palo alto networks pcnsa practice test
Palo Alto Networks Certified Network Security Administrator
Last exam update: Nov 30 ,2023
Question 1
How frequently can WildFire updates be made available to firewalls?
- A. every 15 minutes
- B. every 30 minutes
- C. every 60 minutes
- D. every 5 minutes
Answer:
d
Reference:
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/software-and-content-updates/dynamic-content-updates.html#:~:text=WildFire%
20signature%20updates%20are%20made,within%20a%20minute%20of%20availability
.
Question 2
Which two firewall components enable you to configure SYN flood protection thresholds? (Choose two.)
- A. QoS profile
- B. DoS Protection profile
- C. Zone Protection profile
- D. DoS Protection policy
Answer:
bc
Question 3
What must you configure to enable the firewall to access multiple Authentication Profiles to authenticate a non-local account?
- A. authentication sequence
- B. LDAP server profile
- C. authentication server list
- D. authentication list profile
Answer:
a
Reference:
https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/framemaker/pan-os/7-1/pan-os-admin.pdf page 144
Question 4
Which option is part of the content inspection process?
- A. Packet forwarding process
- B. IPsec tunnel encryption
- C. SSL Proxy re-encrypt
- D. Packet egress process
Answer:
c
Reference:
http://live.paloaltonetworks.com//t5/image/serverpage/image-id/12862i950F549C7D4E6309
Question 5
A Security Profile can block or allow traffic at which point?
- A. on either the data plane or the management plane
- B. after it is matched to a Security policy rule that allows or blocks traffic
- C. after it is matched to a Security policy rule that allows traffic
- D. before it is matched to a Security policy rule
Answer:
c
Question 6
Which URL Filtering profile action would you set to allow users the option to access a site only if they provide a URL admin password?
- A. authorization
- B. continue
- C. authentication
- D. override
Answer:
d
Reference:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/url-filtering/url-filtering-concepts/url-filtering-profile-actions.html
Question 7
With the PAN-OS 11.0 release, which tab becomes newly available within the Vulnerability security profile?
- A. Vulnerability Exceptions
- B. Advanced Rules
- C. Inline Cloud Analysis
- D. WildFire Inline ML
Answer:
a
Question 8
Palo Alto Networks firewall architecture accelerates content inspection performance while minimizing latency using which two components? (Choose two.)
- A. Network Processing Engine
- B. Policy Engine
- C. Parallel Processing Hardware
- D. Single Stream-based Engine
Answer:
cd
Question 9
An administrator would like to override the default deny action for a given application, and instead would like to block the traffic.
Which security policy action causes this?
- A. Drop
- B. Drop, send ICMP Unreachable
- C. Reset both
- D. Reset server
Answer:
b
Question 10
An administrator is investigating a log entry for a session that is allowed and has the end reason of aged-out.
Which two fields could help in determining if this is normal? (Choose two.)
- A. IP Protocol
- B. Packets sent/received
- C. Decrypted
- D. Action
Answer:
bd