PCNSA
Free trial
Verified
Question 1
DRAG DROP -
Match the Palo Alto Networks Security Operating Platform architecture to its description.
Select and Place:
Question 2
Which two statements are correct about App-ID content updates? (Choose two.)
- A: Updated application content might change how Security policy rules are enforced.
- B: After an application content update, new applications must be manually classified prior to use.
- C: Existing security policy rules are not affected by application content updates.
- D: After an application content update, new applications are automatically identified and classified.
Question 3
Which type of administrator account cannot be used to authenticate user traffic flowing through the firewall's data plane?
- A: Kerberos user
- B: SAML user
- C: local database user
- D: local user
Question 4
How frequently can WildFire updates be made available to firewalls?
- A: every 15 minutes
- B: every 30 minutes
- C: every 60 minutes
- D: every 5 minutes
Question 5
Starting with PAN-OS version 9.1, which new type of object is supported for use within the User field of a Security policy rule?
- A: remote username
- B: dynamic user group
- C: static user group
- D: local username
Question 6
Which link in the web interface enables a security administrator to view the Security policy rules that match new application signatures?
- A: Review App Matches
- B: Review Apps
- C: Pre-analyze
- D: Review Policies
Question 7
Based on the shown security policy, which Security policy rule would match all FTP traffic from the inside zone to the outside zone?
- A: interzone-default
- B: internal-inside-dmz
- C: inside-portal
- D: egress-outside
Question 8
Which type of firewall configuration contains in-progress configuration changes?
- A: backup
- B: candidate
- C: running
- D: committed
Question 9
Which three configuration settings are required on a Palo Alto Network firewall management interface? (Choose three.)
- A: hostname
- B: netmask
- C: default gateway
- D: auto-negotiation
- E: IP address
Question 10
What is an advantage for using application tags?
- A: They are helpful during the creation of new zones.
- B: They help content updates automate policy updates.
- C: They help with the creation of interfaces.
- D: They help with the design of IP address allocations in DHCP.
Question 11
At which point in the App-ID update process can you determine if an existing policy rule is affected by an App-ID update?
- A: after clicking Check Now in the Dynamic Update window
- B: after committing the firewall configuration
- C: after installing the update
- D: after downloading the update
Question 12
You receive notification about a new malware that infects hosts. An infection results in the infected host attempting to contact a command-and-control server.
Which Security Profile detects and prevents this threat from establishing a command-and-control connection?
- A: Vulnerability Protection Profile applied to outbound Security policy rules.
- B: Anti-Spyware Profile applied to outbound security policies.
- C: Antivirus Profile applied to outbound Security policy rules
- D: Data Filtering Profile applied to outbound Security policy rules.
Question 13
Which User-ID mapping method should be used for an environment with users that do not authenticate to Active Directory?
- A: Windows session monitoring
- B: passive server monitoring using the Windows-based agent
- C: Captive Portal
- D: passive server monitoring using a PAN-OS integrated User-ID agent
Question 14
Which statement is true regarding a Best Practice Assessment?
- A: It runs only on firewalls.
- B: It shows how current configuration compares to Palo Alto Networks recommendations.
- C: When guided by an authorized sales engineer, it helps determine the areas of greatest risk where you should focus prevention activities.
- D: It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture.
Question 15
The PowerBall Lottery has reached an unusually high value this week. Your company has decided to raise morale by allowing employees to access the PowerBall
Lottery website (www.powerball.com) for just this week. However, the company does not want employees to access any other websites also listed in the URL filtering gambling category.
Which method allows the employees to access the PowerBall Lottery website but without unblocking access to the gambling URL category?
- A: Add just the URL www.powerball.com to a Security policy allow rule.
- B: Manually remove powerball.com from the gambling URL category.
- C: Add *.powerball.com to the URL Filtering allow list.
- D: Create a custom URL category, add *.powerball.com to it and allow it in the Security Profile.
Question 16
Which Palo Alto Networks service protects cloud-based applications such as Dropbox and Salesforce by monitoring permissions and shares and scanning files for sensitive information?
- A: Prisma SaaS
- B: AutoFocus
- C: Panorama
- D: GlobalProtect
Question 17
In a Security policy, what is the quickest way to reset all policy rule hit counters to zero?
- A: Highlight each rule and use the Reset Rule Hit Counter > Selected Rules
- B: Reboot the firewall
- C: Use the Reset Rule Hit Counter > All Rules option
- D: Use the CLI enter the command reset rules all
Question 18
Based on the Security policy rules shown, SSH will be allowed on which port?
- A: the default port
- B: only ephemeral ports
- C: any port
- D: same port as ssl and snmpv3
Question 19
You receive notification about new malware that is being used to attack hosts. The malware exploits a software bug in common application.
Which Security Profile detects and blocks access to this threat after you update the firewall's threat signature database?
- A: Data Filtering Profile applied to outbound Security policy rules
- B: Antivirus Profile applied to outbound Security policy rules
- C: Data Filtering Profile applied to inbound Security policy rules
- D: Vulnerability Protection Profile applied to inbound Security policy rules
Question 20
Palo Alto Networks firewall architecture accelerates content inspection performance while minimizing latency using which two components? (Choose two.)
- A: Network Processing Engine
- B: Policy Engine
- C: Parallel Processing Hardware
- D: Single Stream-based Engine
Question 21
Which Security profile would you apply to identify infected hosts on the protected network using DNS traffic?
- A: URL filtering
- B: vulnerability protection
- C: anti-spyware
- D: antivirus
Question 22
Given the topology, which zone type should zone A and zone B to be configured with?
- A: Layer3
- B: Ethernet
- C: Layer2
- D: Virtual Wire
Question 23
An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment?
- A: Create an Application Filter and name it Office Programs, then filter it on the business-systems category, office-programs subcategory
- B: Create an Application Group and add business-systems to it
- C: Create an Application Filter and name it Office Programs, then filter it on the business-systems category
- D: Create an Application Group and add Office 365, Evernote, Google Docs, and Libre Office
Question 24
Assume a custom URL Category Object of NO-FILES has been created to identify a specific website.
How can file uploading/downloading be restricted for the website while permitting general browsing access to that website?
- A: Create a Security policy with a URL Filtering profile that references the site access setting of block to NO-FILES.
- B: Create a Security policy that references NO-FILES as a URL Category qualifier with an appropriate File Blocking profile.
- C: Create a Security policy with a URL Filtering profile that references the site access setting of continue to NO-FILES.
- D: Create a Security policy that references NO-FILES as a URL Category qualifier with an appropriate Data Filtering profile.
Question 25
Which URL Filtering profile action would you set to allow users the option to access a site only if they provide a URL admin password?
- A: authorization
- B: continue
- C: authentication
- D: override
Free preview mode
Enjoy the free questions and consider upgrading to gain full access!