Palo Alto Networks PCNSA Online Practice Questions and Exam Preparation

Palo Alto Networks PCNSA Online Questions & Answers

• Question 101:

  An administrator would like to create a URL Filtering log entry when users browse to any gambling website. What combination of Security policy and Security profile actions is correct?

  A. Security policy = drop, Gambling category in URL profile = allow
  B. Security policy = deny. Gambling category in URL profile = block
  C. Security policy = allow, Gambling category in URL profile = alert
  D. Security policy = allow. Gambling category in URL profile = allow
  C. Security policy = allow, Gambling category in URL profile = alert

• Question 102:

  In which section of the PAN-OS GUI does an administrator configure URL Filtering profiles?

  A. Network
  B. Policies
  C. Objects
  D. Device
  C. Objects

  ---

  Explanation/Reference:

  Reference: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-web-interface-help/objects/objects-security-profiles-url-filtering

• Question 103:

  DRAG DROP Match each rule type with its example

  Select and Place:

  

  

  ---

  Explanation/Reference:

• Question 104:

  Which three interface deployment methods can be used to block traffic flowing through the Palo Alto Networks firewall? (Choose three.)

  A. Layer 2
  B. Virtual Wire
  C. Tap
  D. Layer 3
  E. HA
  B. Virtual Wire
  D. Layer 3
  E. HA

• Question 105:

  An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command-and-control (C2) server. Which two security profile components will detect and prevent this threat after the firewall's signature database has been updated? (Choose two.)

  A. vulnerability protection profile applied to outbound security policies
  B. anti-spyware profile applied to outbound security policies
  C. antivirus profile applied to outbound security policies
  D. URL filtering profile applied to outbound security policies
  B. anti-spyware profile applied to outbound security policies
  C. antivirus profile applied to outbound security policies

  ---

  Explanation/Reference:

• Question 106:

  What do dynamic user groups you to do?

  A. create a QoS policy that provides auto-remediation for anomalous user behavior and malicious activity
  B. create a policy that provides auto-sizing for anomalous user behavior and malicious activity
  C. create a policy that provides auto-remediation for anomalous user behavior and malicious activity
  D. create a dynamic list of firewall administrators
  C. create a policy that provides auto-remediation for anomalous user behavior and malicious activity

  ---

  Explanation/Reference:

  https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-new-features/user-id- features/dynamic-user-groups#:~:text=Dynamic%20user%20groups%20help%20you,activity%20while%20maintai ning%20user%20visibility.

• Question 107:

  With the PAN-OS 11.0 release, which tab becomes newly available within the Vulnerability security profile?

  A. Vulnerability Exceptions
  B. Advanced Rules
  C. Inline Cloud Analysis
  D. WildFire Inline ML
  C. Inline Cloud Analysis

  ---

  Explanation/Reference:

• Question 108:

  Which Security profile must be added to Security policies to enable DNS Signatures to be checked?

  A. URL Filtering
  B. Vulnerability Protection
  C. Anti-Spyware
  D. Antivirus
  C. Anti-Spyware

  ---

  Explanation/Reference:

• Question 109:

  Which User Credential Detection method should be applied within a URL Filtering Security profile to check for the submission of a valid corporate username and the associated password?

  A. Domain Credential
  B. IP User
  C. Group Mapping
  D. Valid Username Detected Log Severity
  C. Group Mapping

• Question 110:

  Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?

  A. DoS protection
  B. URL filtering
  C. packet buffering
  D. anti-spyware
  A. DoS protection