Palo Alto Networks PCNSA Online Practice Questions and Exam Preparation

Palo Alto Networks PCNSA Online Questions & Answers

• Question 111:

  Which two statements apply to an Advanced Threat Prevention subscription? (Choose two.)

  A. It contains all the features already in a Threat Prevention subscription.
  B. It provides the ability to identify evasive and previously unseen command-and-control (C2) threats.
  C. When it is active, a WildFire profile is no longer needed.
  D. Due to its more advanced signatures, it provides the ability to identify new threats.
  A. It contains all the features already in a Threat Prevention subscription.
  B. It provides the ability to identify evasive and previously unseen command-and-control (C2) threats.

  ---

  Explanation/Reference:

• Question 112:

  Which rule type is appropriate for matching traffic occurring within a specified zone?

  A. Interzone
  B. Universal
  C. Intrazone
  D. Shadowed
  C. Intrazone

  ---

  Explanation/Reference:

  Reference: https://kb.wisc.edu/security/page.php?id=90963#:~:text=Intrazone%20rule%20type%20manages%20the,Intra%20and%20inter%2Dzone%20traffic

• Question 113:

  Which order of steps is the correct way to create a static route?

  A. 1) Enter the route and netmask 2) Specify the outgoing interface for packets to use to go to the next hop 3) Enter the IP address for the specific next hop 4) Add an IPv4 or IPv6 route by name
  B. 1) Enter the IP address for the specific next hop 2) Add an IPv4 or IPv6 route by name 3) Enter the route and netmask 4) Specify the outgoing interface for packets to use to go to the next hop
  C. 1) Enter the route and netmask 2) Enter the IP address for the specific next hop 3) Specify the outgoing interface for packets to use to go to the next hop 4) Add an IPv4 or IPv6 route by name
  D. 1) Enter the IP address for the specific next hop 2) Enter the route and netmask 3) Add an IPv4 or IPv6 route by name 4) Specify the outgoing interface for packets to use to go to the next hop
  C. 1) Enter the route and netmask 2) Enter the IP address for the specific next hop 3) Specify the outgoing interface for packets to use to go to the next hop 4) Add an IPv4 or IPv6 route by name

  ---

  Explanation/Reference:

  Reference: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-networking-admin/advanced-routing/create-a-static-route

• Question 114:

  Your company is highly concerned with their Intellectual property being accessed by unauthorized resources. There is a mature process to store and include metadata tags for all confidential documents.

  Which Security profile can further ensure that these documents do not exit the corporate network?

  A. File Blocking
  B. Data Filtering
  C. Anti-Spyware
  D. URL Filtering
  B. Data Filtering

  ---

  Explanation/Reference:

  https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/objects/objects- security-profiles-data-filtering

• Question 115:

  An administrator would like to use App-ID's deny action for an application and would like that action updated with dynamic updates as new content becomes available.

  Which security policy action causes this?

  A. Reset server
  B. Reset both
  C. Deny
  D. Drop
  C. Deny

  ---

  Explanation/Reference:

  Reference:

  https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall- administration/manage- configuration backups/revert-firewall-configuration- changes.html

• Question 116:

  Given the network diagram, which two statements are true about traffic between the User and Server networks? (Choose two.)

  

  A. Traffic is permitted through the default Intrazone “allow” rule.
  B. Traffic restrictions are not possible because the networks are in the same zone.
  C. Traffic is permitted through the default Interzone “allow” rule.
  D. Traffic restrictions are possible by modifying Intrazone rules.
  A. Traffic is permitted through the default Intrazone “allow” rule.
  D. Traffic restrictions are possible by modifying Intrazone rules.

  ---

  Explanation/Reference:

  https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClTHCA0andlang=es

• Question 117:

  Which two statements correctly describe how pre-rules and local device rules are viewed and modified? (Choose two.)

  A. Pre-rules can be modified by the local administrator or by a Panorama administrator who has switched to a local firewall.
  B. Pre-rules and local device rules can be modified in Panorama.
  C. Pre-rules can be viewed on managed firewalls.
  D. Pre-rules are modified in Panorama only, and local device rules are modified on local firewalls only.
  B. Pre-rules and local device rules can be modified in Panorama.
  C. Pre-rules can be viewed on managed firewalls.

  ---

  Explanation/Reference:

• Question 118:

  Palo Alto Networks firewall architecture accelerates content map minimizing latency using which two components'? (Choose two )

  A. Network Processing Engine
  B. Single Stream-based Engine
  C. Policy Engine
  D. Parallel Processing Hardware
  B. Single Stream-based Engine
  D. Parallel Processing Hardware

  ---

  Explanation/Reference:

• Question 119:

  DRAG DROP

  Place the following steps in the packet processing order of operations from first to last.

  Select and Place:

  

  

  ---

  Explanation/Reference:

  Reference: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVHCA0

• Question 120:

  An administrator is creating a Security policy rule and sees that the destination zone is grayed out. While creating the rule, which option was selected to cause this?

  A. Interzone
  B. Source zone
  C. Universal (default)
  D. Intrazone
  D. Intrazone

  ---

  Explanation/Reference:

  In Intrazone security rules, no destination zone can be specified