Palo Alto Networks PCNSA Exam Practice Test Instant Access

Question 1

What is the main function of the Test Policy Match function?

Averify that policy rules from Expedition are valid

Bconfirm that rules meet or exceed the Best Practice Assessment recommendations

Cconfirm that policy rules in the configuration are allowing/denying the correct traffic

Densure that policy rules are not shadowing other policy rules

Answer : D

Question 2

View the diagram. What is the most restrictive, yet fully functional rule, to allow general Internet and SSH traffic into both the DMZ and Untrust/lnternet zones from each of the lOT/Guest and Trust Zones?

AOption

BOption

COption

DOption

Answer : C

Question 3

Which type of security rule will match traffic between the Inside zone and Outside zone, within the Inside zone, and within the Outside zone?

Aglobal

Bintrazone

Cinterzone

Duniversal

Answer : D

References: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClomCAC

Question 4

A network administrator created an intrazone Security policy rule on the firewall. The source zones were set to IT. Finance, and HR.

Which two types of traffic will the rule apply to? (Choose two)

Atraffic between zone IT and zone Finance

Btraffic between zone Finance and zone HR

Ctraffic within zone IT

Dtraffic within zone HR

Answer : C, D

Question 5

Which operations are allowed when working with App-ID application tags?

APredefined tags may be deleted.

BPredefined tags may be augmented by custom tags.

CPredefined tags may be modified.

DPredefined tags may be updated by WildFire dynamic updates.

Answer : B

Question 6

Which license must an Administrator acquire prior to downloading Antivirus Updates for use with the firewall?

AThreat Prevention License

BThreat Implementation License

CThreat Environment License

DThreat Protection License

Answer : A

Question 7

Which interface type is used to monitor traffic and cannot be used to perform traffic shaping?

ALayer 2

BTap

CLayer 3

DVirtual Wire

Answer : B

Palo Alto Networks PCNSA Palo Alto Networks Certified Network Security Administrator Exam Practice Test