Palo Alto Networks PCNSA Exam Practice Test Instant Access

Question 1

Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)

AThe web session was unsuccessfully decrypted.

BThe traffic was denied by security profile.

CThe traffic was denied by URL filtering.

DThe web session was decrypted.

Answer : D

Question 2

An administrator is updating Security policy to align with best practices.

Which Policy Optimizer feature is shown in the screenshot below?

ARules without App Controls

BNew App Viewer

CRule Usage

DUnused Unused Apps

Answer : C

Question 3

Which object would an administrator create to block access to all high-risk applications?

AHIP profile

Bapplication filter

Capplication group

DVulnerability Protection profile

Answer : B

Explanation/Reference:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClKECA0

Question 4

An administrator would like to create a URL Filtering log entry when users browse to any gambling website. What combination of Security policy and Security profile actions is correct?

ASecurity policy = drop, Gambling category in URL profile = allow

BSecurity policy = deny. Gambling category in URL profile = block

CSecurity policy = allow, Gambling category in URL profile = alert

DSecurity policy = allow. Gambling category in URL profile = allow

Answer : C

Question 5

Given the cyber-attack lifecycle diagram identify the stage in which the attacker can run malicious code against a vulnerability in a targeted machine.

AExploitation

BInstallation

CReconnaissance

DAct on the Objective

Answer : A

Question 6

At which point in the app-ID update process can you determine if an existing policy rule is affected by an app-ID update?

Aafter clicking Check New in the Dynamic Update window

Bafter connecting the firewall configuration

Cafter downloading the update

Dafter installing the update

Answer : A

Question 7

Given the network diagram, traffic should be permitted for both Trusted and Guest users to access general Internet and DMZ servers using SSH. web-browsing and SSL applications

Which policy achieves the desired results?

AOption

BOption

COption

DOption

Answer : C

Palo Alto Networks PCNSA Palo Alto Networks Certified Network Security Administrator Exam Practice Test