Download PCNSA EXAM 2025 QUESTIONS AND CORRECT ANSWER and more Exams Public Health in PDF only on Docsity! PCNSA EXAM 2025 QUESTIONS AND CORRECT ANSWER Which firewall plane provides configuration, logging, and reporting functions on a separate processor? - answer>>>Control plane Which two activities are part of the cyberattack lifecycle Reconnaissance stage? - answer>>>ports scans, social engineering At which cyberattack lifecycle stage does the attacker achieve "hands on keyboard" control of the target device? - answer>>>C2 Which two characteristics are common among commodity threats? - answer>>>They are pervasive, they are often used as part of an APT At which packet flow stage does the firewall detect and block pre-session reconnaissance and DoS attacks? - answer>>>Ingress Which two items are required match criteria in a Palo Alto Networks Security policy rule? - answer>>>source zone, destination zone Which type of Security policy rule is the default rule type? - answer>>>Universal Which action in a Security policy rule results in traffic being silently rejected? - answer>>>Drop NAT oversubscription is used in conjunction with which NAT translation type? - answer>>>dynamic IP and port True or false? Logging on intrazone-default and interzone-default Security policy rules is enabled by default. - answer>>>False True or false? The implementation of network segmentation and security zones can reduce your network's attack surface. - answer>>>True Which protection method can be used to mitigate single-session DoS attacks? - answer>>>packet buffer protection True or false? DoS Protection policy is applied to session traffic before a Zone Protection Profile. - answer>>>False (!) Which type of protection is provided by both a Zone Protection Profile and a DoS Protection Profile? - answer>>>Flood Which firewall configuration component is used to block access to known-bad IP addresses? - answer>>>Security policy In which three locations can you configure the firewall to use an external dynamic list (EDL)? - answer>>>Anti-spyware profile URL filtering profile Security policy In which firewall configuration component can you use an EDL of type Domain List? - answer>>>Anti- spyware profile (!) True or false? A best practice is to enable the "sinkhole" action in an Anti-Spyware Profile. - answer>>>True Which three methods does App-ID use to identify network traffic? - answer>>>Signatures protocol decoders Heuristics How would App-ID label TCP traffic when the three-way handshake completes, but not enough data is sent to identify an application? - answer>>>Insufficient-data Enable EALs True or false? You should activate your Cortex Data Lake subscription before you activate your IoT subscription. - answer>>>True True or false? All firewall platforms running PAN-OS 10.0 support enforcement of IoT Security policy. - answer>>>False Which file type can a firewall send to WildFire when the firewall does not have a WildFire subscription? - answer>>>EXE Which WildFire verdict might indicate obtrusive behavior but not a security threat? - answer>>>Grayware True or false? When a malicious file or link is detected in an email, WildFire can update antivirus signatures in the PAN-DB database. - answer>>>False Assume you have a WildFire subscription. Which file state or condition might result in a file not being analyzed by WildFire? - answer>>>file located in a JAR or RAR archive Which two types of activities does SSL/TLS decryption by the firewall help to block? - answer>>>malware introduction sensitive data exfiltration True or false? If OCSP and CRL are configured on a firewall, CRL is consulted first. - answer>>>False Which type of firewall decryption requires the administrator to import a server certificate and a private key into the firewall? - answer>>>SSL Inbound Inspection decryption True or false? The SSL forward untrust certificate should not be trusted by the client but should still be a CA certificate. - answer>>>True True or false? The firewall still can check for expired or untrusted certificates even if the SSL traffic is not being decrypted. - answer>>>True Which two items are encrypted using the firewall master key? - answer>>>private key local user passwords Which two port numbers would be used when an LDAP Server Profile is configured? - answer>>>389 636 During the external authentication process, the firewall evaluates the configuration of several objects. Which object can be optional? - answer>>>authentication sequence Which authentication method is not a local authentication method? - answer>>>local domain authentication Which four secondary authentication vendors are supported by the firewall? - answer>>>DUOv2 Okta Adaptive PingID RSA SecurID Access When you are configuring domain credential filtering, the User-ID agent should be installed on which type of Active Directory server? - answer>>>read-only domain controller Which Security Profile is designed to help mitigate unknown threats? - answer>>>WildFire Analysis True or false? The Antivirus, Anti-Spyware, and Vulnerability Protection Profiles use signatures received in content updates to detect malware in allowed traffic. - answer>>>true Sinkhole events are recorded in which log? - answer>>>Threat (!) In a Data Filtering Profile, which three types of numbers are included in the predefined patterns? - answer>>>credit card bank routing Social Security True or false? Data Filtering Profile packet captures are prohibited unless you configure a data protection password. - answer>>>true Which two actions affect all of the widgets in the Application Command Center? - answer>>>setting a global filter selecting a time range Which two firewall features display information using widgets? - answer>>>ACC Dashboard True or false? You can customize the list of logs that are aggregated into the Unified log. - answer>>>True Which three statements about the automated correlation engine are correct? - answer>>>It detects possible infected hosts. It uses correlation objects as input It outputs correlation events True or false? SNMP GET requests to a firewall return operational statistics, and SNMP SET requests update the firewall configuration. - answer>>>False Which three statements about the predefined reports are correct? - answer>>>There are more than 40 predefined reports. They are generated daily by default. They are grouped in five categories A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified byApp-ID as SuperApp_base.On a content Your company requires positive username attribution of every IP address used by wireless devices to support a new compliance requirement. You must collect IP-to-user mappings as soon as possible with minimal downtime and minimal configuration changes to the wireless devices themselves. The wireless devices are from various manufactures.Given the scenario, choose the option for sending IP-to-user mappings to the NGFW. - answer>>>syslog An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command- and-control (C2) server. Which two security profile components will detect and prevent this threat after the firewall's signature database has been updated? - answer>>>anti-spyware profile applied to outbound security policies URL filtering profile applied to outbound security policies In which stage of the Cyber-Attack Lifecycle would the attacker inject a PDF file within an email? - answer>>>Weaponization Identify the correct order to configure the PAN-OS integrated USER-ID agent. 3. add the service account to monitor the server(s) 2. define the address of the servers to be monitored on the firewall 4. commit the configuration, and verify agent connection status 1. create a service account on the Domain Controller with sufficient permissions to execute the User- ID agent - answer>>>1-3-2-4 Users from the internal zone need to be allowed to Telnet into a server in the DMZ zone.Complete the security policy to ensure only Telnet is allowed.Security Policy: Source Zone: Internal to DMZ Zone __________services, Application default, and action = Allow - answer>>>Application=Telnet On which port does SSH works? - answer>>>22 Which port does Telnet use? - answer>>>23 On which port does FTP run by default? - answer>>>21 Which license must an Administrator acquire prior to downloading Antivirus Updates for use with the firewall? - answer>>>Threat Prevention License An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Which traffic would the administrator need to monitor and block to mitigate the malicious activity? - answer>>>east-west To use Active Directory to authenticate administrators, which server profile is required in the authentication profile? - answer>>>LDAP Which interface type is used to monitor traffic and cannot be used to perform traffic shaping? - answer>>>Tap Which administrator type provides more granular options to determine what the administrator can view and modify when creating an administrator account? - answer>>>Role-based Which administrator type utilizes predefined roles for a local administrator account? - answer>>>Dynamic Which two security profile types can be attached to a security policy? - answer>>>antivirus, vulnerability (!) The CFO found a USB drive in the parking lot and decided to plug it into their corporate laptop. The USB drive had malware on it that loaded onto their computer and then contacted a known command and control (CnC) server, which ordered the infected machine to begin Exfiltrating data from the laptop.Which security profile feature could have been used to prevent the communication with the CnC server? - answer>>>Create an anti-spyware profile and enable DNS Sinkhole Which user mapping method could be used to discover user IDs in an environment with multiple Windows domain controllers? - answer>>>Active Directory monitoring What are three differences between security policies and security profiles? - answer>>>Security profiles are attached to security policies Security profiles should only be used on allowed traffic Security policies can block or allow traffic Given the image, which two options are true about the Security policy rules. - answer>>>The Allow Office Programs rule is using an Application Group In the Allow Social Networking rule, allows all of Facebooks functions Which type of security rule will match traffic between the Inside zone and Outside zone, within the Inside zone, and within the Outside zone? - answer>>>Universal Which Palo Alto Networks firewall security platform provides network security for mobile endpoints by inspecting traffic deployed as internet gateways? - answer>>>GlobalProtect Which two statements are correct regarding multiple static default routes? - answer>>>Path monitoring determines if route is useable Route with lowest metric is actively used Given the Cyber-Attack Lifecycle diagram, identify the stage in which the attacker can initiate malicious code against a targeted machine. - answer>>>Exploitation Which file is used to save the running configuration with a Palo Alto Networks firewall? - answer>>>running-config.xml Which two Palo Alto Networks security management tools provide a consolidated creation of policies, centralized management and centralized threat intelligence. - answer>>>Panorama AutoFocus Which statement is true regarding a Prevention Posture Assessment? - answer>>>It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture Which five Zero Trust concepts does a Palo Alto Networks firewall apply to achieve an integrated approach to prevent threats? - answer>>>User identification Which object cannot be segmented using virtual systems on a firewall? - answer>>>MGT interface What are the two attributes of the dedicated out-of-band network management port in Palo Alto Networks firewalls? - answer>>>Labeled MGT by default, cannot be configured as a standard traffic port True or false? To register a hardware firewall you will need the firewall's serial number. - answer>>>True In the web interface, what is signified when a text box is highlighted in red? - answer>>>The value in the text box is required. True or false? Service routes can be used to configure an in-band port to access external services. - answer>>>True Which two statements are true regarding the candidate configuration? - answer>>>It contains possible changes to the current configuration. It can be reverted to the current configuration. True or false? The running configuration consists of configuration changes in progress but not active on the firewall. - answer>>>False When committing changes to a firewall, what is the result of clicking the Preview Changes link? - answer>>>compares the candidate configuration to the running configuration True or false? The Export operations transfer configurations as XML-formatted files from the firewall. - answer>>>True When creating a custom admin role, which four types of privileges can be defined? - answer>>>Command lind WebUI REST API XML API True or false? Server Profiles define connections that the firewall can make to external servers. - answer>>>True Global user authentication is supported by which three authentication services? - answer>>>SAML RADIUS x TACACS+ True or false? Certificate-based authentication replaces all other forms of either local or external authentication - answer>>>True Which two items are supported routing protocols on a virtual router? - answer>>>OSPF, BGP Which three interface types are valid on a Palo Alto Networks firewall? - answer>>>Tap, Virtual wire, Layer 3 Which two firewall interface types can be added to a Layer3-type security zone? - answer>>>Tunnel, Loopback Which type of firewall interface enables passive monitoring of network traffic? - answer>>>Tap True or false? A Layer 3 interface can be configured as dual stack with both IPv4 and IPv6 addresses. - answer>>>True .