palo alto networks pcnsa practice test

Palo Alto Networks Certified Network Security Administrator

Last exam update: Apr 10 ,2024
Page 1 out of 37. Viewing questions 1-10 out of 369

Question 1

How frequently can WildFire updates be made available to firewalls?

  • A. every 15 minutes
  • B. every 30 minutes
  • C. every 60 minutes
  • D. every 5 minutes
Answer:

d

User Votes:
A 2 votes
50%
B 1 votes
50%
C
50%
D 5 votes
50%

Reference:
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/software-and-content-updates/dynamic-content-updates.html#:~:text=WildFire%
20signature%20updates%20are%20made,within%20a%20minute%20of%20availability
.

Discussions
vote your answer:
A
B
C
D
0 / 1000
wanderclaus
3 weeks, 2 days ago

every 5 minutes


Question 2

Which two firewall components enable you to configure SYN flood protection thresholds? (Choose two.)

  • A. QoS profile
  • B. DoS Protection profile
  • C. Zone Protection profile
  • D. DoS Protection policy
Answer:

bc

User Votes:
A
50%
B 4 votes
50%
C 3 votes
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

What must you configure to enable the firewall to access multiple Authentication Profiles to authenticate a non-local account?

  • A. authentication sequence
  • B. LDAP server profile
  • C. authentication server list
  • D. authentication list profile
Answer:

a

User Votes:
A 4 votes
50%
B 1 votes
50%
C
50%
D
50%

Reference:
https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/framemaker/pan-os/7-1/pan-os-admin.pdf page 144

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

Which option is part of the content inspection process?

  • A. Packet forwarding process
  • B. IPsec tunnel encryption
  • C. SSL Proxy re-encrypt
  • D. Packet egress process
Answer:

c

User Votes:
A
50%
B
50%
C 4 votes
50%
D
50%

Reference:
http://live.paloaltonetworks.com//t5/image/serverpage/image-id/12862i950F549C7D4E6309

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

A Security Profile can block or allow traffic at which point?

  • A. on either the data plane or the management plane
  • B. after it is matched to a Security policy rule that allows or blocks traffic
  • C. after it is matched to a Security policy rule that allows traffic
  • D. before it is matched to a Security policy rule
Answer:

c

User Votes:
A
50%
B 2 votes
50%
C 4 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

Which URL Filtering profile action would you set to allow users the option to access a site only if they provide a URL admin password?

  • A. authorization
  • B. continue
  • C. authentication
  • D. override
Answer:

d

User Votes:
A
50%
B
50%
C 1 votes
50%
D 3 votes
50%

Reference:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/url-filtering/url-filtering-concepts/url-filtering-profile-actions.html

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

With the PAN-OS 11.0 release, which tab becomes newly available within the Vulnerability security profile?

  • A. Vulnerability Exceptions
  • B. Advanced Rules
  • C. Inline Cloud Analysis
  • D. WildFire Inline ML
Answer:

a

User Votes:
A 2 votes
50%
B 1 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Palo Alto Networks firewall architecture accelerates content inspection performance while minimizing latency using which two components? (Choose two.)

  • A. Network Processing Engine
  • B. Policy Engine
  • C. Parallel Processing Hardware
  • D. Single Stream-based Engine
Answer:

cd

User Votes:
A
50%
B
50%
C 3 votes
50%
D 3 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

An administrator would like to override the default deny action for a given application, and instead would like to block the traffic.
Which security policy action causes this?

  • A. Drop
  • B. Drop, send ICMP Unreachable
  • C. Reset both
  • D. Reset server
Answer:

b

User Votes:
A 1 votes
50%
B 2 votes
50%
C 1 votes
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

An administrator is investigating a log entry for a session that is allowed and has the end reason of aged-out.
Which two fields could help in determining if this is normal? (Choose two.)

  • A. IP Protocol
  • B. Packets sent/received
  • C. Decrypted
  • D. Action
Answer:

bd

User Votes:
A 1 votes
50%
B 2 votes
50%
C 1 votes
50%
D 2 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2