palo alto networks PCNSA Exam Questions
Questions for the PCNSA were updated on : Jul 20 ,2024
Page 1 out of 37. Viewing questions 1-10 out of 369
Question 1
A Panorama administrator would like to create an address object for the DNS server located in the New York City office, but does not want this object added to the other Panorama managed firewalls.
Which configuration action should the administrator take when creating the address object?
- A. Tag the address object with the New York Office tag.
- B. Ensure that Disable Override is cleared.
- C. Ensure that the Shared option is checked.
- D. Ensure that the Shared option is cleared.
Answer:
d
Question 2
Your company occupies one floor in a single building. You have two Active Directory domain controllers on a single network. The firewall's management plane is only slightly utilized.
Which User-ID agent is sufficient in your network?
- A. Windows-based agent deployed on each domain controller
- B. PAN-OS integrated agent deployed on the firewall
- C. Citrix terminal server agent deployed on the network
- D. Windows-based agent deployed on the internal network a domain member
Answer:
a
Reference:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/user-id/map-ip-addresses-to-users/configure-user-mapping-using-the-windows-user-id- agent/configure-the-windows-based-user-id-agent-for-user-mapping.html
Question 3
Review the screenshot below. Based on the information it contains, which protocol decoder will detect a machine-learning match, create a Threat log entry, and permit the traffic?
- A. smb
- B. imap
- C. ftp
- D. http2
Answer:
d
Question 4
The PowerBall Lottery has reached a high payout amount and a company has decided to help employee morale by allowing employees to check the number, but doesn't want to unblock the gambling URL category.
Which two methods will allow the employees to get to the PowerBall Lottery site without the company unlocking the gambling URL category? (Choose two.)
- A. Add all the URLs from the gambling category except powerball.com to the block list and then set the action for the gambling category to allow.
- B. Manually remove powerball.com from the gambling URL category.
- C. Add *.powerball.com to the allow list
- D. Create a custom URL category called PowerBall and add *.powerball.com to the category and set the action to allow.
Answer:
cd
Question 5
What are two valid selections within an Anti-Spyware profile? (Choose two.)
- A. Random early drop
- B. Drop
- C. Deny
- D. Default
Answer:
bd
Question 6
Which component provides network security for mobile endpoints by inspecting traffic routed through gateways?
- A. Prisma SaaS
- B. GlobalProtect
- C. AutoFocus
- D. Panorama
Answer:
a
Reference:
https://www.paloaltonetworks.com/resources/whitepapers/protecting-the-extended-perimeter-with-globalprotect-cloud-service-full
Question 7
Given the detailed log information above, what was the result of the firewall traffic inspection?
- A. It was blocked by the Vulnerability Protection profile action
- B. It was blocked by the Security policy action
- C. It was blocked by the Anti-Virus Security profile action
- D. It was blocked by the Anti-Spyware Profile action
Answer:
d
Question 8
Which statement is true regarding a Best Practice Assessment?
- A. The BPA tool can be run only on firewalls
- B. It provides a percentage of adoption for each assessment area
- C. The assessment, guided by an experienced sales engineer, helps determine the areas of greatest risk where you should focus prevention activities
- D. It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture
Answer:
b
Reference:
https://docs.paloaltonetworks.com/best-practices/8-1/data-center-best-practices/data-center-best-practice-security-policy/use-palo-alto-networks- assessment-and-review-tools
Question 9
What must be considered with regards to content updates deployed from Panorama?
- A. Content update schedulers need to be configured separately per device group.
- B. Panorama can only install up to five content versions of the same type for potential rollback scenarios.
- C. A PAN-OS upgrade resets all scheduler configurations for content updates.
- D. Panorama can only download one content update at a time for content updates of the same type.
Answer:
d
Reference:
https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/manage-licenses-and-updates/deploy-updates-to-firewalls-log-collectors-and- wildfire-appliances-using-panorama/schedule-a-content-update-using-panorama.html
Question 10
Which two Palo Alto Networks security management tools provide a consolidated creation of policies, centralized management and centralized threat intelligence.
(Choose two.)
- A. GlobalProtect
- B. Panorama
- C. Aperture
- D. AutoFocus
Answer:
bd