Palo Alto Networks Palo Alto Networks Certifications PCNSA Questions & Answers

• Question 271:

  

  Given the detailed log information above, what was the result of the firewall traffic inspection?

  A. It was blocked by the Anti-Virus Security profile action.

  B. It was blocked by the Anti-Spyware Profile action.

  C. It was blocked by the Vulnerability Protection profile action.

  D. It was blocked by the Security policy action.

  Correct Answer: B

• Question 272:

  What is the function of an application group object?

  A. It contains applications that you want to treat similarly in policy

  B. It groups applications dynamically based on application attributes that you define

  C. It represents specific ports and protocols for an application

  D. It identifies the purpose of a rule or configuration object and helps you better organize your rulebase

  Correct Answer: A

• Question 273:

  How would a Security policy need to be written to allow outbound traffic using Secure Shell (SSH) to destination ports tcp/22 and tcp/4422?

  A. The admin creates a custom service object named "tcp-4422" with port tcp/4422. The admin then creates a Security policy allowing application "ssh" and service "tcp-4422".

  B. The admin creates a custom service object named "tcp-4422" with port tcp/4422. The admin then creates a Security policy allowing application "ssh", service "tcp-4422", and service "application-default".

  C. The admin creates a custom service object named "tcp-4422" with port tcp/4422. The admin also creates a custom service object named "tcp-22" with port tcp/22. The admin then creates a Security policy allowing application "ssh", service "tcp-4422", and service "tcp-22".

  D. The admin creates a Security policy allowing application "ssh" and service "application-default".

  Correct Answer: C

• Question 274:

  Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?

  A. DNS Malicious signatures

  B. DNS Security signatures

  C. DNS Malware signatures

  D. DNS Block signatures

  Correct Answer: B

  Reference: https://docs.paloaltonetworks.com/advanced-threat-prevention/administration/configure-threat-prevention/use-dns-queries-to-identify-infected-hosts-on-the-network#:~:text=The%20firewall%20has%20two%20sources,use%20to% 20identify%20malicious%20domains

• Question 275:

  In order to protect users against exploit kits that exploit a vulnerability and then automatically download malicious payloads, which Security profile should be configured?

  A. Anti-Spyware

  B. WildFire

  C. Vulnerability Protection

  D. Antivirus

  Correct Answer: C

• Question 276:

  Which interface type is part of a Layer 3 zone with a Palo Alto Networks firewall?

  A. Management

  B. High Availability

  C. Aggregate

  D. Aggregation

  Correct Answer: C

• Question 277:

  

  Given the topology, which zone type should interface E1/1 be configured with?

  A. Tap

  B. Tunnel

  C. Virtual Wire

  D. Layer3

  Correct Answer: A

• Question 278:

  A network administrator is required to use a dynamic routing protocol for network connectivity.

  Which three dynamic routing protocols are supported by the NGFW Virtual Router for this purpose? (Choose three.)

  A. RIP

  B. OSPF

  C. IS-IS

  D. EIGRP

  E. BGP

  Correct Answer: ABE

• Question 279:

  Within the WildFire Analysis profile, which three items are configurable? (Choose three.)

  A. FileType

  B. Direction

  C. Service

  D. Application

  E. Objects

  Correct Answer: ABD

• Question 280:

  Which Security profile can be used to configure sinkhole IPs m the DNS Sinkhole settings?

  A. Vulnerability Protection

  B. Anti-Spyware

  C. Antivirus

  D. URL Filtering

  Correct Answer: B

  Reference: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGECA0#:~:text=Configure%20the%20DNS%20Sinkhole%20action,Spyware%22%20profile%20is%20being%20used