Palo Alto Networks Certified Network Security Administrator v1.0 (PCNSA)

Page:    1 / 8   
Total 119 questions

Which Security Profile mitigates attacks based on packet count?

  • A. zone protection profile
  • B. URL filtering profile
  • C. antivirus profile
  • D. vulnerability profile


Answer : A

Which interface type uses virtual routers and routing protocols?

  • A. Tap
  • B. Layer3
  • C. Virtual Wire
  • D. Layer2


Answer : B

Which URL Filtering Profile action does not generate a log entry when a user attempts to access a URL?

  • A. Override
  • B. Allow
  • C. Block
  • D. Continue


Answer : B

Reference:
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/url-filtering/url-filtering-concepts/url-filtering-profile-actions

An internal host needs to connect through the firewall using source NAT to servers of the internet.
Which policy is required to enable source NAT on the firewall?

  • A. NAT policy with internal zone and internet zone specified
  • B. post-NAT policy with external source and any destination address
  • C. NAT policy with no internal or internet zone selected
  • D. pre-NAT policy with external source and any destination address


Answer : A

Which Security Profile can provide protection against ICMP floods, based on individual combinations of a packetג€™s source and destination IP addresses?

  • A. DoS protection
  • B. URL filtering
  • C. packet buffering
  • D. anti-spyware


Answer : A

Which path in PAN-OS 9.0 displays the list of port-based security policy rules?

  • A. Policies> Security> Rule Usage> No App Specified
  • B. Policies> Security> Rule Usage> Port only specified
  • C. Policies> Security> Rule Usage> Port-based Rules
  • D. Policies> Security> Rule Usage> Unused Apps


Answer : C

Which two components are utilized within the Single-Pass Parallel Processing architecture on a Palo Alto Networks Firewall? (Choose two.)

  • A. Layer-ID
  • B. User-ID
  • C. QoS-ID
  • D. App-ID


Answer : BD

Reference:
http://www.firewall.cx/networking-topics/firewalls/palo-alto-firewalls/1152-palo-alto-firewall-single-pass-parallel-processing-hardware-architecture.html

Which path is used to save and load a configuration with a Palo Alto Networks firewall?

  • A. Device>Setup>Services
  • B. Device>Setup>Management
  • C. Device>Setup>Operations
  • D. Device>Setup>Interfaces


Answer : C

DRAG DROP -
Match the network device with the correct User-ID technology.
Select and Place:




Answer :

Which action related to App-ID updates will enable a security administrator to view the existing security policy rule that matches new application signatures?

  • A. Review Policies
  • B. Review Apps
  • C. Pre-analyze
  • D. Review App Matches


Answer : A

Reference:
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/app-id/manage-new-app-ids-introduced-in-content-releases/review-new-app-id-impact-on- existing-policy-rules

How do you reset the hit count on a Security policy rule?

  • A. Select a Security policy rule, and then select Hit Count > Reset.
  • B. Reboot the data-plane.
  • C. First disable and then re-enable the rule.
  • D. Type the CLI command reset hitcount <POLICY-NAME>.


Answer : A


Given the topology, which zone type should you configure for firewall interface E1/1?

  • A. Tap
  • B. Tunnel
  • C. Virtual Wire
  • D. Layer3


Answer : A

Which interface type is part of a Layer 3 zone with a Palo Alto Networks firewall?

  • A. Management
  • B. High Availability
  • C. Aggregate
  • D. Aggregation


Answer : C

Which security policy rule would be needed to match traffic that passes between the Outside zone and Inside zone, but does not match traffic that passes within the zones?

  • A. intrazone
  • B. interzone
  • C. universal
  • D. global


Answer : B

Four configuration choices are listed, and each could be used to block access to a specific URL. If you configured each choice to block the same URL then which choice would be the last to block access to the URL?

  • A. EDL in URL Filtering Profile
  • B. Custom URL category in URL Filtering Profile
  • C. Custom URL category in Security policy rule
  • D. PAN-DB URL category in URL Filtering Profile


Answer : C

Page:    1 / 8   
Total 119 questions