Palo Alto Networks PCNSA Exam Practice Test Instant Access

Question 1

Which five Zero Trust concepts does a Palo Alto Networks firewall apply to achieve an integrated approach to prevent threats? (Choose five.)

AUser identification

BFiltration protection

CVulnerability protection

DAntivirus

EApplication identification

FAnti-spyware

Answer : A, C, D, E, F

Question 2

An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command-and-control (C2) server. Which two security profile components will detect and prevent this threat after the firewall's signature database has been updated? (Choose two.)

Avulnerability protection profile applied to outbound security policies

Banti-spyware profile applied to outbound security policies

Cantivirus profile applied to outbound security policies

DURL filtering profile applied to outbound security policies

Answer : B, D

References:

Question 3

Which link in the web interface enables a security administrator to view the security policy rules that match new application signatures?

AReview Apps

BReview App Matches

CPre-analyze

DReview Policies

Answer : D

Question 4

The Palo Alto Networks NGFW was configured with a single virtual router named VR-1 What changes are required on VR-1 to route traffic between two interfaces on the NGFW?

AAdd zones attached to interfaces to the virtual router

BAdd interfaces to the virtual router

CEnable the redistribution profile to redistribute connected routes

DAdd a static routes to route between the two interfaces

Answer : D

Question 5

Which action would an administrator take to ensure that a service object will be available only to the selected device group?

Acreate the service object in the specific template

Buncheck the shared option

Censure that disable override is selected

Densure that disable override is cleared

Answer : D

https://docs.paloaltonetworks.com/panorama/9-0/panorama-admin/manage-firewalls/manage-device-groups/create-objects-for-use-in-shared-or-device-group-policy

Question 6

Which administrator type utilizes predefined roles for a local administrator account?

ASuperuser

BRole-based

CDynamic

DDevice administrator

Answer : C

References:

Question 7

An address object of type IP Wildcard Mask can be referenced in which part of the configuration?

ASecurity policy rule

BACC global filter

Cexternal dynamic list

DNAT address pool

Answer : A

You can use an address object of type IP Wildcard Mask only in a Security policy rule.

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-web-interface-help/objects/objects-addresses

IP Wildcard Mask

---Enter an IP wildcard address in the format of an IPv4 address followed by a slash and a mask (which must begin with a zero); for example, 10.182.1.1/0.127.248.0. In the wildcard mask, a zero (0) bit indicates that the bit being compared must match the bit in the IP address that is covered by the 0. A one (1) bit in the mask is a wildcard bit, meaning the bit being compared need not match the bit in the IP address that is covered by the 1. Convert the IP address and the wildcard mask to binary. To illustrate the matching: on binary snippet 0011, a wildcard mask of 1010 results in four matches (0001, 0011, 1001, and 1011).

Palo Alto Networks Certified Network Security Administrator PCNSA Exam Practice Test