Palo Alto Networks PCNSA Online Practice Questions and Exam Preparation

Palo Alto Networks PCNSA Online Questions & Answers

• Question 171:

  At which stage of the cyber-attack lifecycle would the attacker attach an infected PDF file to an email?

  

  A. delivery
  B. command and control
  C. explotation
  D. reinsurance
  E. installation
  A. delivery

• Question 172:

  In which stage of the Cyber-Attack Lifecycle would the attacker inject a PDF file within an email?

  A. Weaponization
  B. Reconnaissance
  C. Installation
  D. Command and Control
  E. Exploitation
  A. Weaponization

• Question 173:

  What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)

  A. Zone
  B. Service
  C. User
  D. Application
  E. Address
  A. Zone
  C. User
  E. Address

  ---

  Explanation/Reference:

• Question 174:

  What is a valid Security Zone type in PAN-OS?

  A. Management
  B. Logical
  C. Transparent
  D. Tap
  D. Tap

  ---

  Explanation/Reference:

  Typeas are Tap, Virtual Wire, Layer2, Layer3, External, or Tunnel https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/network/network-zones/building-blocks-of-security-zones

• Question 175:

  By default, which action is assigned to the intrazone-default rule?

  A. Reset-client
  B. Reset-server
  C. Deny
  D. Allow
  D. Allow

  ---

  Explanation/Reference:

• Question 176:

  Based on the screenshot presented which column contains the link that when clicked opens a window to display all applications matched to the policy rule?

  

  A. Apps Allowed
  B. Name
  C. Apps Seen
  D. Service
  C. Apps Seen

• Question 177:

  An administrator needs to create a Security policy rule that matches DNS traffic sourced from either the LAN or VPN zones, destined for the DMZ or Untrust zones.

  The administrator does not want to match traffic where the source and destination zones are LAN, and also does not want to match traffic where the source and destination zones are VPN.

  Which Security policy rule type should they use?

  A. Interzone
  B. Universal
  C. Intrazone
  D. Default
  A. Interzone

  ---

  Explanation/Reference:

• Question 178:

  How is an address object of type IP range correctly defined?

  A. 192.168.40.1-192.168.40.255
  B. 192.168.40.1-255
  C. 192.168.40.1, 192.168.40.255
  D. 192.168.40.1/24
  A. 192.168.40.1-192.168.40.255

• Question 179:

  Which two statements are true for the DNS security service introduced in PAN-OS version 10.0?

  A. It functions like PAN-DB and requires activation through the app portal.
  B. It removes the 100K limit for DNS entries for the downloaded DNS updates.
  C. It eliminates the need for dynamic DNS updates.
  D. It is automatically enabled and configured.
  B. It removes the 100K limit for DNS entries for the downloaded DNS updates.
  C. It eliminates the need for dynamic DNS updates.

  ---

  Explanation/Reference:

• Question 180:

  What two authentication methods on the Palo Alto Networks firewalls support authentication and authorization for role-based access control? (Choose two.)

  A. SAML
  B. TACACS+
  C. LDAP
  D. Kerberos
  A. SAML
  B. TACACS+

  ---

  Explanation/Reference:

  Reference:https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/firewall- administration/manage-firewall-administrators/administrative-authentication.html

  The administrative accounts are defined on an external SAML, TACACS+, or RADIUS server. The server performs both authentication and authorization. For authorization, you define Vendor-Specific Attributes (VSAs) on the TACACS+ or RADIUS server, or SAML attributes on the SAML server. PAN-OS maps the attributes to administrator roles, access domains, user groups, and virtual systems that you define on the firewall.