Palo Alto Networks Certified Network Security Administrator v1.0 (PCNSA)

Page:    1 / 7   
Total 98 questions

Which Security Profile mitigates attacks based on packet count?

  • A. zone protection profile
  • B. URL filtering profile
  • C. antivirus profile
  • D. vulnerability profile


Answer : A

Which interface type can use virtual routers and routing protocols?

  • A. Tap
  • B. Layer3
  • C. Virtual Wire
  • D. Layer2


Answer : B

Which URL profiling action does not generate a log entry when a user attempts to access that URL?

  • A. Override
  • B. Allow
  • C. Block
  • D. Continue


Answer : B

Reference:
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/url-filtering/url-filtering-concepts/url-filtering-profile-actions

An internal host wants to connect to servers of the internet through using source NAT.
Which policy is required to enable source NAT on the firewall?

  • A. NAT policy with source zone and destination zone specified
  • B. post-NAT policy with external source and any destination address
  • C. NAT policy with no source of destination zone selected
  • D. pre-NAT policy with external source and any destination address


Answer : A

Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?

  • A. DoS protection
  • B. URL filtering
  • C. packet buffering
  • D. anti-spyware


Answer : A

Which path in PAN-OS 9.0 displays the list of port-based security policy rules?

  • A. Policies> Security> Rule Usage> No App Specified
  • B. Policies> Security> Rule Usage> Port only specified
  • C. Policies> Security> Rule Usage> Port-based Rules
  • D. Policies> Security> Rule Usage> Unused Apps


Answer : C

Which two components are utilized within the Single-Pass Parallel Processing architecture on a Palo Alto Networks Firewall? (Choose two.)

  • A. Layer-ID
  • B. User-ID
  • C. QoS-ID
  • D. App-ID


Answer : BD

Reference:
http://www.firewall.cx/networking-topics/firewalls/palo-alto-firewalls/1152-palo-alto-firewall-single-pass-parallel-processing-hardware-architecture.html

Which path is used to save and load a configuration with a Palo Alto Networks firewall?

  • A. Device>Setup>Services
  • B. Device>Setup>Management
  • C. Device>Setup>Operations
  • D. Device>Setup>Interfaces


Answer : C

DRAG DROP -
Match the network device with the correct User-ID technology.
Select and Place:




Answer :

Which action related to App-ID updates will enable a security administrator to view the existing security policy rule that matches new application signatures?

  • A. Review Policies
  • B. Review Apps
  • C. Pre-analyze
  • D. Review App Matches


Answer : A

Reference:
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/app-id/manage-new-app-ids-introduced-in-content-releases/review-new-app-id-impact-on- existing-policy-rules

How is the hit count reset on a rule?

  • A. select a security policy rule, right click Hit Count > Reset
  • B. with a dataplane reboot
  • C. Device > Setup > Logging and Reporting Settings > Reset Hit Count
  • D. in the CLI, type command reset hitcount <POLICY-NAME>


Answer : A


Given the topology, which zone type should interface E1/1 be configured with?

  • A. Tap
  • B. Tunnel
  • C. Virtual Wire
  • D. Layer3


Answer : A

Which interface type is part of a Layer 3 zone with a Palo Alto Networks firewall?

  • A. Management
  • B. High Availability
  • C. Aggregate
  • D. Aggregation


Answer : C

Which security policy rule would be needed to match traffic that passes between the Outside zone and Inside zone, but does not match traffic that passes within the zones?

  • A. intrazone
  • B. interzone
  • C. universal
  • D. global


Answer : B

Four configuration choices are listed, and each could be used to block access to a specific URL. If you configured each choice to block the same URL then which choice would be the last to block access to the URL?

  • A. EDL in URL Filtering Profile
  • B. Custom URL category in URL Filtering Profile
  • C. Custom URL category in Security policy rule
  • D. PAN-DB URL category in URL Filtering Profile


Answer : C

Page:    1 / 7   
Total 98 questions