Palo Alto Networks PCNSA Online Practice Questions and Exam Preparation

Palo Alto Networks PCNSA Online Questions & Answers

• Question 361:

  Given the topology, which zone type should you configure for firewall interface E1/1?

  

  A. Tap
  B. Tunnel
  C. Virtual Wire
  D. Layer3
  A. Tap

• Question 362:

  What is the default action for the SYN Flood option within the DoS Protection profile?

  A. Reset-client
  B. Alert
  C. Sinkhole
  D. Random Early Drop
  D. Random Early Drop

  ---

  Explanation/Reference:

  DoS Protection Profiles and Policy Rules work together to provide protection against flooding of many incoming SYN, UDP, ICMP, and ICMPv6 packets, and other types of IP packets. You determine what thresholds constitute flooding. In general, the DoS Protection profile sets the thresholds at which the firewall generates a DoS alarm, takes action such as Random Early Drop, and drops additional incoming connections. A DoS Protection policy rule configured to protect (rather than to allow or deny packets) determines the criteria for packets to match (such as source address) in order to be counted toward the thresholds. This flexibility allows you to block certain traffic, or allow certain traffic and treat other traffic as DoS traffic. When the incoming rate exceeds your maximum threshold, the firewall blocks incoming traffic from the source address.

• Question 363:

  How often does WildFire release dynamic updates?

  A. every 5 minutes
  B. every 15 minutes
  C. every 60 minutes
  D. every 30 minutes
  A. every 5 minutes

• Question 364:

  Which action should be taken to identify threats that have been detected by using inline cloud analysis?

  A. Filter Threat logs by Type
  B. Filter Threat logs by Application
  C. Filter Threat logs by Action
  D. Filter Threat logs by Threat Category
  D. Filter Threat logs by Threat Category

  ---

  Explanation/Reference:

• Question 365:

  Which URL profiling action does not generate a log entry when a user attempts to access that URL?

  A. Override
  B. Allow
  C. Block
  D. Continue
  B. Allow

• Question 366:

  Which profile must be applied to the Security policy rule to block spyware on compromised hosts from trying to phone-home or beacon out to external command-and-control (C2) servers?

  A. Anti-spyware
  B. File blocking
  C. WildFire
  D. URL filtering
  A. Anti-spyware

  ---

  Explanation/Reference:

  https://docs.paloaltonetworks.com/network-security/security-policy/security-profiles/security-profile-anti-spyware

• Question 367:

  You receive notification about a new malware that infects hosts An infection results in the infected host attempting to contact a command-and-control server Which Security Profile when applied to outbound Security policy rules detects and prevents this threat from establishing a command-and-control connection?

  A. Antivirus Profile
  B. Data Filtering Profile
  C. Vulnerability Protection Profile
  D. Anti-Spyware Profile
  D. Anti-Spyware Profile

  ---

  Explanation/Reference:

  Anti-Spyware Security Profiles block spyware on compromised hosts from trying to communicate with external command-and-control (C2) servers, thus enabling you to detect malicious traffic leaving the network from infected clients.

• Question 368:

  What is the default action for the SYN Flood option within the DoS Protection profile?

  A. Reset-client
  B. Alert
  C. Sinkhole
  D. Random Early Drop
  D. Random Early Drop

• Question 369:

  In order to protect users against exploit kits that exploit a vulnerability and then automatically download malicious payloads, which Security profile should be configured?

  A. Anti-Spyware
  B. WildFire
  C. Vulnerability Protection
  D. Antivirus
  C. Vulnerability Protection

• Question 370:

  Which Security policy action will message a user's browser thai their web session has been terminated?

  A. Reset server
  B. Deny
  C. Drop
  D. Reset client
  B. Deny