palo alto networks pcnsa practice test

Palo Alto Networks Certified Network Security Administrator

Last exam update: May 09 ,2025
Page 1 out of 36. Viewing questions 1-10 out of 369

Question 1

What is the default action for the SYN Flood option within the DoS Protection profile?

  • A. Reset-client
  • B. Alert
  • C. Sinkhole
  • D. Random Early Drop
Answer:

d

User Votes:
A 1 votes
50%
B
50%
C 3 votes
50%
D 9 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

What is the minimum frequency for which you can configure the firewall to check for new WildFire antivirus signatures?

  • A. every 30 minutes
  • B. every 5 minutes
  • C. every 24 hours
  • D. every 1 minute
Answer:

d


Reference:
https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-new-features/wildfire-features/five-minute-wildfire-updates

User Votes:
A 1 votes
50%
B 3 votes
50%
C
50%
D 6 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

Which setting is available to edit when a tag is created on the local firewall?

  • A. Color
  • B. Location
  • C. Order
  • D. Priority
Answer:

d

User Votes:
A 5 votes
50%
B
50%
C
50%
D 3 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
Haywhy
8 months, 1 week ago

The correct answer should be color and not priority.

0

Question 4

What can be achieved by selecting a policy target prior to pushing policy rules from Panorama? *

  • A. You can specify the location as pre- or post-rules to push policy rules
  • B. You can specify the firewalls in a device group to which to push policy rules
  • C. Doing so provides audit information prior to making changes for selected policy rules
  • D. Doing so limits the templates that receive the policy rules
Answer:

a

User Votes:
A 2 votes
50%
B 4 votes
50%
C 1 votes
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
[email protected]
9 months, 1 week ago

The target allows you to select a device that the policy will be pushed to

0
Groovy9
4 months, 1 week ago

I had 5-day training course, but there's nothing about Panorama management. How could this exam have such a question?

0

Question 5

You receive notification about new malware that is being used to attack hosts. The malware exploits a software bug in common application.
Which Security Profile detects and blocks access to this threat after you update the firewall's threat signature database?

  • A. Data Filtering Profile applied to outbound Security policy rules
  • B. Antivirus Profile applied to outbound Security policy rules
  • C. Data Filtering Profile applied to inbound Security policy rules
  • D. Vulnerability Protection Profile applied to inbound Security policy rules
Answer:

b

User Votes:
A 1 votes
50%
B 5 votes
50%
C
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

What two authentication methods on the Palo Alto Networks firewalls support authentication and authorization for role-based access control (RBAC)? (Choose two.)

  • A. SAML
  • B. TACACS+
  • C. LDAP
  • D. Kerberos
Answer:

ab


Reference:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/firewall-administration/manage-firewall-administrators/administrative-authentication.html

User Votes:
A 4 votes
50%
B 4 votes
50%
C 3 votes
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

Assume a custom URL Category Object of `NO-FILES` has been created to identify a specific website.
How can file uploading/downloading be restricted for the website while permitting general browsing access to that website?

  • A. Create a Security policy with a URL Filtering profile that references the site access setting of block to NO-FILES.
  • B. Create a Security policy that references NO-FILES as a URL Category qualifier with an appropriate File Blocking profile.
  • C. Create a Security policy with a URL Filtering profile that references the site access setting of continue to NO-FILES.
  • D. Create a Security policy that references NO-FILES as a URL Category qualifier with an appropriate Data Filtering profile.
Answer:

b


Reference:
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/threat-prevention/set-up-file-blocking

User Votes:
A
50%
B 4 votes
50%
C
50%
D 3 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

What do application filters help provide access to?

  • A. Applications that are explicitly sanctioned for use within a company
  • B. Applications that are not explicitly sanctioned and that a company wants users to be able to access
  • C. Applications that are explicitly unsanctioned for use within a company
  • D. Applications that are not explicitly unsanctioned and that a company wants users to be able to access
Answer:

b

User Votes:
A 1 votes
50%
B 4 votes
50%
C
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Which Security policy action will message a user's browser that their web session has been terminated?

  • A. Reset client
  • B. Deny
  • C. Drop
  • D. Reset server
Answer:

d

User Votes:
A 2 votes
50%
B 1 votes
50%
C 2 votes
50%
D 4 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Given the image, which two options are true about the Security policy rules. (Choose two.)

  • A. The Allow Office Programs rule is using an Application Filter
  • B. In the Allow FTP to web server rule, FTP is allowed using App-ID
  • C. The Allow Office Programs rule is using an Application Group
  • D. In the Allow Social Networking rule, allows all of Facebook's functions
Answer:

bc

User Votes:
A 4 votes
50%
B 4 votes
50%
C 4 votes
50%
D 4 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
DracusWolf
4 months ago

office programs are using an application filter not a group. no app-id can be seen to be used so answer has to be A and D

0
To page 2