Palo Alto Networks Palo Alto Networks Certifications PCNSA Questions & Answers

• Question 411:

  What is the minimum timeframe that can be set on the firewall to check for new WildFire signatures?

  A. every 30 minutes

  B. every 5 minutes

  C. once every 24 hours

  D. every 1 minute

  Correct Answer: D

• Question 412:

  An administrator wants to create a NAT policy to allow multiple source IP addresses to be translated to the same public IP address. What is the most appropriate NAT policy to achieve this?

  A. Dynamic IP and Port

  B. Dynamic IP

  C. Static IP

  D. Destination

  Correct Answer: A

• Question 413:

  Which five Zero Trust concepts does a Palo Alto Networks firewall apply to achieve an integrated approach to prevent threats? (Choose five.)

  A. User identification

  B. Filtration protection

  C. Vulnerability protection

  D. Antivirus

  E. Application identification

  F. Anti-spyware

  Correct Answer: ACDEF

  ACDEF

• Question 414:

  An administrator would like to silently drop traffic from the internet to a ftp server.

  Which Security policy action should the administrator select?

  A. Reset-server

  B. Block

  C. Deny

  D. Drop

  Correct Answer: D

• Question 415:

  What in the minimum frequency for which you can configure the firewall too check for new wildfire antivirus signatures?

  A. every 5 minutes

  B. every 1 minute

  C. every 24 hours

  D. every 30 minutes

  Correct Answer: B

  

• Question 416:

  Which Palo Alto Networks firewall security platform provides network security for mobile endpoints by inspecting traffic deployed as internet gateways?

  A. GlobalProtect

  B. AutoFocus

  C. Aperture

  D. Panorama

  Correct Answer: A

  GlobalProtect: GlobalProtect safeguards your mobile workforce by inspecting all traffic using your next-generation firewalls deployed as internet gateways, whether at the perimeter, in the Demilitarized Zone (DMZ), or in the cloud.

• Question 417:

  How are Application Fillers or Application Groups used in firewall policy?

  A. An Application Filter is a static way of grouping applications and can be configured as a nested member of an Application Group

  B. An Application Filter is a dynamic way to group applications and can be configured as a nested member of an Application Group

  C. An Application Group is a dynamic way of grouping applications and can be configured as a nested member of an Application Group

  D. An Application Group is a static way of grouping applications and cannot be configured as a nested member of Application Group

  Correct Answer: B

• Question 418:

  Based on the screenshot what is the purpose of the group in User labelled ''it"?

  

  A. Allows users to access IT applications on all ports

  B. Allows users in group "DMZ" lo access IT applications

  C. Allows "any" users to access servers in the DMZ zone

  D. Allows users in group "it" to access IT applications

  Correct Answer: D

• Question 419:

  Given the Cyber-Attack Lifecycle diagram, identify the stage in which the attacker can initiate malicious code against a targeted machine.

  

  A. Exploitation

  B. Installation

  C. Reconnaissance

  D. Act on Objective

  Correct Answer: A

• Question 420:

  Which two statements are true for the DNS security service introduced in PAN-OS version 10.0?

  A. It functions like PAN-DB and requires activation through the app portal.

  B. It removes the 100K limit for DNS entries for the downloaded DNS updates.

  C. It eliminates the need for dynamic DNS updates.

  D. It is automatically enabled and configured.

  Correct Answer: BC