Palo Alto Networks Palo Alto Networks Certifications PCNSA Questions & Answers

• Question 201:

  Which rule type is appropriate for matching traffic occurring within a specified zone?

  A. Interzone

  B. Universal

  C. Intrazone

  D. Shadowed

  Correct Answer: C

  Reference: https://kb.wisc.edu/security/page.php?id=90963#:~:text=Intrazone%20rule%20type%20manages%20the,Intra%20and%20inter%2Dzone%20traffic

• Question 202:

  Which interface type is used to monitor traffic and cannot be used to perform traffic shaping?

  A. Layer 2

  B. Tap

  C. Layer 3

  D. Virtual Wire

  Correct Answer: B

• Question 203:

  The CFO found a USB drive in the parking lot and decide to plug it into their corporate laptop. The USB drive had malware on it that loaded onto their computer and then contacted a known command and control (CnC) server, which ordered the infected machine to begin Exfiltrating data from the laptop.

  Which security profile feature could have been used to prevent the communication with the CnC server?

  A. Create an anti-spyware profile and enable DNS Sinkhole

  B. Create an antivirus profile and enable DNS Sinkhole

  C. Create a URL filtering profile and block the DNS Sinkhole category

  D. Create a security policy and enable DNS Sinkhole

  Correct Answer: A

• Question 204:

  Based on the screenshot what is the purpose of the included groups?

  

  A. They are only groups visible based on the firewall's credentials.

  B. They are used to map usernames to group names.

  C. They contain only the users you allow to manage the firewall.

  D. They are groups that are imported from RADIUS authentication servers.

  Correct Answer: B

  Reference:

  https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/map-users-to- groups.html

• Question 205:

  Based on the graphic which statement accurately describes the output shown in the server monitoring panel?

  

  A. The User-ID agent is connected to a domain controller labeled lab-client.

  B. The host lab-client has been found by the User-ID agent.

  C. The host lab-client has been found by a domain controller.

  D. The User-ID agent is connected to the firewall labeled lab-client.

  Correct Answer: A

• Question 206:

  An administrator is troubleshooting an issue with traffic that matches the intrazone-default rule, which is set to default configuration.

  What should the administrator do?

  A. change the logging action on the rule

  B. review the System Log

  C. refresh the Traffic Log

  D. tune your Traffic Log filter to include the dates

  Correct Answer: A

• Question 207:

  What action will inform end users when their access to Internet content is being restricted?

  A. Create a custom 'URL Category' object with notifications enabled.

  B. Publish monitoring data for Security policy deny logs.

  C. Ensure that the 'site access" setting for all URL sites is set to 'alert'.

  D. Enable 'Response Pages' on the interface providing Internet access.

  Correct Answer: D

  Reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface- help/device/device-response-pages.html

• Question 208:

  At which stage of the cyber-attack lifecycle would the attacker attach an infected PDF file to an email?

  

  A. delivery

  B. command and control

  C. explotation

  D. reinsurance

  E. installation

  Correct Answer: A

• Question 209:

  A network administrator created an intrazone Security policy rule on the firewall. The source zones were set to IT. Finance, and HR. Which two types of traffic will the rule apply to? (Choose two)

  A. traffic between zone IT and zone Finance

  B. traffic between zone Finance and zone HR

  C. traffic within zone IT

  D. traffic within zone HR

  Correct Answer: CD

  Reference: https://kb.wisc.edu/security/page.php?id=90956

• Question 210:

  An administrator is trying to enforce policy on some (but not all) of the entries in an external dynamic list. What is the maximum number of entries that they can be exclude?

  A. 50

  B. 100

  C. 200

  D. 1,000

  Correct Answer: B