Is the PCNSA practice exam free?

Yes. ExamCademy offers all 401 PCNSA practice questions for free with a registered account. No payment needed. Optional supporter features add AI explanations and spaced repetition study tools.

How accurate are the PCNSA practice questions?

All PCNSA questions are community-created and reviewed by moderators to align with Palo Alto Networks's published exam objectives. The community continuously reports and fixes issues to keep content accurate and up to date.

How should I study for the PCNSA exam?

Start by browsing practice questions to identify weak areas. Use spaced repetition (Learn Mode) to focus study time on topics you struggle with. Combine practice questions with official Palo Alto Networks documentation and hands-on experience for best results.

PCNSA Practice Exam — Free 401+ Questions

401Practice Questions

3Study Modes

FreeTo Get Started

Sort:

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

Page 1 of 17 • Questions 1-25 of 401

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

Review the screenshot below. Which statement is correct about the information it contains?

Question Image

A Highlight Unused Rules is checked.
B Tunnel Traffic has the High Risk tag applied.
C There are six Security policy rules on this firewall.
D View Rulebase as Groups is checked.

In which two Security Profiles can an action equal to the block IP feature be configured? (Choose two.)

A Antivirus
B URL Filtering
C Vulnerability Protection
D Anti-spyware

An administrator wants to enable users to access retail websites that are considered minimum risk.

Which two URL categories should be combined in a custom URL category to accomplish this goal? (Choose two.)

A e-commerce
B known-good
C shopping
D low-risk

Which two events can be found in data-filtering logs? (Choose two.)

A Specific users attempting to authenticate
B Sensitive information attempting to exit the network
C An unsuccessful attempt to establish a TLS session
D A download attempt of a blocked file type

Which situation is recorded as a system log?

A A connection with an authentication server has been dropped.
B A file that has been analyzed is potentially dangerous for the system.
C An attempt to access a spoofed website has been blocked.
D A new asset has been discovered on the network.

By default, what is the maximum number of templates that can be added to a template stack?

A 6
B 8
C 10
D 12

Which order of steps is the correct way to create a static route?

A
1. Enter the route and netmask2) Specify the outgoing interface for packets to use to go to the next hop3) Enter the IP address for the specific next hop4) Add an IPv4 or IPv6 route by name
B
1. Enter the IP address for the specific next hop2) Add an IPv4 or IPv6 route by name3) Enter the route and netmask4) Specify the outgoing interface for packets to use to go to the next hop
C
1. Enter the route and netmask2) Enter the IP address for the specific next hop3) Specify the outgoing interface for packets to use to go to the next hop4) Add an IPv4 or IPv6 route by name
D
1. Enter the IP address for the specific next hop2) Enter the route and netmask3) Add an IPv4 or IPv6 route by name4) Specify the outgoing interface for packets to use to go to the next hop

In which section of the PAN-OS GUI does an administrator configure URL Filtering profiles?

A Network
B Policies
C Objects
D Device

When is an event displayed under threat logs?

A When traffic matches a corresponding Security Profile
B When traffic matches any Security policy
C Every time a session is blocked
D Every time the firewall drops a connection

What are three ways application characteristics are used? (Choose three.)

A As a setting to define a new custom application
B As a global filter in the Application Command Center (ACC)
C As an attribute to define an application group
D As an object to define Security policies
E As an attribute to define an application filter

Which two actions are needed for an administrator to get real-time WildFire signatures? (Choose two.)

A Enable Dynamic Updates.
B Obtain a Threat Prevention subscription.
C Obtain a WildFire subscription.
D Move within the WildFire public cloud region.

Which two types of profiles are needed to create an authentication sequence? (Choose two.)

A Security profile
B Authentication profile
C Server profile
D Interface Management profile

What does rule shadowing in Security policies do?

A It shows rules with the same Source Zones and Destination Zones.
B It indicates that a broader rule matching the criteria is configured above a more specific rule.
C It indicates rules with App-ID that are not configured as port-based.
D It shows rules that are missing Security profile configurations.

Which statement applies to the Intrazone Security policy rule?

A The traffic within the same security zone will not be allowed.
B It requires a Zone Protection profile to be applied.
C It applies regardless of whether it is from the same security zone or a different one.
D It applies to all matching traffic within the specified source security zones.

Which two features implement one-to-one translation of a source IP address while allowing the source port to change? (Choose two.)

A Dynamic IP
B Dynamic IP and Port (DIPP)
C Static IP
D Dynamic IP / Port Fallback

Within an Anti-Spyware security profile, which tab is used to enable machine learning based engines?

A Signature Policies
B Signature Exceptions
C Machine Learning Policies
D Inline Cloud Analysis

The NetSec Manager asked to create a new firewall Local Administrator profile with customized privileges named New_Admin. This new administrator has to authenticate without inserting any username or password to access the WebUI.

What steps should the administrator follow to create the New_Admin Administrator profile?

A
1. Set the Authentication profile to Local.2. Select the "Use only client certificate authentication" check box.3. Set Role to Role Based.
B
1. Select the "Use only client certificate authentication" check box.2. Set Role to Dynamic.3. Issue to the Client a Certificate with Certificate Name = New Admin
C
1. Select the "Use only client certificate authentication" check box.2. Set Role to Dynamic.3. Issue to the Client a Certificate with Common Name = New_Admin
D
1. Select the "Use only client certificate authentication" check box.2. Set Role to Role Based.3. Issue to the Client a Certificate with Common Name = New Admin

By default, which action is assigned to the intrazone-default rule?

A Reset-client
B Reset-server
C Deny
D Allow

What are three advantages of user-to-group mapping? (Choose three.)

A It does not require additional objects to be configured.
B It does not require a Server profile.
C It simplifies user administration.
D It automatically adds new users to the appropriate group.
E It allows an administrator to write more granular policies.

Which two statements correctly describe how pre-rules and local device rules are viewed and modified? (Choose two.)

A Pre-rules can be modified by the local administrator or by a Panorama administrator who has switched to a local firewall.
B Pre-rules and local device rules can be modified in Panorama.
C Pre-rules can be viewed on managed firewalls.
D Pre-rules are modified in Panorama only, and local device rules are modified on local firewalls only.

Which three types of Source NAT are available to users inside a NGFW? (Choose three.)

A Static Port
B Dynamic IP and Port (DIPP)
C Dynamic IP
D Static IP and Port (SIPP)
E Static IP

What are the two main reasons a custom application is created? (Choose two.)

A To change the default categorization of an application
B To visually group similar applications
C To correctly identify an internal application in the traffic log
D To reduce unidentified traffic on a network

The administrator profile "SYS01 Admin" is configured with authentication profile "Authentication Sequence SYS01," and the authentication sequence SYS01 has a profile list with four authentication profiles:

• Auth Profile LDAP
• Auth Profile Radius
• Auth Profile Local
• Auth Profile TACACS

After a network outage, the LDAP server is no longer reachable. The RADIUS server is still reachable but has lost the "SYS01 Admin" username and password.

What is the "SYS01 Admin" login capability after the outage?

A Auth KO because RADIUS server lost user and password for SYS01 Admin
B Auth OK because of the Auth Profile TACACS
C Auth OK because of the Auth Profile Local
D Auth KO because LDAP server is not reachable

An administrator is reviewing the Security policy rules shown in the screenshot.

Why are the two fields in the Security policy EDL-Deny highlighted in red?

Question Image

A Because antivirus inspection is enabled for this policy
B Because the destination zone, address, and device are all "any"
C Because the action is Deny
D Because the Security-EDL tag has been assigned the red color

In which three places on the PAN-OS interface can the application characteristics be found? (Choose three.)

A Objects tab > Applications
B Objects tab > Application Groups
C Objects tab > Application Filters
D ACC tab > Global Filters
E Policies tab > Security

PCNSAPreview

About the PCNSA Exam

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

PCNSAPreview

About the PCNSA Exam

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25