palo alto networks pcnsa practice test
Palo Alto Networks Certified Network Security Administrator
Last exam update: Nov 23 ,2023
Question 1
What is the default action for the SYN Flood option within the DoS Protection profile?
- A. Reset-client
- B. Alert
- C. Sinkhole
- D. Random Early Drop
Answer:
d
Question 2
What is the minimum frequency for which you can configure the firewall to check for new WildFire antivirus signatures?
- A. every 30 minutes
- B. every 5 minutes
- C. every 24 hours
- D. every 1 minute
Answer:
d
Reference:
https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-new-features/wildfire-features/five-minute-wildfire-updates
Question 3
Which setting is available to edit when a tag is created on the local firewall?
- A. Color
- B. Location
- C. Order
- D. Priority
Answer:
d
Question 4
What can be achieved by selecting a policy target prior to pushing policy rules from Panorama? *
- A. You can specify the location as pre- or post-rules to push policy rules
- B. You can specify the firewalls in a device group to which to push policy rules
- C. Doing so provides audit information prior to making changes for selected policy rules
- D. Doing so limits the templates that receive the policy rules
Answer:
a
Question 5
You receive notification about new malware that is being used to attack hosts. The malware exploits a software bug in common application.
Which Security Profile detects and blocks access to this threat after you update the firewall's threat signature database?
- A. Data Filtering Profile applied to outbound Security policy rules
- B. Antivirus Profile applied to outbound Security policy rules
- C. Data Filtering Profile applied to inbound Security policy rules
- D. Vulnerability Protection Profile applied to inbound Security policy rules
Answer:
b
Question 6
What two authentication methods on the Palo Alto Networks firewalls support authentication and authorization for role-based access control (RBAC)? (Choose two.)
- A. SAML
- B. TACACS+
- C. LDAP
- D. Kerberos
Answer:
ab
Reference:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/firewall-administration/manage-firewall-administrators/administrative-authentication.html
Question 7
Assume a custom URL Category Object of `NO-FILES` has been created to identify a specific website.
How can file uploading/downloading be restricted for the website while permitting general browsing access to that website?
- A. Create a Security policy with a URL Filtering profile that references the site access setting of block to NO-FILES.
- B. Create a Security policy that references NO-FILES as a URL Category qualifier with an appropriate File Blocking profile.
- C. Create a Security policy with a URL Filtering profile that references the site access setting of continue to NO-FILES.
- D. Create a Security policy that references NO-FILES as a URL Category qualifier with an appropriate Data Filtering profile.
Answer:
b
Reference:
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/threat-prevention/set-up-file-blocking
Question 8
What do application filters help provide access to?
- A. Applications that are explicitly sanctioned for use within a company
- B. Applications that are not explicitly sanctioned and that a company wants users to be able to access
- C. Applications that are explicitly unsanctioned for use within a company
- D. Applications that are not explicitly unsanctioned and that a company wants users to be able to access
Answer:
b
Question 9
Which Security policy action will message a user's browser that their web session has been terminated?
- A. Reset client
- B. Deny
- C. Drop
- D. Reset server
Answer:
d
Question 10
Given the image, which two options are true about the Security policy rules. (Choose two.)
- A. The Allow Office Programs rule is using an Application Filter
- B. In the Allow FTP to web server rule, FTP is allowed using App-ID
- C. The Allow Office Programs rule is using an Application Group
- D. In the Allow Social Networking rule, allows all of Facebook's functions
Answer:
bc