Scribd
Upload
18 views5 pages

PCNSA Exam g1

Uploaded by

arablichulk
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
18 views5 pages

PCNSA Exam g1

Uploaded by

arablichulk
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

PCNSA Exam - Free Questions and Answers - ITExams.com https://www.itexams.

com/exam/PCNSA

Palo Alto Networks Certified Network Security Administrator v1.0 (PCNSA)


Page: 1 / 26
Total 394 questions  
Question 1 
Which Security Profile mitigates attacks based on packet count?

A. zone protection profile


B. URL filtering profile
C. antivirus profile
D. vulnerability profile

Answer : A

Question 2 
Which interface type uses virtual routers and routing protocols?

A. Tap
B. Layer3
C. Virtual Wire
D. Layer2

Answer : B

Question 3 
Which URL Filtering Profile action does not generate a log entry when a user attempts to access a URL?

A. Override
B. Allow
C. Block
D. Continue

Answer : B

Reference:
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/url-filtering/url-filtering-concepts/url-filtering-profile-actions

Question 4 

1 of 5 1/3/2024, 10:41 AM
PCNSA Exam - Free Questions and Answers - ITExams.com https://www.itexams.com/exam/PCNSA

An internal host needs to connect through the firewall using source NAT to servers of the internet.
Which policy is required to enable source NAT on the firewall?

A. NAT policy with internal zone and internet zone specified


B. post-NAT policy with external source and any destination address
C. NAT policy with no internal or internet zone selected
D. pre-NAT policy with external source and any destination address

Answer : A

Question 5 
Which Security Profile can provide protection against ICMP floods, based on individual combinations of a packet's source and destination IP
addresses?

A. DoS protection
B. URL filtering
C. packet buffering
D. anti-spyware

Answer : A

Question 6 
Which path in PAN-OS 9.0 displays the list of port-based security policy rules?

A. Policies> Security> Rule Usage> No App Specified


B. Policies> Security> Rule Usage> Port only specified
C. Policies> Security> Rule Usage> Port-based Rules
D. Policies> Security> Rule Usage> Unused Apps

Answer : C

Question 7 
Which two components are utilized within the Single-Pass Parallel Processing architecture on a Palo Alto Networks Firewall? (Choose two.)

A. Layer-ID
B. User-ID
C. QoS-ID
D. App-ID

2 of 5 1/3/2024, 10:41 AM
PCNSA Exam - Free Questions and Answers - ITExams.com https://www.itexams.com/exam/PCNSA

Answer : BD

Reference: 8
Question
http://www.firewall.cx/networking-topics/firewalls/palo-alto-firewalls/1152-palo-alto-firewall-single-pass-parallel-processing-hardware-

architecture.html
Which path is used to save and load a configuration with a Palo Alto Networks firewall?

A. Device>Setup>Services
B. Device>Setup>Management
C. Device>Setup>Operations
D. Device>Setup>Interfaces

Answer : C

Question 9 
DRAG DROP -
Match the network device with the correct User-ID technology.
Select and Place:

3 of 5 1/3/2024, 10:41 AM
PCNSA Exam - Free Questions and Answers - ITExams.com https://www.itexams.com/exam/PCNSA

Question 10 
Which action related to App-ID updates will enable a security administrator to view the existing security policy rule that matches new application
signatures?

A.Answer
Review: Policies
B. Review Apps
C. Pre-analyze
D. Review App Matches

Answer : A

Reference:
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/app-id/manage-new-app-ids-introduced-in-content-releases/review-new-app-id-
impact-on- existing-policy-rules

Question 11 
How do you reset the hit count on a Security policy rule?

A. Select a Security policy rule, and then select Hit Count > Reset.
B. Reboot the data-plane.
C. First disable and then re-enable the rule.
D. Type the CLI command reset hitcount <POLICY-NAME>.

Answer : A

Question 12 

Given the topology, which zone type should you configure for firewall interface E1/1?

A. Tap
B. Tunnel
C. Virtual Wire
D. Layer3

4 of 5 1/3/2024, 10:41 AM
PCNSA Exam - Free Questions and Answers - ITExams.com https://www.itexams.com/exam/PCNSA

Answer : A

Question 13 
Which interface type is part of a Layer 3 zone with a Palo Alto Networks firewall?

A. Management
B. High Availability
C. Aggregate
D. Aggregation

Answer : C

Question 14 
Which security policy rule would be needed to match traffic that passes between the Outside zone and Inside zone, but does not match traffic that
passes within the zones?

A. intrazone
B. interzone
C. universal
D. global

Answer : B

Question 15 
Four configuration choices are listed, and each could be used to block access to a specific URL. If you configured each choice to block the same URL
then which choice would be the last to block access to the URL?

A. EDL in URL Filtering Profile


B. Custom URL category in URL Filtering Profile
C. Custom URL category in Security policy rule
D. PAN-DB URL category in URL Filtering Profile

Answer : C

Page: 1 / 26
Total 394 questions  Previous Page Next Page    

5 of 5 1/3/2024, 10:41 AM

You might also like