for a specified period of time?
Policy Optimizerrule usage monitoringsecurity policy managementPAN-OS GUI - Question #428Configure
In order to attach an Antivirus, Anti-Spyware and Vulnerability Protection security profile to your Security Policy rules, which setting must be selected?
Security ProfilesSecurity Policy RulesAntivirusVulnerability Protection - Question #429Securing Traffic
Within a WildFire Analysis Profile, what match criteria can be defined to forward samples for analysis?
WildFire Analysis ProfileThreat PreventionSample Submission Criteria - Question #430Configure
What must first be created on the firewall for SAML authentication to be configured?
SAML authenticationAuthentication profilesFirewall configurationIdentity management - Question #431Managing Objects
Which two options does the firewall use to dynamically populate address group members? (Choose two.)
Dynamic Address GroupsTagsAddress ObjectsPolicy Objects - Question #432Managing Objects
What two actions can be taken when implementing an exception to an External Dynamic List? (Choose two.)
External Dynamic ListsEDL ExceptionsRegular ExpressionsWildcards - Question #433Policy Evaluation and Management
Which feature enables an administrator to review the Security policy rule base for unused rules?
Policy OptimizationSecurity PolicyRulebase ManagementUnused Rules - Question #434Operate
An administrator should filter NGFW traffic logs by which attribute column to determine if the entry is for the start or end of the session?
NGFW logsLog analysisSession monitoringTraffic logs - Question #435Operate
Which CLI command will help confirm if FQDN objects are resolved in the event there is a shadow rule?
CLI CommandsFQDN ResolutionTroubleshootingNetwork Objects - Question #436Configure
In the PAN-OS Web Interface, which is a session distribution method offered under NAT Translated Packet Tab to choose how the firewall assigns sessions?
NAT ConfigurationSession DistributionPAN-OS InterfaceLoad Balancing